DPS framework DNSSEC Policy and Practice Statement framework - - PowerPoint PPT Presentation

dps framework
SMART_READER_LITE
LIVE PREVIEW

DPS framework DNSSEC Policy and Practice Statement framework - - PowerPoint PPT Presentation

Oct 21, 2022 135 likes •238 views

DPS framework DNSSEC Policy and Practice Statement framework draft-ietf-dnsop-dnssec-dps-framework-01 !"#$" Authors Fredrik Ljunggren, Kirei AB Anne-Marie Eklund Lwinder, .SE Tomofumi Okubo, VeriSign !"#$" Kirei AB 10

slide-1
SLIDE 1

!"#$"

DPS framework

DNSSEC Policy and Practice Statement framework draft-ietf-dnsop-dnssec-dps-framework-01

slide-2
SLIDE 2

!"#$"

Authors

Fredrik Ljunggren, Kirei AB Anne-Marie Eklund Löwinder, .SE Tomofumi Okubo, VeriSign

slide-3
SLIDE 3

!"#$"

Kirei AB

10 years of experience from DNSSEC

» Information Security Management

  • DNSSEC Policies and Procedures

» Security Analysis & System Architecture

  • .SE in 2006
  • Root DNSSEC Design Team 2010

» Research & Development

  • IETF standardisation, OpenDNSSEC
slide-4
SLIDE 4

!"#$"

DNSSEC Policy

Requirements Governing DNSSEC Operations

» sets forth the requirements and standards to be

implemented for a DNSSEC signed zone.

» can be used by TLD managers or regulatory authorities to

express requirements to a registry operator

» can also be used to define a standard, which a registry

may choose to follow

» auditable

»»

slide-5
SLIDE 5

!"#$"

DNSSEC Practice Statement

Operational Practices Disclosure document

» Provide a level of assurance and transparency to the

stakeholders relying on the security of the operations

» MAY support a DNSSEC Policy by explaining how it

meets the requirements of the Policy.

slide-6
SLIDE 6

!"#$"

DPS Framework

» a framework to assist writers of DP/DPS » identifies the elements that should be considered in

formulating a DP/DPS (and when implementing DNSSEC)

» may be used as a check sheet for DNSSEC readiness at a

high level

slide-7
SLIDE 7

!"#$"

DPS Framework

» does not define a particular Policy or Practice Statement » does not aim to provide advice or recommendations as to

particular requirements or practices

slide-8
SLIDE 8

!"#$"

.SE revised DPS

» Based on the framework » Adapted to the new environment based on OpenDNSSEC » Licensed under a creative commons license » Find the current version at

https://www.iis.se/docs/se-dnssec-dps-eng.pdf

slide-9
SLIDE 9

!"#$"

Signing the root

» Based on the framework » Root Zone KSK/ZSK Operators DPSs » Find the current versions at

http://www.root-dnssec.org/documentation/

slide-10
SLIDE 10

!"#$"

Thank you

fredrik@kirei.se