SlideShare a Scribd company logo

DNSSEC Implementation in the .ro Registry

Download as PPTX, PDF
Deploy360 Programme (Internet Society)
Deploy360 Programme (Internet Society)

This document summarizes the DNSSEC implementation timeline for the .ro top-level domain operated by ROTLD in Romania. It discusses the experimental phase from 2012-2016 where they tested different signing software and key management solutions. In May 2016, they started signing the zone with a 1024-bit RSA ZSK rolling every 90 days and a 2048-bit RSA KSK rolling annually, stored on an HSM device. The production rollout was completed in July 2016, but adoption remains low with only around 150 of 890,000 .ro domains currently signed. Outreach efforts aim to increase awareness among registrars and registrants.

Technology
1 of 14
DNSSEC Implementation RONOG 11 October 2016
.ro Registry - ROTLD • ROTLD is a department of “National Intitute for R&D in Informatics – ICI Bucharest” • ICI is a state-owned company, coordinated by Ministry of Communication and for Informational Society • In 1992, ICI operated the first connection to Internet from Romania • It was the first ISP in Romania for research and education organizations, starting in 1992 • February 26, 1993: IANA delegated the authority to register .ro domain names to ICI Bucharest
.ro Registry - ROTLD • .ro is an “open” TLD, any person or entity is permitted to register • Registration on a “first come - first serve” principle • At present there is only one-time payment for registration, no renewal fee (need to be changed) • Direct registration or using one of more than 90 Registrars • Registrars can register in real time using APIs (EPP or REST)
Registered .ro domains
.ro DNSSEC Timeline Experimental .ro signed DS in Root General availability 6 June 2016 6 July 201617 May 2016Since 2012
.ro DNSSEC Experimental Phase (1) • Starting in late 2012 • Getting familiar with DNSSEC technology, training and courses at RIPE NCC and IIS (.SE registry) • First TestBed operational in 2013, working with BIND and in house developed key management software • Tests with complete chain of trust using reverse and ENUM zones • Decided to also test different signing software solutions
.ro DNSSEC Experimental Phase (2) • Second TestBed with OpenDNSSEC v1.4 with SoftHSM • .ro zone is dynamically updated • At that time OpenDNSSEC didn’t support that so problems encounter • BIND was the next choice with “auto-dnssec maintain” • Developed a brand new key management system using OpenDNSSEC backend and Java
.ro DNSSEC Experimental Phase (3) • HSM devices acquisition (Thales nShield Connect+) in 2015 • BIND officially support this HSM in native PKCS#11 mode • Redundant deployment using Security World, easy backup of RFS, unlimited key storage, load sharing of cryptographic operations • Phisically secured
.ro DNSSEC Experimental Phase (4) • Upgraded registration system to support DNSSEC (databases, middleware, REST, EPP, frontend apps) • Audit the network infrastructure ( especially firewalls). • Continuous service monitoring and zone validation (Nagios, Cacti and other custom tools)
.ro DNSSEC Experimental Phase (5) • Final design: BIND with HSM + OpenDNSSEC backend + in house key management software
.ro DNSSEC Experimental Phase (6) • Why it took so long: • Initially not a high priority project • Lack of a dedicated team until 2015 • Intermittent work periods • Tested multiple software solutions • Delayed acquisition procedures • Minimize the risks of errors when the system is in production
.ro DNSSEC in production • ZSK 1024 bits RSA-SHA256 (rolled at 90 days) • KSK 2028 bits RSA-SHA256 (rolled every year) • NSEC3, OPT-OUT signing • 30 days RRSIG validity • Allowed DS record algorithms: 3, 5, 6, 7, 8, 10, 12, 13, 14 and hash type 1 and 2 • First signed domain was rotld.ro
.ro DNSSEC in production • Currently very low used • Around 150 signed domains (less than 0.02% from 890.000 total .ro domains) • Raise awareness among community • Organize workshops for registrars and registrants
.ro DNSSEC Thank You ! Ing. Catalin LEANCA catalinl@rotld.ro http://www.rotld.ro

Recommended

IETF Update: Making the Internet Work Better
IETF Update: Making the Internet Work BetterIETF Update: Making the Internet Work Better
IETF Update: Making the Internet Work BetterDeploy360 Programme (Internet Society)
 
ION Bucharest - ISOC & Deploy360 overview
ION Bucharest - ISOC & Deploy360 overviewION Bucharest - ISOC & Deploy360 overview
ION Bucharest - ISOC & Deploy360 overviewDeploy360 Programme (Internet Society)
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECDeploy360 Programme (Internet Society)
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labDeploy360 Programme (Internet Society)
 
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get InvolvedION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get InvolvedDeploy360 Programme (Internet Society)
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECDeploy360 Programme (Internet Society)
 
ROTLD DNSSEC Implementation
ROTLD DNSSEC ImplementationROTLD DNSSEC Implementation
ROTLD DNSSEC ImplementationKevin Meynell
 
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?Deploy360 Programme (Internet Society)
 

Recommended

IETF Update: Making the Internet Work Better
IETF Update: Making the Internet Work BetterIETF Update: Making the Internet Work Better
IETF Update: Making the Internet Work BetterDeploy360 Programme (Internet Society)
 
ION Bucharest - ISOC & Deploy360 overview
ION Bucharest - ISOC & Deploy360 overviewION Bucharest - ISOC & Deploy360 overview
ION Bucharest - ISOC & Deploy360 overviewDeploy360 Programme (Internet Society)
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECDeploy360 Programme (Internet Society)
 
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labION Islamabad - DANE/DNSSEC/TLS Testing in the go6lab
ION Islamabad - DANE/DNSSEC/TLS Testing in the go6labDeploy360 Programme (Internet Society)
 
ION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get InvolvedION Cape Town - IETF Update and How to Get Involved
ION Cape Town - IETF Update and How to Get InvolvedDeploy360 Programme (Internet Society)
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECDeploy360 Programme (Internet Society)
 
ROTLD DNSSEC Implementation
ROTLD DNSSEC ImplementationROTLD DNSSEC Implementation
ROTLD DNSSEC ImplementationKevin Meynell
 
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?Deploy360 Programme (Internet Society)
 
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSDeploy360 Programme (Internet Society)
 
Decentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubDecentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubKlaraOrban
 
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannDeploy360 Programme (Internet Society)
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsDeploy360 Programme (Internet Society)
 
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...nullhandle
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit - wolfSSL
 
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECDeploy360 Programme (Internet Society)
 
wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018wolfSSL
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
The Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team CollaborationThe Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team CollaborationUnivention GmbH
 
Module: Welcome to Web 3.0
Module: Welcome to Web 3.0Module: Welcome to Web 3.0
Module: Welcome to Web 3.0Ioannis Psaras
 
OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016Jonathan Le Lous
 
Unlocking LOCKSS with APIs
Unlocking LOCKSS with APIsUnlocking LOCKSS with APIs
Unlocking LOCKSS with APIsnullhandle
 
Die Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - NextcloudDie Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - NextcloudUnivention GmbH
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Codemotion
 
Encode club introduction_to_libp2p
Encode club introduction_to_libp2pEncode club introduction_to_libp2p
Encode club introduction_to_libp2pVanessa Lošić
 
Dev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart KennyDev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart Kennydri_ireland
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSwolfSSL
 
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...data://disrupted®
 
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...Artefactual Systems - Archivematica
 
SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the UnionSander Temme
 
Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)Jose G Rivera, MBA, CISSP, CTGA,
 

More Related Content

What's hot

Decentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubDecentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubKlaraOrban
 
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...nullhandle
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit - wolfSSL
 
wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018wolfSSL
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
The Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team CollaborationThe Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team CollaborationUnivention GmbH
 
Module: Welcome to Web 3.0
Module: Welcome to Web 3.0Module: Welcome to Web 3.0
Module: Welcome to Web 3.0Ioannis Psaras
 
OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016Jonathan Le Lous
 
Unlocking LOCKSS with APIs
Unlocking LOCKSS with APIsUnlocking LOCKSS with APIs
Unlocking LOCKSS with APIsnullhandle
 
Die Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - NextcloudDie Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - NextcloudUnivention GmbH
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Codemotion
 
Encode club introduction_to_libp2p
Encode club introduction_to_libp2pEncode club introduction_to_libp2p
Encode club introduction_to_libp2pVanessa Lošić
 
Dev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart KennyDev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart Kennydri_ireland
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSwolfSSL
 
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...data://disrupted®
 
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...Artefactual Systems - Archivematica
 

What's hot (20)

ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
 
Decentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubDecentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin club
 
ION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris GrundemannION Belfast - IETF Update - Chris Grundemann
ION Belfast - IETF Update - Chris Grundemann
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network Operators
 
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
Lots More LOCKSS for Web Archiving: Boons from the LOCKSS Software Re-Archite...
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit -
 
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
 
wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018wolfSSL TLS 1.3 Support in 2018
wolfSSL TLS 1.3 Support in 2018
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
The Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team CollaborationThe Nextcloud Roadmap for Secure Team Collaboration
The Nextcloud Roadmap for Secure Team Collaboration
 
Module: Welcome to Web 3.0
Module: Welcome to Web 3.0Module: Welcome to Web 3.0
Module: Welcome to Web 3.0
 
OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016OpenStack Overview: Deployments and the Big Tent, Toronto 2016
OpenStack Overview: Deployments and the Big Tent, Toronto 2016
 
Unlocking LOCKSS with APIs
Unlocking LOCKSS with APIsUnlocking LOCKSS with APIs
Unlocking LOCKSS with APIs
 
Die Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - NextcloudDie Zukunft unserer Daten - Nextcloud
Die Zukunft unserer Daten - Nextcloud
 
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...
 
Encode club introduction_to_libp2p
Encode club introduction_to_libp2pEncode club introduction_to_libp2p
Encode club introduction_to_libp2p
 
Dev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart KennyDev ops in the Digital Repository of Ireland - Stuart Kenny
Dev ops in the Digital Repository of Ireland - Stuart Kenny
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLS
 
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
Nextcloud als On-Premises Lösung für hochsicheren Datenaustausch (Frank Karli...
 
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
 

Viewers also liked

SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the UnionSander Temme
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spotsProtecting application delivery without network security blind spots
Protecting application delivery without network security blind spotsThales e-Security
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the UnionSander Temme
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionThales e-Security
 
[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gatewaySeth Xie
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsThales e-Security
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Thales e-Security
 
Le contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaLe contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaFranck Beulé
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 

Viewers also liked (19)

SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the Union
 
Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)Mexico trends mx 042116 (003)
Mexico trends mx 042116 (003)
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spotsProtecting application delivery without network security blind spots
Protecting application delivery without network security blind spots
 
TLS State of the Union
TLS State of the UnionTLS State of the Union
TLS State of the Union
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
 
[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway[Application guide] IoT Protocol gateway
[Application guide] IoT Protocol gateway
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
 
Innovation Solutions
Innovation SolutionsInnovation Solutions
Innovation Solutions
 
Thales e-Security corporate presentation
Thales e-Security corporate presentationThales e-Security corporate presentation
Thales e-Security corporate presentation
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware Attacks
 
Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?Cloud based payments: the future of mobile payments?
Cloud based payments: the future of mobile payments?
 
thales-corporate-presentation 2015
thales-corporate-presentation 2015thales-corporate-presentation 2015
thales-corporate-presentation 2015
 
Le contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que çaLe contrat agile ce n'est pas si simple que ça
Le contrat agile ce n'est pas si simple que ça
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
Payment Hsm Payshield9000
Payment Hsm Payshield9000Payment Hsm Payshield9000
Payment Hsm Payshield9000
 

Similar to DNSSEC Implementation in the .ro Registry

RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabAPNIC
 
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)EDINA, University of Edinburgh
 
DNSSec: Internet achter de schermen
DNSSec: Internet achter de schermenDNSSec: Internet achter de schermen
DNSSec: Internet achter de schermenDevnology
 
Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle Developers
 
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...Deploy360 Programme (Internet Society)
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationAPNIC
 
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...PROIDEA
 
SCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE Project
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTLinaro
 
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - CiscoOAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - CiscoRogerio Mariano
 
An Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoTAn Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoTCharles Eckel
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software IntegrationOTN Systems Hub
 
Introduction to Openstack Network
Introduction to Openstack NetworkIntroduction to Openstack Network
Introduction to Openstack Networksalv_orlando
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)RIPE NCC
 

Similar to DNSSEC Implementation in the .ro Registry (20)

RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
 
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6LabDNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
 
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)
ESDIN - OGC Web Services Shibboleth Interoperability Experiment (OSI)
 
DNSSec: Internet achter de schermen
DNSSec: Internet achter de schermenDNSSec: Internet achter de schermen
DNSSec: Internet achter de schermen
 
Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018
 
OpenStack Marketing Meeting Oct 2
OpenStack Marketing Meeting Oct 2OpenStack Marketing Meeting Oct 2
OpenStack Marketing Meeting Oct 2
 
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
ION Santiago: What's Happening at the IETF? Internet Standards and How to Get...
 
After summit catch up
After summit catch upAfter summit catch up
After summit catch up
 
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next GenerationThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
ThaiNOG Day 2019: Internet Number Registry Services, the Next Generation
 
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...
PLNOG 13: B. van der Sloot, S. Abdel-Hafez: Running a 2 Tbps global IP networ...
 
SCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation Environments
 
RDAP @ .at
RDAP @ .at RDAP @ .at
RDAP @ .at
 
Vp ns
Vp nsVp ns
Vp ns
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoT
 
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - CiscoOAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
OAS SSIG 2016 - IETF-LAC & LACNOG - Alvaro Retana - Cisco
 
An Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoTAn Open and Collaborative Ecosystem for IoT
An Open and Collaborative Ecosystem for IoT
 
Oracle Solaris Software Integration
Oracle Solaris Software IntegrationOracle Solaris Software Integration
Oracle Solaris Software Integration
 
Introduction to Openstack Network
Introduction to Openstack NetworkIntroduction to Openstack Network
Introduction to Openstack Network
 
IP Address Certification (RPKI)
IP Address Certification (RPKI)IP Address Certification (RPKI)
IP Address Certification (RPKI)
 

More from Deploy360 Programme (Internet Society)

More from Deploy360 Programme (Internet Society) (20)

ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success StoriesION Belgrade - Jordi Palet Martinez IPv6 Success Stories
ION Belgrade - Jordi Palet Martinez IPv6 Success Stories
 
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter PresentationION Belgrade - ISOC Serbia Belgrade Chapter Presentation
ION Belgrade - ISOC Serbia Belgrade Chapter Presentation
 
ION Belgrade - IETF Update
ION Belgrade - IETF UpdateION Belgrade - IETF Update
ION Belgrade - IETF Update
 
ION Belgrade - Opening Slides
ION Belgrade - Opening SlidesION Belgrade - Opening Slides
ION Belgrade - Opening Slides
 
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)ION Belgrade - MANRS by Serbian Open eXchange (SOX)
ION Belgrade - MANRS by Serbian Open eXchange (SOX)
 
ION Belgrade - Closing Slides
ION Belgrade - Closing SlidesION Belgrade - Closing Slides
ION Belgrade - Closing Slides
 
AusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRSAusNOG - Two Years of Good MANRS
AusNOG - Two Years of Good MANRS
 
ION Malta - IETF Update
ION Malta - IETF UpdateION Malta - IETF Update
ION Malta - IETF Update
 
ION Malta - MANRS Introduction
ION Malta - MANRS IntroductionION Malta - MANRS Introduction
ION Malta - MANRS Introduction
 
ION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSECION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSEC
 
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLSION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
 
ION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & AccountabilityION Malta - IANA Transition Roles & Accountability
ION Malta - IANA Transition Roles & Accountability
 
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: FinlandION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
 
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 TransitionION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
 
ION Malta - Opening Slides
ION Malta - Opening SlidesION Malta - Opening Slides
ION Malta - Opening Slides
 
ION Malta - Closing Slides
ION Malta - Closing SlidesION Malta - Closing Slides
ION Malta - Closing Slides
 
ION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internetION Durban - How peering behaviour affects growth of the internet
ION Durban - How peering behaviour affects growth of the internet
 
ION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng ChapterION Durban - Introduction to ISOC Gauteng Chapter
ION Durban - Introduction to ISOC Gauteng Chapter
 
ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?
 

Recently uploaded

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Recently uploaded (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

DNSSEC Implementation in the .ro Registry

  • 2. .ro Registry - ROTLD • ROTLD is a department of “National Intitute for R&D in Informatics – ICI Bucharest” • ICI is a state-owned company, coordinated by Ministry of Communication and for Informational Society • In 1992, ICI operated the first connection to Internet from Romania • It was the first ISP in Romania for research and education organizations, starting in 1992 • February 26, 1993: IANA delegated the authority to register .ro domain names to ICI Bucharest
  • 3. .ro Registry - ROTLD • .ro is an “open” TLD, any person or entity is permitted to register • Registration on a “first come - first serve” principle • At present there is only one-time payment for registration, no renewal fee (need to be changed) • Direct registration or using one of more than 90 Registrars • Registrars can register in real time using APIs (EPP or REST)
  • 5. .ro DNSSEC Timeline Experimental .ro signed DS in Root General availability 6 June 2016 6 July 201617 May 2016Since 2012
  • 6. .ro DNSSEC Experimental Phase (1) • Starting in late 2012 • Getting familiar with DNSSEC technology, training and courses at RIPE NCC and IIS (.SE registry) • First TestBed operational in 2013, working with BIND and in house developed key management software • Tests with complete chain of trust using reverse and ENUM zones • Decided to also test different signing software solutions
  • 7. .ro DNSSEC Experimental Phase (2) • Second TestBed with OpenDNSSEC v1.4 with SoftHSM • .ro zone is dynamically updated • At that time OpenDNSSEC didn’t support that so problems encounter • BIND was the next choice with “auto-dnssec maintain” • Developed a brand new key management system using OpenDNSSEC backend and Java
  • 8. .ro DNSSEC Experimental Phase (3) • HSM devices acquisition (Thales nShield Connect+) in 2015 • BIND officially support this HSM in native PKCS#11 mode • Redundant deployment using Security World, easy backup of RFS, unlimited key storage, load sharing of cryptographic operations • Phisically secured
  • 9. .ro DNSSEC Experimental Phase (4) • Upgraded registration system to support DNSSEC (databases, middleware, REST, EPP, frontend apps) • Audit the network infrastructure ( especially firewalls). • Continuous service monitoring and zone validation (Nagios, Cacti and other custom tools)
  • 10. .ro DNSSEC Experimental Phase (5) • Final design: BIND with HSM + OpenDNSSEC backend + in house key management software
  • 11. .ro DNSSEC Experimental Phase (6) • Why it took so long: • Initially not a high priority project • Lack of a dedicated team until 2015 • Intermittent work periods • Tested multiple software solutions • Delayed acquisition procedures • Minimize the risks of errors when the system is in production
  • 12. .ro DNSSEC in production • ZSK 1024 bits RSA-SHA256 (rolled at 90 days) • KSK 2028 bits RSA-SHA256 (rolled every year) • NSEC3, OPT-OUT signing • 30 days RRSIG validity • Allowed DS record algorithms: 3, 5, 6, 7, 8, 10, 12, 13, 14 and hash type 1 and 2 • First signed domain was rotld.ro
  • 13. .ro DNSSEC in production • Currently very low used • Around 150 signed domains (less than 0.02% from 890.000 total .ro domains) • Raise awareness among community • Organize workshops for registrars and registrants
  • 14. .ro DNSSEC Thank You ! Ing. Catalin LEANCA catalinl@rotld.ro http://www.rotld.ro