CompleMng The Chain of Trust

+(,-)%.#/&01%&+1"2#&(3&04567&
!"#$%&'()"*&
.ORG DNSSEC
2
»! The panel is to represent the key players in the
chain of trust.
»!Each person will have 4 minutes to tell you what
their role is in the chain of trust.
3
On The Panel
!"#$%#&%'&
())"&
(*+,'"&-&
(*+,'"&-.
!*&/,0*'.
1&)/,%*&&
(*+,'"&#&&
(*+,'"&#&&
(*+,'"&#&&
2!1&
(*+,'"&#$"&
8)"3&
9()*,"#&
:2$*&
!",;&
!"54%#&
<42$%&
=2,&>")?2#&&
:"@%61&
9(71"42&
=%4%,A&
B27$1$($*&
=",%6.
C)"D%)&
="6(#&
!2?2#/((D&
!%6)2%&
E"2/)%&
34$*".
5#6'&
27833&
12(&
894,#'&
3#:*'.
;*-)$%&
<=3.2$0>&
?)<#%%-& 7):0#'"&
2!@7&
4
F7"#D"4D6&
8)"3&9()*,"#&
G)#%7&!";6&
01%&:((7&
:2$*&!",;&
H+IGG&
:%/2674A&
!"54%#&<42$%&
J8:>K&01%&<5;)2$&H#7%4%67&:%/2674A&
Registry Role
»!DNSSEC is an important security initiative to PIR
»!In development for over 2 years, and completed beta
in the last 6 months
»!We have been working with registrars with OT&E
»!Today, 3 registrars are in production
»!Expect 12+ more registrars to be production ready in
the coming months
»!DNSSEC rolls on… Practice Safe DNS
8
:%/2674A&F%4?2$%&<4(?2D%4&
=2,&>")?2#&
IL)2"6&
DNSSEC Best Practices
»! Must support the import and export of the public key
»! Must provide a mechanism to unsign a domain
»! Must functionally separate DNS services from registration
services
–! Must support the import of a new NS resource record
set without discontinuing existing DNS services
–! Must continue DNS services until explicitly told to stop
–! Must setup new DNS services in advance of transfer
–! Must support export of domain’s zone file
10
:%/2674"4&MNO&
:"@%61&9(71"42&
G",%6C%A(#D&
:%/2674"4&MPO&
=%4%,A&B27$1$($*&
EA#&H#$J&
:%/2674"4&MQO&
=",%6&C)"D%)&
>(E"DDA&
HF<&
="6(#&!2?2#/((D&
+(,$"67&
:%/2674"#7&
!%6)2%&E"2/)%&
HF8+&