[LACNIC/Seguridad] Fwd: Root Zone DNSSEC Deployment Technical Status Update

Mar Ene 26 11:26:48 BRST 2010

Hola Francisco,

Qué pasó con la Firma?

Chris

2010/1/14 Francisco Arias <francisco en arias.com.mx>:
> Les transmito un mensaje de actualización sobre la firma de la zona raíz. Es
> de resaltar la publicación de varios documentos y el cambio de fecha para
> iniciar la publicación de la zona raíz firmada (aunque no verificable) en el
> serivor raíz L el 25 de enero próximo.
>
> Saludos,
>
> Francisco.
>
>
> ---------- Forwarded message ----------
> From: Joe Abley <jabley en hopcount.ca>
> Date: 2010/1/14
> Subject: [dns-operations] Root Zone DNSSEC Deployment Technical Status
> Update
> To: dns-operations en mail.dns-oarc.net
> Cc: rootsign en icann.org
>
>
> This is the second of a series of technical status updates intended
> to inform a technical audience on progress in signing the root zone
> of the DNS. Apologies if you receive multiple copies of this message.
>
>
> RESOURCES
>
> Details of the project, including documentation published to date,
> can be found at http://www.root-dnssec.org/.
>
> We'd like to hear from you. If you have feedback for us, please
> send it to rootsign en icann.org.
>
>
> DOCUMENTATION
>
> The following draft documents were recently published:
>
> - DNSSEC Deployment for the Root Zone
>
> - DNSSEC Trust Anchor Publication for the Root Zone
>
> The following documents are expected to be released as drafts within
> the next few weeks:
>
> - DNSSEC Test Plan for the Root Zone
>
> - KSK Holder DNSSEC Facility Requirements
>
>
> DEPLOYMENT STATUS
>
> A second KSR exchange between ICANN and VeriSign took place on
> 2009-12-28. Signing, validation, measurement and monitoring
> infrastructure continues to be tested.
>
> The incremental deployment of DNSSEC in the Root Zone is being
> carried out first by serving a Deliberately-Unvalidatable Root Zone
> (DURZ), and subsequently by a conventionally-signed root zone.
> Discussion of the approach can be found in the document "DNSSEC
> Deployment for the Root Zone", as well as in the technical presentations
> delivered at RIPE, NANOG, IETF and ICANN meetings.
>
> Internal publication of the DURZ to root server operators began on
> 7 January 2010, to allow root server operators to do internal testing
> and to refine internal monitoring or other operational systems.
> Note that all root servers will continue to serve the unsigned root
> zone during this internal testing of the DURZ.
>
> Full packet capture exercises are planned by root server operators
> on 2010-01-13 and 2010-01-19, with data being uploaded to OARC's
> Day in the Life (DITL) infrastructure, in preparation for the full
> packet captures that will take place during L's DURZ transition.
>
>
> PLANNED DEPLOYMENT SCHEDULE
>
> The recently-published deployment plan contains target maintenance
> windows for each root server's transition to serve the DURZ. The
> date for the first such transition, on the L root server, has been
> deferred slightly to accommodate more extensive data capture and
> measurement testing by all root servers, and also to allow an NSD
> upgrade to be tested and deployed on L.
>
> ICANN plans to serve the DURZ on L-Root using NSD 3.2.4, which is
> better able to serve large DNS responses. See
> <http://www.nlnetlabs.nl/projects/nsd/> for more details.
>
> Week of 2010-01-25: L starts to serve DURZ
>
> Week of 2010-02-08: A starts to serve DURZ
>
> Week of 2010-03-01: M, I start to serve DURZ
>
> Week of 2010-03-22: D, K, E start to serve DURZ
>
> Week of 2010-04-12: B, H, C, G, F start to serve DURZ
>
> Week of 2010-05-03: J starts to serve DURZ
>
> 2010-07-01: Distribution of validatable, production, signed root
>  zone; publication of root zone trust anchor
>
> (Please note that this schedule is tentative and subject to change
> based on testing results or other unforseen factors.)
>
> _______________________________________________
> dns-operations mailing list
> dns-operations en lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
>
>