From training at ripe.net Mon Oct 4 16:39:09 2004 From: training at ripe.net (RIPE NCC Training) Date: Mon, 04 Oct 2004 16:39:09 +0200 Subject: [techsec-wg] Announcement DNSSec Training Courses Message-ID: <200410041439.i94EdArL027025@birch.ripe.net> Dear Colleagues, [apologies for duplicate postings] As a service to its members the RIPE NCC offers the DNSSec Training Course. The main objective of the DNSSec Training Course is to provide LIRs with sufficient background to be able to deploy DNSSec in their own organisation as soon as the protocol is standardised. This course also explains the specific procedures set up by the RIPE NCC to to secure the in-addr.arpa zone. The Domain Name System (DNS) is one of the main parts of the Internet infrastructure. At the moment DNS lacks a mechanism to establish the authenticity and integrity of the data it provides. DNSSec is a set of extensions to provide this end-to-end authenticity and integrity. It is currently being developed within the IETF dnsnext Working Group. The protocol is about to be finalised and the code implementing the protocol is available in alpha releases. The DNSSec course consists of two parts: an "Introduction to DNSSec" and a real life demonstration. The "Introduction to DNSSEC" will cover: - DNS security threats - DNSSec security mechanisms - DNSSec server protection - DNSSec data protection - Delegation issues - Key management issues - Current developments Examples are based on the BIND name server. Please note that DNSSec is an advanced course. It will: - NOT teach the basics of DNS. - NOT describe how to receive Internet resources from the RIPE NCC not describe how to operate a Local Internet Registry (LIR) The target audience of the course are technical staff of LIRs: e.g. network & system operators, engineers, etc. This course is not intended for administrative or management staff (e.g. Hostmasters). It is assumed that all attendees are familiar with common DNS terminology, have a practical knowledge in operating DNS servers and are interested in learning the concepts and mechanisms that DNSSec offers. The DNSSec course is conducted in the English language and is free of charge, since it is covered by the membership fee. More information about the DNSSec Training Course can be found at: http://www.ripe.net/training/dnssec/ REGISTRATION: You can register for a course at the following URL: http://www.ripe.net/cgi-bin/trainingform.pl.cgi Or by completing the registration form at the end of this e-mail and replying to In order to register for a DNSSec Training Course you must be an employee of an LIR and either : - be an LIR contact - be confirmed by an LIR contact. LIR contacts are those employees of an LIR who are registered with the RIPE NCC as authoritative contact persons. It is expected that most of those interested in the DNSSec Training Course will not be an authorative contact persons for their LIR, and therefore will be refused by the course registration "robot". In order to be admitted to the course, a confirmation e-mail must be sent to . Please approach the LIR contacts from your organisation personally, since the identity of LIR contacts is confidential, and the RIPE NCC is unable to divulge contact persons for any given LIR. Kind regards, Rumy Kanis Training Services Manager RIPE NCC COURSE DATES AND VENUES ======================= Date: Friday 4 February 2005 Time: 0900 - 1700 Location: Vienna, Austria AND: Date: Thursday 14 April 2005 Time: 0900 - 1700 Location: Amsterdam, The Netherlands REGISTRATION FORM ================= %START PART 1 - Registration 1) Your name Enter First name, Last name in full e.g. John Doe Mary-Beth Walton # NAME [ ] 2) Your Registry ID (format: country-code.) # REG [ ] 3) Your e-mail address # EMAIL [ ] 4) Your NIC handle (optional) # NICHANDLE [ ] 5) The course you plan to attend (date and location) # COURSE [ ] %END From olaf at ripe.net Wed Oct 27 13:01:14 2004 From: olaf at ripe.net (Olaf M. Kolkman) Date: Wed, 27 Oct 2004 13:01:14 +0200 Subject: [techsec-wg] Announcement: "DNSSEC HOWTO" Message-ID: <20041027130114.6cece16d.olaf@ripe.net> Dear Colleagues, [Apologies for duplicates] We are happy to announce the availability of a "DNSSEC HOWTO" at: http://www.ripe.net/disi/dnssec_howto/ (html) http://www.ripe.net/disi/dnssec_howto/dnssec_howto.pdf (pdf) The document forms part of a RIPE NCC project on the deployment of DNSSEC and describes how to set up DNSSEC. The HOWTO covers the following topics: * Part I, 'Securing DNS data', about the aspects of DNSSEC that deal with data security. * Part II, 'Securing communication between Servers', covering aspects that deal with server to server security and transaction security. The document is based on the so-called DNSSEC-bis specifications that where finalized by the IETF and are now in the RFC editors queue [I-D.ietf-dnsext-dnssec-intro, I-D.ietf-dnsext-dnssec-protocol and I-D.ietf-dnsext-dnssec-records]. This document will be subject to change. Please regularly check for new versions at: http://www.ripe.net/disi. Your corrections and additions are appreciated. ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC From jim at rfc1035.com Wed Oct 27 13:18:40 2004 From: jim at rfc1035.com (Jim Reid) Date: Wed, 27 Oct 2004 12:18:40 +0100 Subject: [techsec-wg] Re: [dns-wg] Announcement: "DNSSEC HOWTO" In-Reply-To: Message from "Olaf M. Kolkman" of "Wed, 27 Oct 2004 13:01:14 +0200." <20041027130114.6cece16d.olaf@ripe.net> Message-ID: <2695.1098875920@gromit.rfc1035.com> Olaf, thanks very much to you and your colleagues for producing this. I wonder if it would be appropriate to have this published as a RIPE document. Any comments from the WGs?