Call for Participation – DNSSEC and ICANN Security Workshop for ICANN74 Policy Forum
Do you have information about DNS security or routing security that you would like to share with the global community? Have you developed a new tool or system in this area? Do you have results from a research project that you would like to share with a technical community?
If so, please consider submitting a proposal to the DNSSEC and Security Workshop to be held at ICANN 74 in June 2022. Simply send a brief description (1-3 sentences) of your presentation proposal to [email protected] at the end of the day on Friday April 29, 2022.
You can find more information and presentation ideas in the full Call for Participation below.
In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), we are planning a workshop on DNSSEC and Security for the ICANN74 Public Forum to be held as a hybrid meeting from 13-16 June 2022 in the Central European time zone (UTC+1). This workshop date will be determined once ICANN creates a block schedule that we will follow; we can then ask for a day and an hour. The DNSSEC and Security Workshop has been a part of ICANN meetings for several years and has provided a forum for experienced and new people to meet, present, and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN73 Community Forum on Wednesday, March 9, 2022. Presentations and transcripts are available at:
The DNSSEC Workshop Program Committee is developing a program for the next meeting. Proposals will be considered for the following topics and included if space permits. In addition, we welcome suggestions for additional topics either to include in the ICANN74 workshop or to consider for future workshops.
1. Global Panel of DNSSEC Activities
For this panel, we are seeking participation from those who have been involved in deploying DNSSEC as well as those who have not deployed DNSSEC but have a keen interest in the challenges and benefits of deployment, including turnover. the root key signing key (KSK) activities and projects.
2. DNSSEC Best Practices
Now that DNSSEC has become an operational standard for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC?
- Are you still submitting/accepting DS registrations with Digest Type 1?
- What is the best practice regarding key rollovers?
- What about algorithm rollovers?
- Do you use and support DNSKEY 13-16 algorithms?
- How often do you review your disaster recovery procedures?
- Is there operational familiarity within your customer support teams?
- What operational statistics have been collected on DNSSEC?
- Are there any documented experiences in the form of best practices, or something similar, for transferring signed zones?
DNSSEC-related activities and issues in the DNS root zone are also desired.
3. DNSSEC Deployment Challenges
The Program Committee invites input from those who are interested in implementing DNSSEC but have general or specific concerns with DNSSEC. In particular, we are seeking input from people who would be willing to participate in a panel that would discuss questions of the following nature:
- Are there any policies that directly or indirectly hinder your DNSSEC deployment? (RRR model, CDS/CDNSKEY automation)
- What are your biggest concerns with DNSSEC, for example, complexity, training, implementation, operation, or something else?
- What do you expect from DNSSEC for you and what does it not do?
- What do you think are the most important trade-offs about doing or not doing DNSSEC?
4. Security Panel
The program committee seeks presentations on DNS, DNSSEC, routing, and other topics that may impact the security and/or stability of the Internet.
We are looking for presentations that cover implementation issues, challenges, opportunities and best practices for:
- Emerging threats that may affect the security and/or stability of the Internet
- DoH and DoT
- RPKI (resource public key infrastructure)
- BGP routing and secure implementations
- MANRS (Mutually Agreed Standards for Routing Security)
- Browser security—DNS, DNSSEC, DoH
- Email and DNS security: DMARC, DKIM, TLSA, etc.
If you are interested in participating, please send a brief description (1-3 sentences) of your presentation proposal to [email protected] by COB on Friday, April 29, 2022.
The DNSSEC Workshop Program Committee:
Steve Crocker, Shinkuro
Mark Elkins, DNS/ZACR
Jacques Latour, .CA
Russ Mundy, Parsons
Ondrej Filip, CZ.NIC
Yoshiro Yoneya, JPRS
Fred Baker, ISC
Dan York, Internet Society