2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions...
Transcript of 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions...
![Page 2: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/2.jpg)
EventsInformationInformationInformationInformation
• .SE Internet Guides.SE Internet Guides.SE Internet Guides.SE Internet Guides• Internet statisticsInternet statisticsInternet statisticsInternet statistics
Technical deploymentTechnical deploymentTechnical deploymentTechnical deployment
• DNSSECDNSSECDNSSECDNSSEC• IPv6IPv6IPv6IPv6
Tending the CommonTending the CommonTending the CommonTending the Common• Reliable eReliable eReliable eReliable e----mail (mail (mail (mail (AntispamAntispamAntispamAntispam))))
• Health check of Internet in SwedenHealth check of Internet in SwedenHealth check of Internet in SwedenHealth check of Internet in Sweden• Broadband tests of Internet accessesBroadband tests of Internet accessesBroadband tests of Internet accessesBroadband tests of Internet accesses
.SE’s Development of Internet
Internet FundInternet FundInternet FundInternet Fund
Specific segmentsSpecific segmentsSpecific segmentsSpecific segments
• Internet in schoolInternet in schoolInternet in schoolInternet in school• Internet for everyone Internet for everyone Internet for everyone Internet for everyone
IETF75
Annual
conference
![Page 3: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/3.jpg)
Reasoning
• We believe in perimeter defense• We shall do our part• We shall provide a high quality DNS service for .SE
• The DNS should be robust and deliver correct data.
• The need for reliable DNS data• By e-mail and Web
• Future - as a repository for security information for IPsec, SSH, PGP, DKIM …?
SE’s Vision:
Everybody should have an unique and secure address on the Internet
![Page 4: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/4.jpg)
DNSSEC Development steps
-
Project start, 2001
Signing of the .SE zone, Sep 2005
Feb 16, 2007
Sept, 2007
Mar, 2009
Fall, 2009
StandardDevelopment
SoftSoftSoftSoft
launchlaunchlaunchlaunch
with
Friendly
users
CommercialCommercialCommercialCommercial
launchlaunchlaunchlaunch
with
Manual
administration
AutomationAutomationAutomationAutomation
of the adminof the adminof the adminof the admin
to provide
volumes
New New New New
businessbusinessbusinessbusiness
model model model model
for .SEfor .SEfor .SEfor .SE
With EPP
New system New system New system New system
for key for key for key for key
managementmanagementmanagementmanagement
and zone and zone and zone and zone
signingsigningsigningsigning
With
OpenDNSSEC
![Page 5: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/5.jpg)
DNSSEC needs
Market Development
![Page 6: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/6.jpg)
“the value chain for the DNS”
Registrants
.SE registry
ICANN/IANA
DNS Name
Service
Provider
Registrars
DNS
the Domain Name tree
DNS
Resolver
Applications Internet
users
![Page 7: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/7.jpg)
ALL on board from the start!
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
![Page 8: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/8.jpg)
Key findings February 2009
No end user applications.
How to handle end user awareness?
Users
Future work with DNSSEC support for DKIM milterApplications
A wide operational experience exists.
There is an interest to find common solutions for TLD public key distribution.
Resolvers
Ongoing system development and efforts to promote DNSSEC among Registrars and key Registrants.
.SE
The lack of tools for key management and administration of DNSSEC are still an obstacle.
DNS Name Service Provider
A growing interest for DNSSEC, but many are still missing out.
.SE Registrar
There exists an interest in DNS and adopting DNSSEC, but obstacles exist to get it.
Registrants
![Page 9: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/9.jpg)
Does anybody want DNSSEC?
• Market research, November 2006
• Survey to .SE domain name holders
• 1 406 randomly selected, and 259 answers (20%).
![Page 10: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/10.jpg)
.SE is planning the commercial launch of .SE-DNSSEC. How interesting is this to you/your company?
Mycket 14%
Ganska 51%
Inte särskilt 29%
Inte alls 6%
Bas=259 st259 answers
Not at all 6%
Not particularly 29%
Interested 51%Very 14%
How interesting is DNSSEC?
![Page 11: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/11.jpg)
How would you react to an annual charge of €50 for this service? Is it high or low?
Mycket låg 2%
Ganska låg 22%
Ganska hög 54%
Mycket hög 22%
Bas=259 st259 answers
Very high 22%
Rather high 54%
Quite low 22%
Very low 2%
The survey indicated €20-€30 to be reasonable price
Are you willing to pay?
![Page 12: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/12.jpg)
Pricing strategy• An additional service• Kick-backs and establishment subsidiaries to registrars
• No add-on, natural part of the domain
•
Yearly fee
2007: 240 SEK (€ 26)
2008: 80 SEK (€ 8,5)
2009: 0 SEK
Rebate?
![Page 13: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/13.jpg)
.SE domains with DNSSEC
![Page 14: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/14.jpg)
![Page 15: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/15.jpg)
Domain name holders
..SE regsitrars
DNS Name
Service Providers
.SE
Resolver operato
rs
Domain name holders
.SE regsitrars
DNS Name
Service Providers
.SE
Resolver operato
rs
Phase 1
End user value?
Applicatio
ns
Internet users
Phase 2
![Page 16: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/16.jpg)
Resolvers
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
![Page 17: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/17.jpg)
DNS Name Service Provider
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
![Page 18: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/18.jpg)
Share of .SE domains held by largest DNS Name Service Providers (2008)
49,4
79,4
94,2 98,8 100
0,0
20,0
40,0
60,0
80,0
100,0
120,0
Top 10 Top 100 Top 1000 Top 6383 Total 12766
%
![Page 19: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/19.jpg)
.SE registars are DNS Name Service Providers as well
0102030405060708090
.SE Registrars Non .SE Registrars
Estimated share of .se domains run by registrars
![Page 20: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/20.jpg)
.SE’s registrars
• Five registrars from day 1• Drive for getting more Registrars
• Kick-back on first 5,000 registrations• Financial establishment support
• Today• Frobbit AB• Interlan Gefle AB• Gotlandica Internet (BRS - Intron AB)• Leissner Data AB• Loopia AB• NEware AB• Melbourne IT CBS• Yask• City Network Hosting AB• Larsen Data v/Peter Larsen• TDC Sverige AB
![Page 21: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/21.jpg)
![Page 22: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/22.jpg)
Expectation?
Penetration
Time
![Page 23: 2 Intro SE-DNSSEC Staffan Hagnell [Skrivskyddad] · There is an interest to find common solutions for TLD public key distribution. Resolvers Ongoing system development and efforts](https://reader034.fdocuments.in/reader034/viewer/2022050512/5f9c896e563a9024e62b4488/html5/thumbnails/23.jpg)
2010 Vision for DNSSEC
• DNSSEC is considered a natural part of DNS• DNSSEC is fully deployed
• by many important domains
• into many useful applications
• Ongoing work to increase End User Value