The first major initiative, organized by the GCSEC, was the “Domain Name System Security DNSSEC Workshop” that was held on June 30 and July 1, 2010, at Poste Italiane, viale Europa 175, in Rome, Italy.
The Workshop was designed for executives and senior technical personnel with management responsibilities. DNSSEC is the security extension to the DNS protocol. It protects the integrity of the information passed through the DNS name servers so the end system is assured of receiving correct answers to its queries. DNSSEC removes the vulnerabilities in the domain name system document identified by Dan Kaminsky in 2008*.
DNSSEC is being implemented throughout the entire domain name system. Several top level domains have already signed their zones, including Sweden, the Czech Republic and several other countries in Europe and around the world.
The root of DNS will be signed in July 2010. Major generic top level domains are either signed now, e.g. ORG and GOV, will be signed shortly, e.g. EDU, NET and COM.
The objectives of this workshop were:
• to promote the adoption of DNSSEC globally, with a focus on the key sectors in Italy and in neighboring countries in
Europe, the Middle Eastand North Africa;
• to contribute to building a framework for similar initiatives in other partsof the world.
Within Italy and these countries, the goal was to foster the adoption and deployment of DNSSEC within the top level
domain (e.g., .IT), within the .POST domain, and within the government, banking, Internet Service Providers (ISPs), and
university sectors as rapidly as possible.
Intended Workshop Attendees
The Workshop was designed for executives and senior technical personnel with management responsibilities from Registries, Registrars, Telcos/ISP, Large Operators and Senior Government Officials responsible/involved with Internet Governance.
More than 100 experts from 17 countries participated in the workshop.
The Workshop provided a compact overview of what DNSSEC is, why it is necessary, and what it takes to implement it. More then 20 experts from Europe and the U.S. with extensive experience in deploying DNSSEC, including government, registry, research and vendor representatives gave comprehensive briefings answering to several questions and creating a trusted environment during the Workshop.
The intent of the Workshop was to inform senior management regarding the resources required and steps necessary to adopt DNSSEC.
The first part of the program was dedicated to an executive summary presentation particularly tailored to senior executives plus a demo that was attended also by Italian public policy representatives.
In the future GCSEC will organize other workshops and in-depth training on DNSSEC.
More information will be published on this website
*US-CERT Bulletin on DNS Cache Poisoning Vulnerability: http://www.kb.cert.org/vuls/id/800113
An illustrated guide to the vulnerability: http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html