DENIC@DNSSEC Day on 30 June 2015
On 30 June 2015, DENIC will organise the DNSSEC Day in cooperation with the Federal Office for Information Security (BSI) and the news portal heise online. The focal aim of the event is to explain the benefits and application options DNSSEC offers for users and administrators.DNSSEC is currently gaining momentum because new applications have been made available. One of them is DANE. Based on DNSSEC, DANE is used to store certificates in the DNS and to safely deliver them to the end user. It enables securing additional Internet services by encryption. Currently it is most frequently applied to mail transport.
DENIC, the registry managing the German .de domains, welcomes the growing interest in DNSSEC and DANE. It wants to make known the technology and the processes to a wider public and explain the options and benefits they offer.
On the DNSSEC Day, the various aspects of DNSSEC will be introduced by brief explanatory presentations, which will provide a basis for starting the discussion on the following key issues:
- Validation: What is the benefit of DNSSEC for me as a user?
- Signing: How do I apply DNSSEC in my role as a domain holder?
- DANE: What do DNSSEC-based services like DANE and similar services offer?
You can follow the live stream on 30 June 2015 from 14:00 to 18:00 CEST at www.heisenetze.de/dnssec-day or engage in the discussion via the online forum.
DNSSEC for .de
DNSSEC is an extension of the DNS (Domain Name System). Originally, it was developed to close the security gap represented by the DNS cache poisoning. In the future, DNSSEC will be used more extensively as one of the building blocks of the security architecture. It will serve to create new applications on the basis of the DNS.DENIC has supported DNSSEC for .de domains since 2011. At present, roughly 27,000 .de domains are signed with DNSSEC.
Already in 2009, DENIC, the Federal Agency for Security in Information Technology (BSI) and the Association of the German Internet Economy eco e.V. jointly launched a testbed in order to get prepared for the introduction of DNSSEC.
Background Information:About DNSSEC
DNSSEC provides security by source authentication, i.e. by securing the path from the DNS servers to the validating DNS clients. Intermediate resolvers and their cashes are part of the security chain. The applied signature reveals if the data were actually generated by the authority entitled to do so. At the same time, securing data integrity protects the DNS data against forging during transport. However, DNSSEC cannot provide any information about the correctness of the data initially stored. Neither can it be used to identify domain hijacking or manipulations of the registration processes.