Donate
‹ Back
Deploy360 22 May 2017

CaribNOG 13: Let’s Encrypt & DANE

Kevin Meynell
By Kevin MeynellSenior Manager, Technical and Operational Engagement

The 13th Caribbean Network Operators’ Group (CaribNOG 13) was held on 18-19 April 2017 in Barbados. Around 30 participants from around the Caribbean came together to discuss operational issues and share expertise about evolving the Internet in the region, which was sponsored by the Internet Society along with others.

Kevin Meynell from the Deploy360 team attended the event and presented on Let’s Encrypt which is a free, automated and open Certificate Authority (CA) that’s encouraging the deployment of TLS and encrypted Internet communications. The aim is to have 100% of Internet encrypted, and CAs are currently need to validate domains and link them with the public keys used to establish encrypted connections.

The other benefit of Let’s Encrypt is that it uses the Automated Certificate Management Environment (ACME) to provide an API for requesting, validating, revoking and otherwise managing certificates. This is also currently being standardised through the IETF.

The inherent weakness of using any CA though, is they’re third parties that are able to issue certificates for any name or organisation. DANE is a protocol that instead allows certificates to be cryptographically bound to DNS names, and as we’ve discussed before, can be used in conjunction with Let’s Encrypt certificates to facilitate encrypted communications between hosts validated with DNSSEC.

There were a couple of other presentations with Deploy360 relevance. Kevon Swift (LACNIC) provided an overview on IPv6 Deployment and Impact in the LAC region. IPv6 deployment in the LAC region still remained fairly low, although Ecuador, Peru, and Trinidad and Tobago were in the Top 20 countries for IPv6 deployment with rates between 15 and 20%.

LACNIC had therefore commissioned a report in conjunction with the Development Bank of Latin America to examine IPv6 deployment in the region. This had led to several recommendations that included adjustments to regulatory frameworks and policies to facilitate IPv6 deployment, more support for research and education networks who were agents for innovation, and develop road maps to encourage timely transition to IPv6.

The other presentation was from Mark Kosters (ARIN) about Cloud Computing and DNSSEC Considerations. This discussed the issues of using DNSSEC with shared systems and how to ensure you have the right connections for sensitive information. How also does a cloud provider ensure isolation between clients?

Last but not least, we should also mention that our colleague Shernon Osepa from ISOC’s Latin America and Caribbean Bureau was at the meeting too, and provided an update on our activities in the Caribbean.

All the presentations from the meeting can be found on the CaribNOG website.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Internet Society Supports the Let’s Encrypt Initiative to Increase End-to-End Encryption
Internet Society Supports the Let’s Encrypt Initiative to Increase End-to-End Encryption
Encryption8 October 2015

Internet Society Supports the Let’s Encrypt Initiative to Increase End-to-End Encryption

The Internet Society sees encryption as a new norm to enhance the security of, and thereby trust in, the Internet....

Let's Encrypt hits 1 million certificates
Deploy36014 March 2016

Let’s Encrypt hits 1 million certificates

Early last week, Let's Encrypt issued its one millionth certificate, a impressive achievement considering it only entered its public beta phase just...

RIPE 71 - Highlights from Day 1
Deploy36017 November 2015

RIPE 71 – Highlights from Day 1

The RIPE 71 meeting is happening this week in Bucharest and each day we'll be highlighting the presentations and activities related to...

Join the conversation with Internet Society members around the world