The Asia Pacific Top-Level Domain Association will include a DNSSEC workshop in its next members’ meeting in Colombo, Sri Lanka, June 27-28.  Also included will be workshops on IPV6, DNS operations and protecting your systems against security threats.  Go here to see the DNSSEC workshop training syllabus.

With a strong DNSSEC focus in its sessions, including today’s DNSSEC workshop, the ICANN Brussels meeting is the site of several announcements and activities related to domain name security, including:

• The .org top-level domain is the first to deploy DNSSEC as of this morning.  In a related announcement, the Internet Society became the first .org domain to deploy DNSSEC, for its ISOC.org domain.  See coverage here and here.
• .eu also deployed DNSSEC, it was announced this week.
• The Finnish Communications Regulatory Authority announced it will deploy DNSSEC, testing it this summer and putting it into production in autumn 2010.
• The DNSSEC deployment world map also was updated.

Today’s DNSSEC Workshop at ICANN has a packed agenda. Go here for details, including audiocasts, chat, and transcripts.  Topics to be covered include:

DNSSEC Workshop
DPS Framework: DNSSEC Policy and Practice Statement Framework
.ORG Transfer Tests Lessons Learned
DNS/DNSSEC and Domain Transfers: Are They Compatible?
Addressing DS Transfer: NSDS
DNSSEC.CZ
Deploying DNSSEC: Lessons Learned
Overview of Comcast’s DNSSEC Work
DNSSEC Resolving at SURFnet
PowerDNSSEC: A Different Way of Doing Authoritive DNSSEC
Overview of Open Source Tools for DNSSEC
DNSSEC Progress in .UK
DNSSEC Implementation – Julien Adam
DNSSEC Rollout Status
The .DE DNSSEC Testbed
.EU DNSSEC Deployment
DNSSEC Deployment in .PT
Starting DNSSec Deployment for .RU
Completing the Chain of Trust – Lance Wolak
Completing the DNSSEC Chain of Trust – Olaf Kolkman
Considerations in User Interface Design for DNSSEC
DNSSEC: Go Daddy Implementation
PIR – DNSSEC Chain of Trust
DNSSEC: A Foundation for Increasing Confidence in the Internet
DNSSEC for the Root Zone

ICANN chief executive Rod Beckstrom opened the ICANN Brussels meeting this week calling for cooperation in achieving DNS security. Noting that ICANN “cannot resolve these issues alone,” he said:

We need to work within our family of organizations, large and small, formal and informal, to draw on the wealth of expertise around us.

Go here to read the entire speech.  Several sessions at this week’s meeting will focus on DNSSEC, including today’s session on DNSSEC Vulnerabilities and Risk Management: A Discussion with the Experts, featuring Initiative partner and Shinkuro CEO Steve Crocker.

Coverage of today’s key signing key ceremony in Culpeper, Virginia, includes these articles:

• ICANN describes the ceremony in this post, noting “Ceremony participants referred to an extremely detailed checklist and were able to confirm that every aspect of the process was executed exactly as planned. The entire event was video-recorded simultaneously by three separate cameras, and ICANN arranged for the whole system to be subject to a SysTrust audit, a process supported by the archived, unedited video footage and the legal attestations of key participants.”  Documentation also will be published by ICANN.
• Network World’s Carolyn Duffy Marsan, in “DNSSEC security reaches ‘key’ milestone,” included comments from Initiative partner and Shinkuro CEO Steve Crocker, an observer at today’s ceremony.  He noted, “People from all over the world will be part of the process of creating the key for the top level of the DNS…They will witness and be able to report that the proper procedure was carried fairly and scrupulously.”
• Larry Seltzer, writing on PC World’s blog, titled his post, “Happy DNSSEC Day: The root is signed.”  He noted, “A few years ago I wrote a column elsewhere dismissing DNSSEC as a realistic solution because of the profound obstacles impeding it. At the time it seemed that signing the root zone was itself politically impossible, but ICANN and other responsible parties were able to alleviate concerns.”

ICANN has released the list of trusted community representatives who will participate in the root key generation and signing ceremonies, the first of which will take place tomorrow, June 16, in Culpeper, Virginia.  (An FAQ on the trusted community representatives can be found here.)  Following is the complete list, although ICANN notes that backups may be called in if needed:

Crypto Officers for the US East Coast Facility

• Alain Aina, BJ
• Anne-Marie Eklund Löwinder, SE
• Federico Neves, BR
• Gaurab Upadhaya, NP
• Olaf Kolkman, NL
• Robert Seastrom, US
• Vinton Cerf, US

Crypto Officers for the US West Coast Facility

• Andy Linton, NZ
• Carlos Martinez, UY
• Dmitry Burkov, RU
• Edward Lewis, US
• João Luis Silva Damas, PT
• Masato Minda, JP
• Subramanian Moonesamy, MU

Recovery Key Share Holders

• Bevil Wooding, TT
• Dan Kaminsky, US
• Jiankang Yao, CN
• Moussa Guebre, BF
• Norm Ritchie, CA
• Ondřej Surý, CZ
• Paul Kane, UK

Backup Crypto Officers

• Christopher Griffiths, US
• Fabian Arbogast, TZ
• John Curran, US
• Nicolas Antoniello, UY
• Rudolph Daniel, UK
• Sarmad Hussain, PK
• Ólafur Guðmundsson, IS

Backup Recovery Key Share Holders

• David Lawrence, US
• Dileepa Lathsara, LK
• Jorge Etges, BR
• Kristian Ørmen, DK
• Ralf Weber, DE
• Warren Kumari, US

• Black Hat 2010 is offering two 2-day training sessions on “Understanding and Deploying DNSSEC” on July 24-25 and July 26-27.  Led by Paul Wouters and Patrick Naubert, the sessions will include theoretical and lab work.  Registration fees vary by date registered.
• The Global Cybersecurity Center in Rome will hold a DNSSEC Workshop June 30-July 1, with a focus on adoption of DNSSEC globally and in key sectors in Italy and neighboring countries.  The workshop is free, but requires registration.