[dns-operations] REMINDER: Call for Participation -- ICANN DNSSEC Workshop at ICANN 56 in Helsinki, Finland

Julie Hedlund julie.hedlund at icann.org
Thu May 12 18:02:18 UTC 2016

REMINDER: Call for Participation -- ICANN DNSSEC Workshop at ICANN 56 in Helsinki, Finland


The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop at the ICANN 56 meeting on 27 June 2016 in Helsinki, Finland.  The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments.  For reference, the most recent session was held at the ICANN meeting in Marrakech, Morocco on 09 March 2016. The presentations and transcripts are available at:  https://meetings.icann.org/en/marrakech55/schedule/wed-dnssec. 


Examples of the types of topics we are seeking include:


1. DNSSEC Deployment Challenges


The program committee is seeking input from those that are interested in implementation of DNSSEC but have general or particular concerns with DNSSEC.  In particular, we are seeking input from individuals that would be willing to participate in a panel that would discuss questions of the nature:

— What are your most significant concerns with DNSSEC, e.g., implementation, operation or something else?

— What do you expect DNSSEC to do for you and what doesn't it do?

— What do you see as the most important trade-offs with respect to doing or not doing DNSSEC?


We are interested in presentations related to any aspect of DNSSEC such as zone signing, DNS response validation, applications use of DNSSEC, registry/registrar DNSSEC activities, etc.


2.  DNSSEC by Default


As more and more applications and systems are available with DNSSEC enabled by default, the vast majority of today’s applications support DNSSEC but are not DNSSEC enabled by default.    Are we ready to enable DNSSEC by default in all applications and services. We are interested in presentations by implementors on the reasoning that led to enable DNSSEC by default in their product or service.  We are also interested in understanding  those that elected not to enable DNSSEC by default and why, and what their plans are.


3. DNSSEC Encryption Algorithms


How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way?  Over the past few months there have been discussions within the DNSSEC community about how we start down the path toward adding support for new cryptographic algorithms such as Ed25519 and Ed448. At ICANN 55 in Marrakech we had a panel session that explored why elliptic curve cryptography was interesting and some high level views on what needs to happen.  At ICANN 56 we are interested in presentations that dive into greater detail about what needs to be done and how we start the process. More background information can be found in this document: https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/


In addition, we welcome suggestions for additional topics.


If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-helsinki at isoc.org by **Wednesday, 18 May 2016**


We hope that you can join us.


Thank you,

Julie Hedlund


On behalf of the DNSSEC Workshop Program Committee:


Mark Elkins, DNS/ZACR

Cath Goulding, Nominet UK

Jean Robert Hountomey, AfricaCERT

Jacques Latour, .CA

Xiaodong Lee, CNNIC

Luciano Minuchin, NIC.AR

Russ Mundy, Parsons

Ondřej Surý, CZ.NIC

Yoshiro Yoneya, JPRS

Dan York, Internet Society

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160512/e39ac546/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4630 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160512/e39ac546/attachment.bin>

More information about the dns-operations mailing list