Donate
Rough Guide to IETF 92: DNSSEC, DANE and DNS Security Thumbnail
‹ Back
Domain Name System (DNS) 18 March 2015

Rough Guide to IETF 92: DNSSEC, DANE and DNS Security

Dan York
By Dan YorkDirector of Web Strategy

As per usual, DNSSEC, DANE and DNS security in general are all topics of great attention at IETF 92. The major DNS-related working groups, DNSOP and DANE, are both meeting with busy agendas and the DPRIVE working group is back again with a focus on DNS privacy concerns. Here is a rough view of what the week looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely and listen to these sessions.

DNS PRIVate Exchange (DPRIVE)

Starting out the week on Monday from 15:20-16:50 will be the second meeting of the DPRIVE Working Group that is chartered to develop: “mechanisms to provide confidentiality to DNS transactions, to address concerns surrounding pervasive monitoring.” As the DPRIVE agenda for IETF 92 shows, there should be a good set of discussions about how we can make DNS transactions more secure and confidential.  I’m looking forward to this session!

DNS Operations (DNSOP)

Tuesday afternoon from 15:20-17:20 CDT the DNSOP Working Group has a full agenda that includes some drafts around securing DNS in general (ex. QNAME minimization, restricting DNS meta-queries) as well as some new work about DNS terminology, reserving new TLDs and operational issues with DNS.  The most relevant draft to DNSSEC will be draft-fujiwara-dnsop-nsec-aggressiveuse looking at ways to improve the use of NSEC/NSEC3 to indicate non-existance of domain names.  Overall, though, it should be a strong session looking at ways to make DNS more secure!

DNS-based Authentication of Named Entities (DANE)

Immediately following DNSOP, the working group looking after the DANE protocol  will be meeting from 17:30-18:30 CDT to discuss how various other protocols can use DANE / DNSSEC to provide a higher level of security for TLS (SSL) certificates. At the moment I am writing this, the meeting agenda only lists updates from Glen Wiley and Eric Osterweil to the S/MIME library, but we’ll have to see what else gets added. The DANE mailing list has been extremely actively lately and the topics under discussion there may get some time at the Dallas meeting.

Extensible Provisioning Protocol Extensions (EPPEXT)

In the unenviable final session on Friday from 11:50-13:20 CDT, the EPPEXT working group will be meeting to discuss extensions to the EPP protocol used between DNS registrars, registries and similar entities.  An agenda has not yet been posted but the group has a number of documents under active consideration and many participants will also have attended the Registration Operations Workshop on the Sunday prior to IETF 92.  Of most interest to us here are the extensions being proposed that will further automate DNSSEC operations and deployment.

Other Working Groups

Beyond the groups listed above, we’ll also be monitoring working groups such as DNSSD, HOMENET and TRANS.  While none of these groups have anything on their IETF 92 agendas specifically related to DNSSEC or DANE, the topics of DNS security or certificates do come up and its interesting to understand how they may or may not interact with other DNS security efforts.

Bits-and-Bites

Outside of the regular working group sessions, on Thursday evening from 19:00-21:00 CDT there will be the “Bits-and-Bites” reception where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

It will be a busy week – but the outcomes of all these sessions should go far to make the DNS more secure!

P.S. For more information about DNSSEC and DANE and how you can get them deployed for your networks and domains, please see our Deploy360 site:

Relevant Working Groups at IETF 92:

dprive (DNS PRIVate Exchange) WG
Monday, 23 March 2015, 1520-1650 CDT, Venetian
Agenda: https://datatracker.ietf.org/meeting/92/agenda/dprive/ 
Documents: https://datatracker.ietf.org/wg/dprive/
Charter: http://tools.ietf.org/wg/dprive/charters/

dnsop (DNS Operations) WG
Tuesday, 24 March 2015, 1520-1720 CDT, Gold
Agenda: https://datatracker.ietf.org/meeting/92/agenda/dnsop/ 
Documents: https://datatracker.ietf.org/wg/dnsop/
Charter: http://tools.ietf.org/wg/dnsop/charters/

dane (DNS-based Authentication of Named Entities) WG 
Tuesday, 24 March 2015, 1730-1830 CDT, Venetian
Agenda: https://datatracker.ietf.org/meeting/92/agenda/dane/
Documents: https://datatracker.ietf.org/wg/dane/
Charter: http://datatracker.ietf.org/wg/dane/charter/

eppext (Extensible Provisioning Protocol Extensions) WG 
Friday, 27 March 2015, 1150-1320 CDT, Oak
Agenda: https://datatracker.ietf.org/meeting/92/agenda/eppext/ 
Documents: https://datatracker.ietf.org/wg/eppext/ 
Charter: https://datatracker.ietf.org/wg/eppext/charter/

Follow Us

There’s a lot going on next week, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blogTwitterFacebookGoogle+, via RSS, or see http://www.internetsociety.org/rough-guide-ietf92.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy
Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy
IETF13 July 2018

Rough Guide to IETF 102: DNSSEC, DNS Security and Privacy

DNS privacy will receive a large focus in the latter half of the IETF 102 week with attention in the...

Rough Guide to IETF 91: DNSSEC, DANE and DNS Security
Rough Guide to IETF 91: DNSSEC, DANE and DNS Security
Domain Name System (DNS)5 November 2014

Rough Guide to IETF 91: DNSSEC, DANE and DNS Security

IETF 91 will once again be busy for those of us interested in DNSSEC, DANE and DNS security in general. Two...

Rough Guide to IETF 93: DNSSEC, DANE, DPRIVE and DNS Security
Rough Guide to IETF 93: DNSSEC, DANE, DPRIVE and DNS Security
Domain Name System Security Extensions (DNSSEC)15 July 2015

Rough Guide to IETF 93: DNSSEC, DANE, DPRIVE and DNS Security

Wow! There is a crazy amount of DNS activity happening at IETF 93 next week in Prague! Beyond the usual...

Join the conversation with Internet Society members around the world