[lir-wg] DNSSEC training WHY?
Daniel Karrenberg Daniel.Karrenberg at ripe.net
Thu Aug 15 13:44:33 CEST 2002
At 01:08 PM 8/15/2002, Stephen Burley wrote: >Hi > Could someone please tell me WHY we are running free training courses >for DNS? Training how to interact with the NCC and DB i understand, but dns >i do not. Who made the descision to implement this training and what grounds >are there for doing this? Stephen, this is part of the DISI activity as specified in the RIPE NCC Activity Plan 2002 which was discussed by RIPE and adopted by the RIPE NCC membership. I quote the most relevant parts below foir your convenience. The idea of DISI is to promote deployment of security relevant technology **that needs to be deployed in the Infrastructure**, as opposed to technology that is under individual organisation's responsibility. In particular the courses announced deal with DNSSEC technology and are targeted at people thoroughly familiar with DNS itself. They are not general purpose DNS courses. More info about DISI can be found at http://www.ripe.net/ripencc/pub-services/np/DISI/index.html Regards Daniel --------- Deployment of Internet Security Infrastructure (DISI) Security Deployment is a new activity started in late 2000. As the Internet is used for more and more critical applications, security becomes increasingly important. A lot of security technology has recently been developed and now needs to be deployed throughout the Internet Infrastructure [RFC 2828]. Prominent examples are DNSSec [RFC 2535] and IPSec [RFC 2401]. The DISI project will support the RIPE community in deploying these technologies, specifically those technologies that need to be deployed in the Internet Infrastructure itself, rather than at the end sites only. This project initially focuses on DNSsec and will later be expanded to other relevant technologies. As from the RIPE 40 Meeting, the RIPE NCC will start to offer courses on securing a zone using DNSsec. Information and experience will also be gathered by the deployment of the technologies within the RIPE NCC. The information will be shared with the RIPE community in additional workshops and white papers. During the start-up phase of this project, it has become clear that a lot of work still needs to be done on the technology and the implementations before DNSSEC can be deployed in a large scale production environment. The RIPE NCC has therefore set up collaborations with NLnet-labs, Nominum, and other parties interested in these technologies to help improve the deploy-ability of DNSSEC. This is also pursued by active involvement in the relevant IETF working groups. DISI will continue in 2002.
[ lir-wg Archives ]