‹ Back
Deploy360 22 January 2014

ION Toronto – Deploying DNSSEC: A .CA Case Study

Megan Kruse
By Megan KruseDirector, Partner Engagement and Communications

ION Toronto LogoThis week we’ll be highlighting sessions from our last ION Conference in Toronto, Canada.

At ION Toronto in November, Jacques Latour from the Canadian Internet Registration Authority (CIRA) gave an interesting talk on the ongoing work to deploy DNSSEC for the .CA ccTLD. From the session abstract:

CIRA has completed two phases of a three-phased approach to implement DNSSEC on the .CA country code Top Level Domain (ccTLD). First, they released a DNSSEC Practice Statement for comment, providing an operational outline of how CIRA plans to develop, maintain and manage DNSSEC deployment for .CA. Next, they held a key signing ceremony where they generated the cryptographic digital key that is used to secure the .CA zone. On January 21, 2013, CIRA published a signed .CA zone file, and on January 23, the .CA DS record was submitted to the Internet Assigned Numbers Authority (IANA). The next phase of CIRA’s work in implementing DNSSEC is to make the necessary upgrades to ready the registry system for transacting DNSSEC-enabled .CA domain names. This work is expected to be complete in 2014. Once complete, CIRA will be able to register DNSSEC-enabled .CA domain names.

This session will explore CIRA’s technical solution for deploying DNSSEC support in the .CA registry. With our goal of making it easier for registrars, registrants and DNS operator to support any combination of DS and DNSKEY registration. We will take a quick look at our DNSSEC awareness strategy, the status/progress of .CA signed domains, and our lessons learned and challenges for increasing numbers of signed domain names.

The .CA Case Study video is now on YouTube:

Jacques’ slides are also available:

A huge thank you to everyone who joined us in Toronto in person or via the webcast (especially if you joined us over IPv6!). It was a great event thanks to our co-location partner, the Canadian ISP Summit, and our sponsor, Afilias.

We’d love to hear your feedback on these sessions or the ION Conferences as a whole. Talk to us!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...

Join the conversation with Internet Society members around the world