Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
DNSSEC
                        for the Root Zone
                                 LACNIC XIII
                          Cu...
This design is the result of a cooperation
                     between ICANN & VeriSign with
                    support ...
Quick Recap
                    • 2048-bit RSA KSK, 1024-bit RSA ZSK
                    • Signatures with RSA/SHA-256
   ...
DURZ Deployment

                    • The Deliberately Unvalidatable Root Zone
                        (DURZ) deployment ...
DURZ Data Collections
       Pre-DURZ                   2010-01-19 ✔
       L                          2010-01-27 ✔
      ...
Tuesday, May 18, 2010
L-Root’s DURZ Date
                             01/26/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
Tuesday, May 18, 2010
All Roots serving DURZ
                             Date 05/05/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
L-Root’s DURZ Date
                             01/26/10




Tuesday, May 18, 2010
All Roots serving DURZ
                    Date 05/05/10




Tuesday, May 18, 2010
Tuesday, May 18, 2010
Tuesday, May 18, 2010
UDP Priming Query Rate
                                                   for the previous month
                         ...
UDP Priming Query Rate
                                                               for the previous month
             ...
DS Change Requests

                    • Approach likely to be based on existing
                        methods for TLD ...
Policy Update

                    • Updated versions of the draft KSK and ZSK
                        DNSSEC Practice Sta...
TCR Update

                    • Trusted Community Representative
                        Applications were submitted bet...
KSK Ceremonies

                    • First ceremony will take a place in ICANN
                        KSK East Coast Fac...
Documentation
                                     Available at www.root-dnssec.org



                    •   Requirement...
Next Steps
                    • 2010-06-16: First Key Signing Key (KSK)
                        Ceremony
                ...
Questions & Answers



Tuesday, May 18, 2010
rootsign@icann.org



Tuesday, May 18, 2010
Root DNSSEC Design Team
                             Joe Abley
                         Mehmet Akcin
                     ...
Nächste SlideShare
Wird geladen in …5
×

0

Teilen

Herunterladen, um offline zu lesen

Signing the Root

Herunterladen, um offline zu lesen

DNSSEC Signing the Root

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ähnliche Hörbücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen
  • Gehören Sie zu den Ersten, denen das gefällt!

Signing the Root

  1. 1. DNSSEC for the Root Zone LACNIC XIII Curacao, Netherlands Antilles May 2010 Mehmet Akcin, ICANN Tuesday, May 18, 2010
  2. 2. This design is the result of a cooperation between ICANN & VeriSign with support from the U.S. DoC NTIA Tuesday, May 18, 2010
  3. 3. Quick Recap • 2048-bit RSA KSK, 1024-bit RSA ZSK • Signatures with RSA/SHA-256 • Split ZSK/KSK operations • Incremental deployment • Deliberately Unvalidatable Root Zone (DURZ) • more information @ www.root-dnssec.org Tuesday, May 18, 2010
  4. 4. DURZ Deployment • The Deliberately Unvalidatable Root Zone (DURZ) deployment started on 27 January. • As of 5 May, all 13 root servers are serving the DURZ. Tuesday, May 18, 2010
  5. 5. DURZ Data Collections Pre-DURZ 2010-01-19 ✔ L 2010-01-27 ✔ A 2010-02-10 ✔ I,M 2010-03-03 ✔ D, E, K 2010-03-24 ✔ B,C,F,G,H 2010-04-14 ✔ J 2010-05-05 ✔ Tuesday, May 18, 2010
  6. 6. Tuesday, May 18, 2010
  7. 7. L-Root’s DURZ Date 01/26/10 Tuesday, May 18, 2010
  8. 8. Tuesday, May 18, 2010
  9. 9. Tuesday, May 18, 2010
  10. 10. All Roots serving DURZ Date 05/05/10 Tuesday, May 18, 2010
  11. 11. Tuesday, May 18, 2010
  12. 12. L-Root’s DURZ Date 01/26/10 Tuesday, May 18, 2010
  13. 13. All Roots serving DURZ Date 05/05/10 Tuesday, May 18, 2010
  14. 14. Tuesday, May 18, 2010
  15. 15. Tuesday, May 18, 2010
  16. 16. UDP Priming Query Rate for the previous month as of 2010 05 01 00:00:00 450 A root C root 400 D root E root 350 F root G root H root 300 Queries Per Second J root L root 250 M root 200 150 100 50 0 MAR31 APR5 APR10 APR15 APR20 APR25 APR30 Date/Time, UTC Tuesday, May 18, 2010
  17. 17. UDP Priming Query Rate for the previous month as of 2010 05 01 00:00:00 450 A root C root 400 D root E root 350 F root G root A single nameserver H root 300 instance with Queries Per Second J root max-cache-ttl=0 L root 250 M root 200 150 100 50 0 MAR31 APR5 APR10 APR15 APR20 APR25 APR30 Date/Time, UTC Tuesday, May 18, 2010
  18. 18. DS Change Requests • Approach likely to be based on existing methods for TLD managers to request changes in root zone. • Anticipate being able to accept DS requests in early June. Tuesday, May 18, 2010
  19. 19. Policy Update • Updated versions of the draft KSK and ZSK DNSSEC Practice Statements (DPS) will be published shortly. ‣ Not much has changed substantively, but please read these practice statements – answers to most questions regarding DNSSEC for the Root Zone can be found in the DPS. Tuesday, May 18, 2010
  20. 20. TCR Update • Trusted Community Representative Applications were submitted between 13-24 April 2010. • 61 Total Applications ‣ 5 from LACNIC ‣ Background checks are being completed. Tuesday, May 18, 2010
  21. 21. KSK Ceremonies • First ceremony will take a place in ICANN KSK East Coast Facility in Culpeper,Virginia • 16 June 2010 ‣ More information will be posted on website http://www.root-dnssec.org Tuesday, May 18, 2010
  22. 22. Documentation Available at www.root-dnssec.org • Requirements • High Level Technical Architecture • DNSSEC Practice Statements (DPS) • Trust Anchor Publication • Deployment Plan • KSK Ceremonies Guide • TCR Proposal • Resolver Testing with a DURZ • DS Record Handling • DNSSEC Key Management Implementation Tuesday, May 18, 2010
  23. 23. Next Steps • 2010-06-16: First Key Signing Key (KSK) Ceremony ‣ Culpeper, US (ICANN East Coast KSK facility) • 2010-07-15: Distribution of validatable, production, signed root zone; publication of root zone trust anchor ‣ More data analysis and dodging meetings and holidays. Tuesday, May 18, 2010
  24. 24. Questions & Answers Tuesday, May 18, 2010
  25. 25. rootsign@icann.org Tuesday, May 18, 2010
  26. 26. Root DNSSEC Design Team Joe Abley Mehmet Akcin David Blacka David Conrad Richard Lamb Matt Larson Fredrik Ljunggren Dave Knight Tomofumi Okubo Jakob Schlyter Duane Wessels Tuesday, May 18, 2010

DNSSEC Signing the Root

Aufrufe

Aufrufe insgesamt

657

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

2

Befehle

Downloads

2

Geteilt

0

Kommentare

0

Likes

0

×