Public Workshop: DNSSEC Algorithm Rollover
- Sebastian Castro (NZRS)
Mr Geoff Huston (APNIC)
This is a report of one member's perspectives on the work of the Root Key Roll Design Team, looking at the various operational tradeoffs that were involved in preparing the plan to roll the root key. I would also like to make some comments on the state of standards and implementations of resolvers and the lack of clear standard specifications about how to signal a key roll. Where possible I...
Anand Buddhdev (RIPE NCC)
Algorithm roll-overs are part of any security system, because older algorithms lose their strength, and stronger and newer algorithms come along. At the RIPE NCC we recently rolled our algorithm from SHA1 and to SHA256. We had some interesting issues, and I'd like to talk about them, especially as more people may want to consider rolling their algorithms now. Amongst these issues were...
Dr Benno Overeinder (NLnet Labs) , Dan York (Internet Society) , Evan Hunt (ISC) , Jan Včelák (CZ.NIC) , Mr Ondrej Sury (CZ.NIC) , Paul Wouters (Redhat) , Mr Ralf Weber (Nominum Inc)
This is a proposal to have a discussion panel with DNS vendors (ISC, NlNetLabs, PowerDNS, CZ.NIC, Nominum, Microsoft) and people from operating systems and Linux distros (Microsoft, Debian, Ubuntu, RedHat, SuSE) to come and discuss challenges of introducing new and deprecating old DNS(SEC) algorithms. The proposed moderators are Dan York and Olaf Kolkman as neutral moderators. Also invited...