Federal IT managers can learn what questions they should ask vendors of DNSSEC hardware and software solutions, at a special workshop at the FOSE conference and expo on July 20.

National Institute of Standards and Technology computer scientist Scott Rose will share a list of questions just prior to the lunch break during workshop, after which participants are encouraged to visit the DNSSEC pavilion on the Expo floor to see demonstrations and learn more about available solutions.

Executives from Secure64, Microsoft, Afilias, Infoblox, F5 Network, Nominum and Internet Systems Corporation will take part in the final panel of the workshop, allowing IT managers to hear from and question them about DNSSEC deployment solutions that they offer.

The workshop requires an additional $35 registration fee in addition to regular FOSE registration. It takes place from 10 AM to 4 PM on Wednesday, July 20. Attendees also will be able to hear from senior White House and federal agency officials, as well as executives from agencies, registrars and companies implementing DNSSEC.

Federal information security managers will have the chance to hear hands-on experiences and lessons learned in deploying the domain name system security extensions—from public and private-sector executives–at a special FOSE workshop on July 20.

A special workshop, “The deployment diaries: DNSSEC in U.S. Federal Systems and Beyond” will be featured at the FOSE conference and exposition on Wednesday, July 20, 2011.

Speaking on Where does DNSSEC stand in .gov? A Status Update will be these federal officials:

•Lee Ellis, General Services Administration
•Earl Crane, Department of Homeland Security
•Sean Donelon, Department of Homeland Security
•Scott Rose, National Institute of Standards and Technology

Speaking on Private Sector Deployment in .com, .net, .org and beyond will be:

•Rodney Joffe, Neustar
•Matt Larson, VeriSign
•Simon McCalla, Nominet
•Lance Wolak, Public Interest Registry

Other workshop speakers will include representatives from the White House, and from companies such as Comcast, Verisign, Secure64, Microsoft, Afilias, Infoblox, F5 Network, Nominum and Internet Systems Corporation. The FOSE expo will include a special DNSSEC pavilion where participants can see and learn about DNSSEC hardware and software solutions.

Two senior federal officials will kick off a special July 20 workshop on DNSSEC deployment by providing a view of how securing the DNS fits into federal cyber security requirements.

W. Douglas Maughan, Cyber Security Division Director, Science and Technology Directorate, U.S. Department of Homeland Security, and White House National Security Director for Federal Information Security Policy Andy Ozment will open the session with an overview of DHS efforts to support cooperative global efforts to secure the DNS, as well as those across the US federal agency system.

In 2011, more than half of U.S. federal agencies have not yet deployed the domain name system security extensions (DNSSEC) mandated by OMB and FISMA. In the meantime, private-sector and international deployment continues in other domains around the world. The session will assess progress, identify lessons learned and offer new solutions and models for successful deployment, with an emphasis on solutions.

Participants will learn:

-Where their agencies stand compared to the rest of the .gov domains

-How DNSSEC fits into current cybersecurity priorities for the U.S. government

-Successful deployment models in the public and private sectors, from other domains, ISPs, registrars and more

-New apps, APIs, tools and products to help with federal deployment

Speakers will include representatives from such federal agencies as GSA, NIST and DHS, and from companies such as Comcast, Verisign, Secure64, Microsoft, Afilias, Infoblox, F5 Network, Nominum and Internet Systems Corporation. The FOSE expo will include a special DNSSEC pavilion where participants can see and learn about DNSSEC hardware and software solutions.

The workshop requires an additional $35 registration fee in addition to regular FOSE registration. It takes place from 10 AM to 4 PM on Wednesday, July 20.

Initiative partner Steve Crocker has been named chair of the board of directors of ICANN, the Internet Corporation for Assigned Names and Numbers.  Crocker was part of the team that developed the protocols for the Arpanet and laid the foundation for today’s Internet. In the video below, he discusses the ICANN agenda with CEO Rod Beckstrom:

DNSSEC is now “enabled by default in the current canary and dev channels of Chrome and is on schedule to go stable with Chrome 14,” reports the Imperial Violet blog, which also includes instructions on set up and information for site operators.

ICANN 41 is underway in Singapore, and two sessions will highlight DNSSEC basics and deployment progress at the meeting this week:

• Today, “DNSSEC for Everybody” invited all particpants–no technical experience necessary–for a beginners’ session on deployment. Speakers from ISC, Nominet and VeriSign explained DNSSEC basic and core concepts and share real-world examples and a sample deployment.
• Wednesday, the DNSSEC Workshop will look at worldwide deployment, challenges for registrars, domain name transfers, and deployment outcomes. Reports from deployment efforts in Australia, Germany, Japan, Malaysia, New Zealand, Singapore and  Thailand. Links for remote participation are included for this session, with audio, chat room and scribe feed options for low bandwidth and audiocast and virtual meeting rommoptions for high bandwidth.

Links to presentations are included at each workshop link, above.

The DNSSEC Deployment Coordination Initiative will sponsor a day-long workshop at the FOSE Conference and Expo for federal, state and local government information technology professionals on Wednesday, July 20.

“The deployment diaries: DNSSEC in U.S. federal systems and beyond” will assess progress, identify lessons learned and offer new solutions and models for successful deployment, with an emphasis on solutions. Participants will learn:

• Where their agencies stand compared to the rest of the .gov domain
• How DNSSEC fits into current cybersecurity priorities for the U.S. government
• Successful deployment models in the public and private sectors, from other domains, ISPs, registrars and more
• New apps, APIs, tools and products to help with federal deployment

Speakers include executives from federal agencies, including GSA, NIST, and Homeland Security; nonprofits such as the Internet Systems Consortium and the Public Interest Registry, .org; and companies including Afilias, Comcast, F5 Networks, Infoblox, Microsoft, Neustar, Nominet, Nominum, Secure64, Sparta, VeriSign, and more.

An extra $35 fee is required for workshop registration. Break refreshments will be provided, and attendees will learn what to ask vendors about DNSSEC deployment solutions, as well as lesson learned directly from federal and private-sector deployment. DNSSEC suppliers will be featured at the FOSE Expo. Go here to register for FOSE at a 20 percent discount. Be sure to add the DNSSEC workshop as an “add-on” to your registration.

Five leading Internet security have written a whitepaper detailing their concern that an intellectual property bill under consideration in the U.S. Senate would undermine the efficacy of DNSSEC through its mandates for domain name system filtering.

Steve Crocker of Shinkuro; David Dagon of Georgia Tech; Dan Kaminsky of DKH; Danny McPherson of Verisign; and Paul Vixie of the Internet Systems Consortium co-authored the whitepaper to detail their concerns about the Senate bill 978, the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (“PROTECT IP Act”).  The authors note that the legislation’s requirements are in conflict with current DNSSEC deployment efforts:

The U.S. Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies. If implemented, this section of the PROTECT IP Act would weaken this important effort to improve Internet security. It would enshrine and institutionalize the very network manipulation that DNSSEC must fight in order to prevent cyberattacks and other malevolent behavior on the global Internet, thereby exposing networks and users to increased security and privacy risks

By deploying DNSSEC in the .com top-level domain last Thursday, VeriSign–the TLD’s operator–gave more than 80 million registered domains access to improved domain name security.  “DNSSEC finally goes mainstream,” read one headline in coverage of the move.

The .com top-level domain joins more than 25 other TLDs–including .gov, .edu, .org and .net –since the root was signed last July, providing DNSSEC protection at the top of the hierarchy.

Noting that most respondents think DNSSEC adoption is inevitable, a survey was released just before the .com signing by Internet Identity and the Online Trust Alliance, suggesting more education needs to be done.  The survey “found that half of the respondents either hadn’t heard of DNSSEC or expressed limited familiarity with it. Those who do understand the technology believe key obstacles including lack of training/implementation services, slow ISP resolver rollout and limited client-aware applications will lead to a two to five year adoption period.”

ICANN CEO Rod Beckstrom opened the organization’s 40th meeting in Silicon Valley citing DNSSEC as a major theme in his keynote presentation (119KB PDF). Following are his DNSSEC-related remarks:

Perhaps our most significant security achievement is the ongoing implementation of DNSSEC. With strong community support, it is being vigorously deployed around the world, at a pace that exceeds our most optimistic projections.

We encourage companies to deploy DNSSEC on their DNS infrastructure – in effect, to turn DNSSEC validation “on” and sign their company’s domain names.

In less than a year since the root was signed, today we have 76 top-level domains signed and in a few weeks, .COM – with almost 100 million domains names – will also be signed.

With the root zone signed, the number of domains using DNSSEC will accelerate. Large ISPs such as Comcast are deploying DNSSEC to provide additional security for their customers, and major equipment vendors such as Cisco are looking at building it into their products. This is a major win.

And finally, DNSSEC could help secure more than just domain names – perhaps email, web sites, identities, communications and programs – bringing seamless and trustworthy communication across organizational and national borders.

For those of you who may not be fully familiar with DNSSEC, there will be a session for newcomers today at four o’clock.

The Latin American and Caribbean TLD Association has set a target of 50 percent signed TLDs in Latin America by the end of this year. “2011 will be the year of DNSSEC for LAC TLD,” according to its general manager.

We want to hear that commitment echoed around the world.