se dnssec
play

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing - PowerPoint PPT Presentation

Dec 07, 2023 •334 likes •584 views

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

  1. . SE-DNSSEC . SE’s DNSSEC service Staffan.Hagnell@iis.se

  2. .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001

  3. .SE’s challenge • To make DNSSEC into a service… • …to coordinate all parties needed to add value to the service and to get the market started

  4. Begin with a study of the value chain! Domain name Internet Applications ICANN/IANA DNS Registrants users Resolver .SE registry .SE registrar DNS Name Service Provider

  5. Does the Registrants want DNSSEC? • Market research, November 2006 • Survey to .SE domain name holders • 1 406 randomly selected, and 259 answers (20%).

  6. How interesting is DNSSEC? .SE is planning the commercial launch of .SE-DNSSEC. How interesting is this to you/your company? Quite 51% Ganska 51% Very 14% Mycket 14% Not at all 6% Inte alls 6% Inte särskilt 29% Not particularly 29% 259 answers Bas= 259 st

  7. Are you willing to pay? How would you react to an annual charge of €50 for this service? Quite low 22% Ganska låg 22% Very low 2% Mycket låg 2% Rather high 54% Ganska hög 54% Very high 22% Mycket hög 22% 259 answers Bas= 259 st The survey indicated €20-€30 to be reasonable price

  8. DNSSEC – values • Today’s use • Connection to web sites • Delivery of e-mail – where it is going and where it comes from • Logging – to whom does the IP address belong? • Tomorrow • IP-telephony (SIP, ENUM) • E-mail • DomainKeys Identified Mail, DKIM • SPF, Sender Policy Framework • DNSSEC adapted applications • IPsec, SSH, PGP, … • DNS as a repository for certificates and keys? • DNS is becoming a more important infrastructure!

  9. Create value - phase 1 • Validation of DNS data is done in Resolvers • IP resolver • Resolver in local server • Value in phase 1 • When validation is done close to the user, exposure of unprotected DNS data decreases • Phase 2 • Validation made by applications

  10. Phase 2 Internet Users Participants needed to crate value? Applications Resolver Operators Resolver Operators .SE .SE Phase 1 DNS Name DNS Name Service Providers Service Providers .SE Regsitrars .SE Regsitrars Registrants Registrants

  11. Pricing strategy for .SE-DNSSEC • Caution! • Greater risks and problems with a rapid market penetration • Pricing to stimulate all parties involved • Small volume makes it safer for resolver operators to start • Sales commission to registrars selling .SE-DNSSEC • Need time for system development at .SE • Establishment subsidies to name server providers • We want DNSSEC to be a deliberate choice • In order to emphasise the importance of the service • In order for name service providers to maintain good quality

  12. Pricing strategy Start An additional service Add-on at lesser cost Bundled together with the domain name Domain with DNSSEC cheaper than without?

  13. Necessary activities for phase 1 • Target groups • Pilot Registrants • .SE Registrars • DNS Name Service Providers • .SE • Resolver Operators

  14. Registrants • Market survey • Should be handled by Registrars • …but .SE will work with important pilot customers • Governmental institutions • Banking and finance • Universities • Early adopters with technical interest • Campaign • Information to all .SE registrants • Newsletter • Public relations • Articles etc.

  15. DNS Name Service Providers • Those hosting and running DNS for the Registrants • Who are they? • How can we attract them to offer high-quality DNSSEC services?

  16. .SE Domains by DNS Name Service Providers (NSP’s) % of the total numbers of .SE-domains 45 40 35 30 25 20 15 10 5 0 4 NSP's with 51 NSP's 285 NSP's 1.401 NSP's 11.025 NSP's >10.000 .SE- with 9999- with 999-100 with 99-10 with < 10 domains 1000 domains domains domains domians In total: 12 ,766 DNS Name Service Providers, March 2007

  17. Share of domains held by largest DNS Name Service Providers 120,0 100 98,8 94,2 100,0 79,4 80,0 60,0 49,4 40,0 20,0 0,0 Top 10 Top 100 Top 1000 Top 6383 Total 12766

  18. .SE registars are DNS Name Service Providers as well Estimated share of .se domains run by registrars 90 80 70 60 50 40 30 20 10 0 .SE Registrars Non .SE Registrars

  19. Activities for DNS Name Service Providers • Development • Supply one or more reference platform with automated tools for the administration of DNSSEC • Possibility of establishment subsidy • Education • Courses • Work shops

  20. .SE’s registrars • Five registrars from day 1 • Drive for getting more Registrars to provide DNSSEC • Kick-back on first 5,000 registrations • Establishment subsidies • Offer direct registration if not a functioning reseller market occurs!

  21. Resolver operators • Who are they? • .SE answers to anyone who asks! • Tens of thousands of resolvers throughout the world • Pilots • The four largest ISP’s covers 80-90 % of the Swedish market for broad band connection • They are positive to DNSSEC • How to distribute .SE’s public keys for DNSSEC?

  22. .SE’s internal work � Key signing and signing of the .SE zone • Some of our work • Development of .SE’s system for customer administration • Manual administration in the meantime • Signing of .SE’s own domains • Test tools for DNSSEC on customer domains • Additional agreement to contracts with registrars and domain name holders • ….

  23. Key findings • Bigger interest for DNSSEC than we expected. Registrants • Often, before applying DNSSEC the present DNS Name Service should be reviewed. • Requirements of system adjustment and development. .SE Registrars • With some exceptions, the Registrars has to be motivated • The market is consolidating. A few large players. DNS Name Service • The service (DNS) is taken for granted (at no cost) and the Providers quality isn’t an issue. • Tools for administration of DNSSEC is lacking. • Requirements of system development .SE • Good start! The large Swedish ISP’s are willing to enable Resolvers DNSSEC in their resolvers serving their customers Applications Missing Users How to make them DNSSEC aware?

  24. Conclusion • We have started with DNSSEC! • Pilot Registrants, .SE registrars, DNS Name Service Providers, .SE, Resolver operators • We will continue our dedicated work to spread DNSSEC within .SE! • We encourage all Registrars, DNS Name Service provider, Resolvers to begin now • It’s easy now when the volumes still are low • You will need time to develop your internal systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that let your computer false

609 views • 34 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry experienced 30th April 2015-- Longest mornings I have ever had. Day started as usual but takes a turn at 9:30am Great day turns to a

449 views • 11 slides
DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010 Sara Monteiro Technical Infrastructure Service of DNS.PT Agenda ! About us ! Scope ! Goals ! Initiatives and Support ! Developments on .pt ! Next Steps

468 views • 11 slides
13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff Team Cymru 1 Where is the DNSSEC? We make no endorsement of DNSSEC here We offer no repudiation of DNSSEC here The considerations herein

543 views • 31 slides
DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC Wes Hardaker &lt;wes.hardaker@parsons.com&gt; Overview Business Model Changes Relationship Requirements Relationship with your DNS parent

407 views • 25 slides
DNSSEC security without maintenance ... with the right software and registry Petr paek

DNSSEC security without maintenance ... with the right software and registry Petr paek

DNSSEC security without maintenance ... with the right software and registry Petr paek petr.spacek@nic.cz 2019-02-03 1w Redraw max 1y 6m 3m 1m 5d 1h 1d 30 ~ 19 % DNSSEC? Who cares? DNSSEC Validation Capability Metrics

433 views • 25 slides
DNSSEC usage sta-s-cs and some observa-ons SEE 5, Tirana Sergey Myasoedov 20.4.2016 DNSSEC

DNSSEC usage sta-s-cs and some observa-ons SEE 5, Tirana Sergey Myasoedov 20.4.2016 DNSSEC

DNSSEC usage sta-s-cs and some observa-ons SEE 5, Tirana Sergey Myasoedov 20.4.2016 DNSSEC history Defined by RFCs 4033-4035 March 2005 Root zone signed July 2010 March 2011 the biggest zone .com signed New GTLD

811 views • 32 slides
DNSSEC at Scale Dani Grant | DNS @ CloudFlare CloudFlare - Authoritative DNS provider (includes

DNSSEC at Scale Dani Grant | DNS @ CloudFlare CloudFlare - Authoritative DNS provider (includes

DNSSEC at Scale Dani Grant | DNS @ CloudFlare CloudFlare - Authoritative DNS provider (includes DNSSEC for free) - 4M+ domains - 40+ billion queries per day - 76 edge locations in 40 countries (growing) DNSSEC at Scale 1. Elliptic

597 views • 34 slides
Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based

Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based

Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based on current DNSSEC deployments in .com, .net and .org Introduction DNSSEC deployment has taken off, but there are still operational issues

408 views • 16 slides
PageRank algorithms for changing networks and analysis of big data Pitos Seleka Biganda

PageRank algorithms for changing networks and analysis of big data Pitos Seleka Biganda

PageRank algorithms for changing networks and analysis of big data Pitos Seleka Biganda Department of Mathematics, University of Dar es Salaam Division of Applied Mathematics, The School of Education, Culture and Communication, M alardalen

486 views • 6 slides
Mathematical Methods and Computational Algorithms for Complex Networks Benard Abola Division of

Mathematical Methods and Computational Algorithms for Complex Networks Benard Abola Division of

Mathematical Methods and Computational Algorithms for Complex Networks Benard Abola Division of Applied Mathematics, M alardalen University Department of Mathematics, Makerere University First Network Meeting for Sida- and ISP-funded PhD

516 views • 6 slides
Assessing Cooperation in Organizational Cultures A suggested tool for measuring and intervening

Assessing Cooperation in Organizational Cultures A suggested tool for measuring and intervening

Assessing Cooperation in Organizational Cultures A suggested tool for measuring and intervening on interlocking organizational behavior Marco Tagliabue Magnus Johansson 18/08/2018 MARCO TAGLIABUE, PHD CANDIDATE, DEPARTMENT OF BEHAVIORAL

379 views • 20 slides
1. Val av ordfrande vid stmman 2. Upprttande och godknnande av rstlngd 3. Val av en

1. Val av ordfrande vid stmman 2. Upprttande och godknnande av rstlngd 3. Val av en

Vlkommen till Rederi AB TransAtlantic rsstmma 2014 1. Val av ordfrande vid stmman 2. Upprttande och godknnande av rstlngd 3. Val av en eller tv justeringsmn 4. Prvning av om stmman blivit behrigen sammankallad

732 views • 45 slides
LETS VOTE! A 21 ST CENTURY CONNECTED HOTEL MYTH OR FACT? WHERE IT ALL BEGAN 2017 IN HINDSIGHT

LETS VOTE! A 21 ST CENTURY CONNECTED HOTEL MYTH OR FACT? WHERE IT ALL BEGAN 2017 IN HINDSIGHT

LETS VOTE! A 21 ST CENTURY CONNECTED HOTEL MYTH OR FACT? WHERE IT ALL BEGAN 2017 IN HINDSIGHT EXPERIENCES BEYOND THE HOTEL CO-EVERYTHING DATA INTERPRETATION IS THE ULTIMATE INTELLIGENCE LUXURY THATS LEANER AND

796 views • 25 slides
UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs &amp; JOURNALIST ON UNCAC REVIEW

UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs &amp; JOURNALIST ON UNCAC REVIEW

UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs &amp; JOURNALIST ON UNCAC REVIEW PROCESS Organised By: Africa Network For Environment &amp; Economic Justice (ANEEJ) With Support From: European Union under the 10th European

587 views • 31 slides
DigiVET London Meeting 19-21/11/2019 The European Commission support for the production of this

DigiVET London Meeting 19-21/11/2019 The European Commission support for the production of this

DigiVET London Meeting 19-21/11/2019 The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held

129 views • 9 slides
Market George Soleas, President &amp; CEO, LCBO Spirit &amp; Vinleverantrsfreningen

Market George Soleas, President &amp; CEO, LCBO Spirit &amp; Vinleverantrsfreningen

The LCBO and the Future of our Market George Soleas, President &amp; CEO, LCBO Spirit &amp; Vinleverantrsfreningen November 14, 2018 The Canadian Landscape Importations of beverage alcohol into Canada are consigned with provinces

691 views • 33 slides

More recommend