Ralf Dolmans & Martin Hoffmann - DNSSEC: Rollin', Rollin', Rollin'
Abstract
This is a talk about the status of the planned DNSSEC root key rollover. The first part of the presentation is an introduction to DNSSEC and will cover how DNSSEC works and which keys are involved, why keys are rolled in DNSSEC, and how keys in DNSSEC are updated and retrieved by DNSSEC validators.
The second part of the presentation will cover the scheduled root key rollover, including the original time-line, the new methods to get an insight in the current status (and its limitations) and the reason why the key roll is postponed.
The last part will cover a study performed by Open Netlabs on the state of the RFC5011 implementation in various open source DNSSEC validators. RFC5011 describes a method to update DNSSEC keys and a proper implementation is crucial for the root key rollover.
Biography Martin Hoffmann
Martin is a systems architect at NLnet Labs. There, he is involved in various projects aiming to improve the stability, security, and privacy of the Internet.
While most of his current work revolves around the DNS, he previously lived further up the stack, developing and operating the server side of real-time communication and VoIP services.
Biography Ralph Dolmans
Ralph is a software developer at NLnet Labs and one of the core developers of Unbound and the internet.nl Internet standards compliance test website (DNS, DNSSEC, DANE, IPv6, TLS, DMARC/DKIM/SPF).
Ralph completed his MSc study System and Network Engineering at the University of Amsterdam. After his study, he started as a system and software engineer at NLnet Labs. At NLnet Labs his tasks are various, including writing code (implement RFCs), review Internet Drafts and send feedback to mailing lists.
Ralph is programme committee member for DNS-OARC and member of expert groups on usage of TLS and secure email (national and international fora).