[lacnog] Signing of the ARPA zone

Carlos A. Afonso ca en cafonso.ca
Mie Mar 24 08:08:11 BRT 2010 

Parece que faltan letras en el teclado de tu computadora. :) Un teclado 
nuevo cuesta muy poco ;)

--c.a.

Edgardo Leal wrote:
> hola creo ke se estan ekivocando con sus mails.... me han esatad mandando una informacion que desconosco y ke no me interesa:)
> 
> 
> 
>  
> 
> 
>  
> 
>> From: Joao en c-l-i.net
>> To: lacnog en lacnic.net
>> Date: Mon, 22 Mar 2010 18:03:06 -0700
>> Subject: Re: [lacnog] Signing of the ARPA zone
>>
>> no hay mucho que decir, la verdad.
>> La zona .arpa del DNS está ahora firmada con DNSSEC y se está 
>> trabajando en limpiar la estructura de delegaciones en arpa para a 
>> continuación firmar con DNSSEC las zonas contenidas en arpa (por 
>> ejemplo in-addr.arpa, ip6.arpa, etc), e164.arpa ya está firmada desde 
>> hace tiempo.
>> Ahora se pueden verificar las respuestas de DNS configurando la clave 
>> para .arpa en su servidor de nombres y a partir de julio, cuando se 
>> firme también la raíz del DNS (el dominio ".") se podrá seguir la 
>> cadena de verificaciones desde ahí.
>>
>> Posteriormente imagino que los RIRs irán firmando sus zonas bajo in- 
>> addr.arpa e ip6.arpa y asi hasta llegar hasta los usuarios del espacio 
>> de direcciones que mantienen su propio DNS inverso
>>
>> Saludos
>> Joao
>>
>> On 22 Mar 2010, at 17:26, Nicolás Ruiz wrote:
>>
>>> Podría alguien más familiarizado con todo este proceso comentar un 
>>> poco sobre esto? Yo en particular estoy bien crudo, pero no sé por 
>>> donde comenzar.
>>>
>>> nicolás
>>>
>>> Joe Abley wrote:
>>>> Colleagues,
>>>> This is a follow-up to the operational announcement regarding 
>>>> changes to the ARPA top-level domain that was sent on 2010-03-10. 
>>>> Apologies in advance for duplicates received through different 
>>>> mailing lists.
>>>> As of 2010-03-17 1630 UTC all the authoritative servers for ARPA 
>>>> are serving a signed ARPA zone.
>>>> We would like to solicit feedback from the technical community to 
>>>> allow us to identify any operational ill-effects that this change 
>>>> has caused. We will monitor this mailing list for feedback, and I 
>>>> will also distribute any feedback sent to me personally so that it 
>>>> can be considered.
>>>> If no harmful effects have been identified by 2010-03-21 the trust 
>>>> anchor for the ARPA zone will be published through the IANA ITAR at 
>>>> <https://itar.iana.org/>.
>>>> Regards,
>>>> Joe
>>>> Begin forwarded message:
>>>>> From: Joe Abley <joe.abley en icann.org>
>>>>> Date: 10 March 2010 16:13:46 EST
>>>>> To: Joe Abley <joe.abley en icann.org>
>>>>> Subject: Signing of the ARPA zone
>>>>>
>>>>> Colleagues,
>>>>>
>>>>> This is a technical, operational announcement regarding changes to 
>>>>> the ARPA top-level domain. Apologies in advance for duplicates 
>>>>> received through different mailing lists.
>>>>>
>>>>> No specific action is requested of operators. This message is for 
>>>>> your information only.
>>>>>
>>>>> The ARPA zone is about to be signed using DNSSEC. The technical 
>>>>> parameters by which ARPA will be signed are as follows:
>>>>>
>>>>> KSK Algorithm and Size: 2048 bit RSA
>>>>> KSK Rollover: every 2-5 years, scheduled rollover to follow RFC 5011
>>>>> KSK Signature Algorithm: SHA-256
>>>>> Validity period for signatures made with KSK: 15 days; new 
>>>>> signatures published every 10 days
>>>>> ZSK Algorithm and Size: 1024 bit RSA
>>>>> ZSK Rollover: every 3 months
>>>>> ZSK Signature Algorithm: SHA-256
>>>>> Authenticated proof of non-existence: NSEC
>>>>> Validity period for signatures made with ZSK: 7 days; zone 
>>>>> generated and re-signed twice per day
>>>>>
>>>>> The twelve root server operators [1] will begin to serve a signed 
>>>>> ARPA zone instead of the (current) unsigned ARPA zone during a 
>>>>> maintenance window which will open at 2010-03-15 0001 UTC and 
>>>>> close at 2010-03-17 2359 UTC. Individual root server operators 
>>>>> will carry out their maintenance at times within that window 
>>>>> according to their own operational preference.
>>>>>
>>>>> The trust anchor for the ARPA zone will be published in the ITAR 
>>>>> [2], and in the root zone in the form of a DS record once the root 
>>>>> zone is signed.
>>>>>
>>>>> If you have any concerns or require further information, please 
>>>>> let me know.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>> Joe Abley
>>>>> Director DNS Operations, ICANN
>>>>>
>>>>> [1] <http://www.root-servers.org/>
>>>>> [2] <https://itar.iana.org/>
>>>> _______________________________________________
>>>> LACNOG mailing list
>>>> LACNOG en lacnic.net
>>>> https://mail.lacnic.net/mailman/listinfo/lacnog
>>> _______________________________________________
>>> LACNOG mailing list
>>> LACNOG en lacnic.net
>>> https://mail.lacnic.net/mailman/listinfo/lacnog
>> _______________________________________________
>> LACNOG mailing list
>> LACNOG en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/lacnog
>  		 	   		  
> _________________________________________________________________
> Prefiero un día sin coche que sin Messenger
> www.vivirmessenger.com
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog

Más información sobre la lista de distribución LACNOG