crocker-forum-rome-05mar04-en - icann
01.05.2014 Views
Share Embed Report

crocker-forum-rome-05mar04-en - icann

crocker-forum-rome-05mar04-en - icann

crocker-forum-rome-05mar04-en - icann

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
icann.org

Transform your PDFs into Flipbooks and boost your revenue!

Leverage SEO-optimized Flipbooks, powerful backlinks, and multimedia content to professionally showcase your products and significantly increase your reach.

Start now

Security and Stability AdvisoryCommittee – Curr<strong>en</strong>t ActivitySteve Crocker ChairSecurity and Stability Advisory CommitteeMarch 5, 2004Rome, Italysteve@steve<strong>crocker</strong>.com

New Acronym• Was SECSAC• Now SSAC – “ess sac”

SSAC Committee• Steve Crocker, Chair• Alain Patrick Aina• Jaap Akkerhuis• Stev<strong>en</strong> M. Bellovin• Rob Blokzijl• David R. Conrad• Johan Ihr<strong>en</strong>• Mark Kosters• Allison Mankin• Ram Mohan• Russ Mundy• Jun Murai• Frederico A.C. Neves• Ray Plzak• Doron Shikmoni• K<strong>en</strong> Silva• Bruce Tonkin• Paul Vixie• Rick WessonStaff support: Jim Galvin

SSAC Committee Str<strong>en</strong>gths• Root Server Operators• gTLD Operators• ccTLD Operators• Name Space Registries• Regional Internet Registries (RIRs)• Registrars• Internet SecurityNo policy or political members(!)

Selected Curr<strong>en</strong>t Topics• Wild Card• New TLDs• DNSSEC• Rotation and Repl<strong>en</strong>ishm<strong>en</strong>t

Wild Card• VeriSign used the wild card feature inDNS to redirect queries touninstantiated domains• Lots of community pushback• SSAC held meetings on Oct 7 & 15• Report is overdue. Committee will havedraft by <strong>en</strong>d of March• Further complicated by lawsuit

New TLDs• Pressure on the root?• Pressure on the IANA?• Business continuity?Not muchYesWill fail

DNSSEC• DNSSEC is signature protocol for DNS <strong>en</strong>tries• Each <strong>en</strong>try signed; traceable back to root• Provides strong assurance of auth<strong>en</strong>ticity ofresponse• Doesn’t solve all security issues, but tight<strong>en</strong>sone important elem<strong>en</strong>t of the overall system

DNSSEC Status• DNSSEC has be<strong>en</strong> brewing for a longtime• 10 years(!), 3 major iterations of the specs• Specs are just now being finalized• Some trials and interoperabilityexperim<strong>en</strong>ts• No actual deploym<strong>en</strong>ts yet

DNSSEC Roll Out• Specs• Design• Implem<strong>en</strong>tation• Products• Education(Marketing)• Deploym<strong>en</strong>t• Training• Operation

Problems, Policies• Root Key• Control and managem<strong>en</strong>t• Rollover• Distribution• Operation during sparse deploym<strong>en</strong>t• End system behavior wh<strong>en</strong>/whilesignatures do not exist

Rotation and Repl<strong>en</strong>ishm<strong>en</strong>t• SSAC formed in spring 2002• Initial members selected by ICANN staff• Very few changes since th<strong>en</strong>• Two additions and two departures• One departure was pro forma• Need process for replacing members• Needs to be fair, balanced but not mindless• Focus will continue on compet<strong>en</strong>ce, indep<strong>en</strong>d<strong>en</strong>ce of view• No natural constitu<strong>en</strong>cies• Will structure a process and put it into operation• Will try to move this forward by KL• Suggestions for process and specific candidates are welcome

Yumpu Logo

products

Resources

Company

Terms of service
Privacy policy
Cookie settings
Accessibility Statement
Accessibility Statement
Imprint
Change language
Made with love in Switzerland
© 2025 Yumpu.com, all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!