Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

Watch LIVE – ICANN 59 DNSSEC Workshop – June 26 at 7:00am UTC

ICANN 59 logoWant to learn more about DNSSEC deployment challenges? Interested in learning about a DANE middlebox for HTTPS? Curious about how the upcoming DNSSEC Root Key Rollover will affect systems? And have you heard about the CDS and CDNSKEY records for DNS? What are they – and what impact will they have on ICANN policies?

If you answered yes to any of the above, you can tune in live to the ICANN 59 DNSSEC Workshop streaming out of Johannesburg, South Africa, on:

Monday, June 26, 2017 at 9:00am local time (UTC+2)

The schedule, which includes links to slides, is at:

The direct live stream link using Adobe Connect is:

THE SESSION WILL BE RECORDED if you are unable to watch live. (Which will include me, as I’m not at this event and 3:00am US Eastern time is a bit too early for me to get up to watch!)

The talks from 9:00 – 12 noon SAST (UTC+2) include:

  • Introduction, Program, Deployment Around the World – Counts, Counts, Counts
  • Panel Discussion: DNSSEC Deployment Challenges
  • Middlebox DANE for HTTPS
  • Tutorial/Panel Discussion: Root Key Signing Key Rollover Test Bed
  • Panel Discussion: CDS and CNS Implementation – What are the policy impacts?
  • DNSSEC: How Can I Help?
  • The Great DNS/DNSSEC Quiz

It should be a great event filled with DNSSEC and DANE education and information. The Workshop will be followed by a lunch sponsored by Afilias, CIRA and SIDN and then the “Tech Day” presentations in the afternoon.

Meanwhile, if you are interested in learning more about how to begin using DNSSEC for a higher level of security, please visit our Start Here page to get started!

Deploy360 Domain Name System (DNS) Events To archive Transport Layer Security (TLS)

Watch Live Today! DNS Privacy Workshop Streaming from NDSS 2017


Want to learn the latest about DNS privacy? About the latest research and techniques to protect the confidentiality of your DNS info and queries?

Starting at 8:55 am PST (UTC-8) today, there will be what looks to be an outstanding workshop on DNS Privacy streaming live out of the Network and Distributed System Security Symposium (NDSS) in San Diego, California.

View the agenda of the DNS Privacy Workshop to see all the excellent sessions.  You can then join live at:

(Other remote connection options can be found at the bottom of the agenda page.)

Note – this workshop is not about DNSSEC, which is a method to protect the integrity of DNS (to ensure DNS info is not modified in transit), but rather new work being done within the IETF to improve the confidentiality of DNS.

The sessions include:

  • How DNS Works in Tor & Its Anonymity Implications
  • DNS Privacy through Mixnets and Micropayments
  • Towards Secure Name Resolution on the Internet – GNS
  • Changing DNS Usage Profiles for Increased Privacy Protection
  • DNS-DNS: DNS-based De-NAT Scheme
  • Can NSEC5 be practical for DNSSEC deployments?
  • Privacy analysis of the DNS-based protocol for obtaining inclusion proof
  • Panel Discussion: The Tension between DNS Privacy and DNS Service Management
  • The Usability Challenge for DNS Privacy and End Users
  • An Empirical Comparison of DNS Padding Schemes
  • DNS Service Discovery Privacy
  • Trustworthy DNS Privacy Services
  • EIL: Dealing with the Privacy Problem of ECS
  • Panel Discussion: DNS-over-TLS Service Provision Challenges: Testing, Verification,

If you are not there in person (as I will not be), you can also follow along on the #NDSS17 hashtag on Twitter. There will also be tweets coming out of:

Stéphane Bortzmeyer will also be attending (and speaking at) the workshop – and he is usually a prolific tweeter at @bortzmeyer.

The sessions will also be recorded for later viewing. I’m looking forward to seeing the activity coming out of this event spur further activity on making DNS even more secure and private.

Please do follow along remotely – and please do share this information with other people you think might be interested. Thank you!

Image from Unsplash – I thought about showing the wide beaches, but the reality is that the conference participants won’t really get a chance to visit them. I thought “Lifeguard” was appropriate, though, because lifeguards are all about protecting people and keeping things safe.

Deploy360 Domain Name System Security Extensions (DNSSEC) To archive

Watch Live TODAY – DNSSEC Root KSK Ceremony at 17:00 UTC

DNSSEC Key Ceremony 25

Today a critical part of DNS security – DNSSEC – will receive a major update, and you can watch it all live at starting at 17:00 UTC (1:00pm US EDT – local time) streaming out of ICANN’s data center in Virginia:

Olaf Kolkman, our CITO, will be in attendance as a “Crypto Officer” (key holder). Olaf wrote a post with info about the 25th key ceremony back in May 2016 and shared some of his photos.

The important step today is that this key ceremony will involve the creation of a new Key Signing Key (KSK) for the root of DNS. This begins what will be a year-long process of “rolling over” the cryptographic key at the heart of the DNSSEC system. ICANN has a page dedicated to the “Root KSK Rollover” explaining the details – and this “at-a-glance” PDF provides the key facts and dates.

This is a great step in making DNSSEC even more secure.

If you’re interested, ICANN posts the “script” that will be used to go through today’s key ceremony. All of the key ceremonies are streamed live and archived for later viewing.

If you want to learn more about DNSSEC in general, please visit our Start Here page to find resources to help!

Image credit – Olaf Kolkman on Flickr. Used with permission.

Deploy360 Events To archive

Watch ION Bucharest LIVE TODAY!

ION BucharestToday’s the Day! Tune in today starting at 2PM EEST (UTC+3) for ION Bucharest, where we’ll be discussing IPv6, DNSSEC, MANRS and Routing Security, the IETF, and more!

Click Here To Watch the Webcast (over IPv6, of course)

We’ll also be active on our social media channels over the course of the day, so follow along with #IONConf and get involved!

I hope you can join us for what is sure to be an interesting and informational afternoon.

Deploy360 Domain Name System Security Extensions (DNSSEC) To archive

Watch Live TODAY – DNSSEC Root KSK Ceremony 25 – 13:00 EDT – 17:00 UTC

DNSSEC badgeStarting in about 45 minutes, at 13:00 local time in Culpeper, Virginia, which is 17:00 UTC, you have the opportunity to watch the live stream of the Root KSK key-signing ceremony #25. More info can be found here:

and the direct link for watching is:

Internet Society CITO Olaf Kolkman will be among the participants as he is one of the 14 global “Crypto Officers” who has a role to play in the key signing ceremony. You can see the various roles in the KSK Ceremony 25 script, but perhaps better is to read this excellent description by Olafur Gudmundsson:

Olafur’s text, photos and graphics help explain what is going on.

If you can’t watch live but are interested in what happens, materials will be available after the fact including camera footage and more. (See the example of KSK Ceremony 24 from February 2016.)

While this may not necessarily be as exciting as a rocket launch, these public key signing ceremonies are important to ensure people understand and believe in the trustworthiness of the Root KSK that enables the overall DNSSEC global “chain of trust” to be reliable!

P.S. If you want to get started with DNSSEC yourself, please visit our Start Here page to find resources to help you!

Deploy360 Domain Name System (DNS) Domain Name System Security Extensions (DNSSEC) Events Privacy To archive

DNS-OARC 24 Streaming Live March 31 / April 1 from Buenos Aires


Today and tomorrow you have a great opportunity to listen to some of the newest research into the Domain Name System (DNS) operations and security through the live video stream of the 24th meeting of the DNS Operations Analysis and Research Center (DNS-OARC). You can watch live at:

and view the past recordings on the DNS-OARC YouTube channel.  The DNS-OARC 24 agenda covers a wide range of topics related to the overall operations of DNS.  Some of the sessions that Deploy360 readers may find of interest include:

  • Thursday, March 31
    • How we are developing a next generation DNS API for applications
    • State of the “DNS privacy” project: running code
    • QNAME minimisation in Unbound (DNS privacy)
  • Friday, April 1
    • Knot DNS Resolver
    • Threshold-Cryptography Distributed HSM
    • Review and analysis of attack traffic against A-root and J-root on November 30 and December 1, 2015
    • ECDSA – Reviewed
    • Rolling the Root Key
    • Algorithm roll-over experiences
    • Panel: DNSSEC algorithm flexibility

The last four sessions that I highlighted in bold all fit into the larger work of moving to use newer elliptic curve cryptographic algorithms within DNSSEC that I wrote about recently.  As I mentioned in that article, I’ll be moderating this final panel tomorrow afternoon.

I would encourage people to tune in and watch the sessions.  Do visit the DNS-OARC 24 timetable to find out the times when different sessions will be happening. All times are in Argentina time (ART) which is UTC-3.

And if you want to get started with DNSSEC yourself, please visit our Start here page to begin.

Image credit: a photo of the DNS-OARC 24 room I took this morning.


Deploy360 IPv6 To archive

LACNIC IPv6 Troubleshooting for Helpdesks Webinar today

lacnic-logoLACNIC is organizing a “IPv6 Troubleshooting for Helpdesks” webinar that will take place today, 23rd March 2016 at 15.00 UYT (UTC -3) through Webex. The main theme of the webinar is how ISP helpdesks can use the RIPE-631 Best Current Operational Practice document and associated online tools to troubleshoot and fix IPv6 issues.

The webinar will be lead by LACNIC with the main speakers being Sander Steffann and Jan Žorž (Internet Society), the two co-authors of RIPE-631.

Jan Zorz and Sander Steffann, webinar presenters
Jan Zorz and Sander Steffann, webinar presenters

Who should attend? Technical staff with IP knowledge, IPv6 network administrators, first- and second- level line support, as well as people from companies implementing IPv6.

There are currently over 120 people registered, so we’re expecting a good webinar to happen today.

Registration if free, so please register at and see you later!

Events Internet Governance Public Policy To archive

Watch Live – Thursday, March 17 – Sally Wentworth Testifying at US Congressional Hearing on Privatizing IANA

On Thursday, March 17, 2016, our VP of Global Policy Development, Sally Shipman Wentworth, will be testifying before the U.S. Congress on the topic of “Privatizing the Internet Assigned Numbers Authority” (IANA) starting at 10:15am US EDT (UTC-4).  You can learn about the hearing at:

and watch live at:

Sally’s written testimony is available in advance from our site at:

and also from our general IANA stewardship transition page.

The hearing is before the Communications and Technology Subcommittee of the U.S. House of Representatives Energy and Commerce Committee. The speakers as of now will be:

  • Dr. Alissa Cooper, Chair, IANA Stewardship Transition Coordination Group
  • Mr. Steve DelBianco, Executive Director, NetChoice
  • The Honorable David A. Gross, Former U.S. Coordinator, International Communications and Informational Policy, Wiley Rein LLP
  • Ms. Audrey Plonk, Director, Global Security and Internet Governance Policy, Intel Corporation
  • Mr. Matthew Shears, Representative and Director, Global Internet Policy and Human Rights Project, Center for Democracy and Technology (CDT)
  • Ms. Sally Shipman Wentworth, Vice President, Global Policy Development, Internet Society

Please see our IANA Stewardship Transition page for more background information. The video stream will be recorded if you are unable to watch the session live.

Deploy360 Domain Name System Security Extensions (DNSSEC) To archive Tutorials

WATCH LIVE Today – DNSSEC For Everybody: A Beginner's Guide, from ICANN 55

ICANN 55 entrance

Want to learn about DNSSEC and how it helps add a layer of trust to DNS? Puzzled by how this all works?   If so, please join us today from 16:45 to 18:15 UTC for “DNSSEC for Everybody: A Beginner’s Guide” streaming live out of Marrakech, Morocco, in both audio and video on links found off of this page:

(The video and slides are provided via the “Virtual Meeting Room Stream Live” link.)

UPDATE: It turns out that unfortunately there will NOT BE VIDEO in the room that ICANN assigned for us.  You can still listen by audio and watch the slides – but you will unfortunately not see any video.

The session consists of an introduction and then a skit where a group of us act out DNS operations – and then add DNSSEC into the picture.

Yes… you heard that right… a bunch of engineers acting out a skit about DNS!   🙂

Hey… you might as well have a bit of fun with it, eh?  And our history has told us that this skit has helped people tremendously in understanding DNS and DNSSEC.  We also have some other technical information and usually spend about half the session answering questions from participants.

Please do join us!

This tutorial today is part of a larger set of DNSSEC activities planned for this week.  As the session abstract says:

DNSSEC continues to be deployed around the world at an ever accelerating pace. From the Root, to both Generic Top Level Domains (gTLDs) and Country Code Top Level Domains (ccTLDs), the push is on to deploy DNSSEC to every corner of the internet. Businesses and ISPs are building their deployment plans too and interesting opportunities are opening up for all as the rollout continues.

Worried that you’re getting left behind? Don’t really understand DNSSEC? Then why not come along to the second ‘DNSSEC for Beginners’ session where we hope to demystify DNSSEC and show how you can easily and quickly deploy DNSSEC into your business. Come and find out how it all works, what tools you can use to help and meet the community that can help you plan and implement DNSSEC.

The session is aimed at everyone, so no technical knowledge is required. Come and find out what it’s all about…!

If you can’t view it live the session will be recorded for later viewing.  And if you want to get started today with DNSSEC, please see our Start Here page to begin!


To archive Women in Tech

Watch Live on Feb 11 – ISOC President/CEO Kathy Brown at UN’s International Day Of Women & Girls In Science

On Thursday, February 11, 2016, our President and CEO Kathy Brown was among the leaders participating in the celebration of the UN’s International Day of Women & Girls in Science at the United Nations Headquarters in New York. You can watch live starting at 10:00am US Eastern (UTC-5) at a link available from:


As shown in the event program, Kathy spoke in the second block of speakers from 11:40 – 13:00. The block is titled “Policy Imperatives for Women and Girls in Science” and includes the following participants:

  • Opening Remarks by Chair: Ms. Daniela Bas, Director of Division of Social Policy and Development, Department of Economic and Social Affairs,
  • H.E. Ms. Veronika Skvortsova, Minister of Health, Russian Federation
  • Hon. Mr. Michael Browne, Minister of Education, Science and Technology, Antigua and Barbuda
  • Ms. Kathryn Brown, President and CEO, Internet Society
  • Ms. Jacqueline McGlade, Chief Scientist, Director, Division of Early Warning and Assessment, United Nations Environment Programme (UNEP) – Video Message
  • Hon. Mr. Samy Gemayel MP, Lebanon
  • Deputy Permanent Representative of Tunisia to the UN, H.E. Mr. M. Riadh Ben Sliman
  • Professor William Best, Professor of Practice Electrical and Computer Engineering and co-Director of Lehigh’s innovative IDEAS, Lehigh University, USA
  • Vinicius Pinheiro, Director and Special Representative of the International Labour Organization Liaison Office to the United Nations
  • Youth Remarks: Elena Martin and Sonja Gorman, Lehigh University, USA

We are pleased that Kathy received this opportunity to speak as it fits in well with our overall efforts to shine more light on the amazing work women are doing in technology.

Please help spread the word on social networks and through whatever other methods make sense. On social networks, the use of the hashtag #dayofwomeninscience is being encouraged (ex. on Twitter and on Facebook). You can also find out more information at


Deploy360 Domain Name System Security Extensions (DNSSEC) Events IPv6 To archive

Our Hot Topics at IETF 94 & Meet Deploy360

Yokohama IETF 94Next week is IETF 94 in Yokohama, Japan and Deploy360 will as ever be following the latest IPv6, DNSSEC, Securing BGP, TLS and anti-spoofing developments. Both Jan Žorž and Megan Kruse will on site in Yokohama, so if you have any questions about Deploy360 activities or would like to help us accelerate the deployment of our key Internet technologies, then please get in contact with them!

The Deploy360 team is planning to be at the following sessions, although this is always subject to change as Megan also has her IETF Journal responsibilities:

Monday, 2 November 2015

Tuesday, 3 November 2015

Wednesday, 4 November 2015

Thursday, 5 November 2015

Friday, 6 November 2015

The Internet Society has also put together its latest Rough Guide to the IETF 94, and will again be covering wider developments over on the Tech Matters Blog.  In particular, see:

If you can’t get to Yokohama next week, you can attend remotely!  Just visit the IETF 94 remote participation page or check out for more options.

Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

Watch Live Today – DNSSEC For Everybody: A Beginner's Guide – ICANN 54

ICANN 54 logoWant to understand what DNSSEC is all about?  Would you like to understand how DNSSEC helps make DNS more secure?  And why DNSSEC is important?

Today (19 October 2015) in just under two hours at 5:30 pm Irish Summer Time (IST – UTC+1) we’ll be streaming the “DNSSEC For Everyone – A Beginner’s Guide” session live out of ICANN 54 in Dublin, Ireland. This is a fun session that takes a humorous view on DNSSEC… and includes a number of people acting out a skit showing how DNS and DNSSEC work! 🙂  We throw in some caveman… and I spend some time talking about blue smoke!

Feedback from past sessions is that this all has helped people understand better how this all works – and so we encourage you to watch if you can.  The session is scheduled for 90 minutes, but the first 45 is typically the presentation and then the remainder is a question and answer period.

You can watch the video and slides for the session at:

A live video stream is available at:

An audio-only streaming option is also available from the session page on the ICANN 54 web site.

The session begins at 5:30 pm IST in Dublin, which is also 6:30 pm in central Europe and 12:30 pm in US Eastern time.

If you can’t watch the event live, it will be recorded and an archive will be available sometime after ICANN 54 on the session page.

And if you want to get started understanding DNSSEC and DANE, please head on over to our Start Here page to find resources to help you begin!