Objectives:

• To provide the participants with in depth technical information of DNSSEC.
• To assist ccTLD operators and key stakeholders in deploying DNSSEC for their national registries, registrars and organizations; and
• To build working relationships among individual, institutional and/or organization contacts that manages national registry, Internet infrastructure as well as governmental services.

Who should attend?

Anyone with an interest in the deployment of DNSSEC, especially ccTLDs operators, ISPs, Banks, Government Agencies, and the others who want to secure their Internet infrastructure and those contemplating whether or not to deploy DNSSEC in their organization.

PART I: Security on DNS: It's Time

Date : 25 February 2009

Venue: Melton Bender Auditorium [map]

What it is?

To cope with the security risk over the DNS, the deployment of DNSSEC is going on around the Internet community by different key stakeholders. The organizations actively engaged in the deployment of DNSSEC as well as .th registry will share the information and experiences on DNSSEC and its deployment.

Why it's Important?

Registries, Registrars, ISPs, Banks, Government Agencies, and the others who want to secure their Internet infrastructure will benefit from the presentation and discussion of the deployment experiences.

Who should attend?

Anyone with an interest in the deployment of DNSSEC, especially representatives from technical, operational, and strategic planning roles of the registry, registrar, ISPs, banks and government agencies.

Drafted Agenda (Policy Part)

10:00 - 10:30	Registration
10:30 - 10:45	Welcome and Introductions by Prof. Kanchana Kanchanasut, THNIC Foundation
10:45 - 12:00	What's DNSSEC? by Olaf Kolkman, NLnetLabs Patrick Wallstrom, .SE (Stiftelsen for Internetinfrastruktur)    * Demonstration of Attacks to the Kaminsky DNS Vulnerability    * What's DNSSEC?    * What's the different between DNS and DNSSEC?    * What are the objectives of DNSSEC?    * What are the advantages of DNSSEC?
12:00 - 13:00	Lunch
13:00 - 14:00	DNSSEC in the Field by Olaf Kolkman, NLnetLabs Patrick Wallstrom, .SE (Stiftelsen for Internetinfrastruktur)    * DNSSEC deployment experiences from .SE    * DNSSEC experiences    * DNS Softwares, Appliances, Recursive Resolvers, and Next Steps
14:00 - 14:30	Zone Signing Status    * Root Zone Signing by Olaf M. Kolkman, NlnetLabs    * .th Zone Signing by Krit Witwiyaruj, .th registry
14:30 - 16:00	How the DNSSEC impact our community moderated by the Chair of UniNet security working group (TBC)

PART II

Course Contents

Venue: intERLab Training Room [map]

This training covers the followings topics:

• DNS KEYs: risks and management
• Introduction of DNSSEC
• Securing zone transfer (TSIG)
• Securing a zone
• Delegation of signing authority
• Troubleshooting
• DNSSEC deployment
• DNSSEC Softwares and Tools

Prerequisite

Basic knowledge about UNIX System Administration, Basic DNS and Network Operation

Details Agenda

Biography of instructor

Olaf M. Kolkman
Olaf Kolkman was born (1966) and raised in the Netherlands. He was trained as an astronomer but his interest in Internet technology took hold of his career path around 1996. In that year he moved to a commercial company and implemented a mail to web gateway and a build a customized firewall.

In 1997 he joined the RIPE NCC where he got involved in the test-traffic project and got exposed to Internet standard and policy development. After acting as operations manager for a while he became systems architect in 2000, responsible for DNSSEC deployment at the RIPE NCC. During that project he got more involved in the DNS community and more active in the IETF for instance as chair of the DNS extension's working group.

In 2005 he joined NLnet Labs, a foundation chartered to develop open source software and open standards for the Internet, as chief Executive.

Olaf Kolkman is an IAB member since March 2006 and acts as the IAB chair since March 2007.

Olaf is married to Leidi, has two kids and lives in Uithoorn NL

Patrick Wallstrom
Patrik Wallström has been with .SE since 2002. He is the project manager for DNSSEC at .SE and has been working with DNSSEC deployment for six years. He is also the lead of the Tools & Applications working group at the DNSSEC Coalition. For more than a decade he has been actively involved in the Swedish free software and open source community. Mr Wallström has a background as a consultant within network security and software architecture.