At ION Toronto in November, Jacques Latour from the Canadian Internet Registration Authority (CIRA) gave an interesting talk on the ongoing work to deploy DNSSEC for the .CA ccTLD. From the session abstract:
CIRA has completed two phases of a three-phased approach to implement DNSSEC on the .CA country code Top Level Domain (ccTLD). First, they released a DNSSEC Practice Statement for comment, providing an operational outline of how CIRA plans to develop, maintain and manage DNSSEC deployment for .CA. Next, they held a key signing ceremony where they generated the cryptographic digital key that is used to secure the .CA zone. On January 21, 2013, CIRA published a signed .CA zone file, and on January 23, the .CA DS record was submitted to the Internet Assigned Numbers Authority (IANA). The next phase of CIRA’s work in implementing DNSSEC is to make the necessary upgrades to ready the registry system for transacting DNSSEC-enabled .CA domain names. This work is expected to be complete in 2014. Once complete, CIRA will be able to register DNSSEC-enabled .CA domain names.
This session will explore CIRA’s technical solution for deploying DNSSEC support in the .CA registry. With our goal of making it easier for registrars, registrants and DNS operator to support any combination of DS and DNSKEY registration. We will take a quick look at our DNSSEC awareness strategy, the status/progress of .CA signed domains, and our lessons learned and challenges for increasing numbers of signed domain names.
The .CA Case Study video is now on YouTube:
Jacques’ slides are also available:
A huge thank you to everyone who joined us in Toronto in person or via the webcast (especially if you joined us over IPv6!). It was a great event thanks to our co-location partner, the Canadian ISP Summit, and our sponsor, Afilias.
We’d love to hear your feedback on these sessions or the ION Conferences as a whole. Talk to us!