[dns-operations] Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN Community Forum

Puneet Sood puneets at google.com
Thu Nov 16 00:47:58 UTC 2023 

On Wed, Nov 15, 2023 at 4:32 PM Barry Raveendran Greene <bgreene at senki.org>
wrote:

>
> The irony - having a DNS workshop in Puerto Rico where DNS Resiliency
> failures aggravated recovery during Hurricane Maria.
>
> My recommendation is to have an entire session on DNS resiliency in the
> face of disaster.
>

Do you have references handy you can share?



>
> On Nov 15, 2023, at 08:49, Kathy Schnitt <kathy.schnitt at icann.org> wrote:
>
> 
>
> *Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN
> Community Forum*
>
>
>
> In cooperation with the ICANN Security and Stability Advisory Committee
> (SSAC), we are planning a DNSSEC and Security Workshop for the ICANN79
> Community Forum being held as a hybrid meeting from 02-07 March 2024 San
> Juan, Puerto Rico in the Atlantic Standard Time - AST (UTC-4). This
> workshop date will be determined once ICANN creates a block schedule for us
> to follow; then we will be able to request a day and time. The DNSSEC and
> Security Workshop has been a part of ICANN meetings for several years and
> has provided a forum for both experienced and new people to meet, present
> and discuss current and future DNSSEC deployments.  For reference, the most
> recent session was held at the ICANN78 The Annual General Meeting on
> Wednesday, 25 October 2023. The presentations and transcripts are available
> at: https://icann78.sched.com/.
>
>
>
> The DNSSEC Workshop Program Committee is developing a program for the
>
> upcoming meeting.  Proposals will be considered for the following topic
> areas and included if space permits.  In addition, we welcome suggestions
> for additional topics either for inclusion in the ICANN78 workshop, or for
> consideration for future workshops.
>
>
>
> *1.  Global DNSSEC Activities Panel*
>
> For this panel, we are seeking participation from those who have been
> involved in DNSSEC deployment as well as from those who have not deployed
> DNSSEC but who have a keen interest in the challenges and benefits of
> deployment, including Root Key Signing Key (KSK) Rollover activities and
> plans.
>
>
>
> *2.  DNSSEC Best Practice*
>
> Now that DNSSEC has become an operational norm for many registries,
> registrars, and ISPs, what have we learned about how we manage DNSSEC?
>
>
>    - Do you still submit/accept DS records with Digest Type 1?
>    - What is the best practice around key roll-overs?
>    - What about Algorithm roll-overs?
>    - Do you use and support DNSKEY Algorithms 13-16?
>    - How often do you review your disaster recovery procedures?
>    - Is there operational familiarity within your customer support teams?
>    - What operational statistics have been gathered about DNSSEC?
>    - Are there experiences being documented in the form of best
>    practices, or something similar, for transfer of signed zones?
>
>
>
> Activities and issues related to DNSSEC in the DNS Root Zone are also
> desired.
>
>
>
> *3. DNSSEC Deployment Challenges*
>
> The program committee is seeking input from those that are interested in
> implementation of DNSSEC but have general or particular concerns with
> DNSSEC.  In particular, we are seeking input from individuals that would be
> willing to participate in a panel that would discuss questions of the
> following nature:
>
>
>
>
>    - Are there any policies directly or indirectly impeding your DNSSEC
>    deployment? (RRR model, CDS/CDNSKEY automation)
>    - What are your most significant concerns with DNSSEC, e.g.,
>    complexity, training, implementation, operation or something else?
>    - What do you expect DNSSEC to do for you and what doesn't it do?
>    - What do you see as the most important trade-offs with respect to
>    doing or not doing DNSSEC?
>
>
>
> *4. Security Panel*
>
> The program committee is looking for presentations on DNS, DNSSEC, routing
> and other topics that could impact the security and/or stability of the
> Internet.
>
>
>
> We are looking for presentations that cover implementation issues,
> challenges, opportunities and best practices for:
>
>
>
>    - Emerging threats that could impact the security and/or stability of
>    the Internet
>    - DoH and DoT
>    - RPKI (Resource Public Key Infrastructure)
>    - BGP routing & secure implementations
>    - MANRS ( Mutually Agreed Norms for Routing Security)
>    - Browser security – DNS, DNSSEC, DoH
>    - EMAIL & DNS related security – DMARC, DKIM, TLSA, etc…
>
>
>
> If you are interested in participating, please send a brief (1-3 sentence)
> description of your proposed presentation to
> dnssec-security-workshop at icann.org *by COB Friday, 19 January 2024.*
>
>
>
> Thank you,
>
> Kim and Kathy
>
> On behalf of the DNSSEC Workshop Program Committee:
>
> Steve Crocker, Edgemoor Research Institute
>
> Mark Elkins, DNS/ZARC
>
> Jacques Latour, .CA
>
> Russ Mundy, Tislabs
>
> Yoshiro Yoneya
>
> Dan York, Internet Society
>
>
>
>
>
>
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20231115/1f856959/attachment-0001.html>

More information about the dns-operations mailing list