Home / Blogs

DNSSEC Successes, Statistics and Innovation Streaming Live from ICANN 53 on 24 June 2015

Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE?

All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live at:


All the slides that will be presented are currently available for download. The session will be recorded and the recording will be available from that same URL sometime after the meeting.

Here’s a quick look at the agenda for the day’s session:

1. Introduction and DNSSEC statistics – I will begin the day introducing the session and providing some of the latest statistics and information about DNSSEC deployment, both in terms of validation and signing.

2. DNSSEC Activities in the Latin American Region – We’ll have a series of speakers providing updates on DNSSEC deployment in the LAC region. Speakers include:

  • Luciano Minuchin, NIC.AR – NIC Argentina (also panel moderator)
  • Luis Diego Espinoza, Consultant, Costa Rica – DNSSEC Activities in LAC
  • Carlos Martinez, LACNIC – DNSSEC in the Reverse Tree at LACNIC
  • Gonzalo Romero, .CO – DNSSEC in the .CO: ccTLD Experiences and Challenges
  • Rubens Kuhl, .BR – .BR DNSSEC Update ICANN 53
  • Hugo Salgado, NIC.CL – DNSSEC in .CL: ICANN 53 Update

3. Update on DNSSEC KSK Root Key Rollover – Ed Lewis of ICANN will give an update on the work around planning the rollover of the root key of DNSSEC.

4. DNSSEC Automation – After a short break we’ll have a panel moderated by Russ Mundy about how to better improve the automation of DNSSEC activities. Panelists include:

  • Eberhard Lisse, .NA – DNSSEC with SmartcardHSM
  • Robert Martin-Legène, Packet Clearing House – Packet Clearing House (PCH) DNSSEC Signing Service
  • Joe Waldron, Verisign – Verisign DNSSEC Signing Service

After this session we’ll break for lunch as well as the “Great DNS Quiz”. The lunch is sponsored by:

  • Afilias
  • CIRA
  • Dyn
  • .SE
  • SIDN

5. Demonstrations and Presentations: DANE and Applications – After lunch, I’ll be moderating a panel where we’ll be demonstrating some of the innovative things people are doing with DNSSEC and the DANE protocol. Panelists include:

  • Jaap Akkerhuis, NLNetLabs – One Year of DANE (Some) Lessons Learned
  • Wes Hardaker – Opportunistic SMTP Security
  • Jacques Latour – DNS Operator Role in Domain Management
  • Glen Wiley, Eric Osterweil and Danny McPherson – DNSSEC/DANE: Tools to Encourage Adoption

6. Deploying New DNSSEC Algorithms – I’ll then provide the last major presentation discussing the different aspects of deploying new cryptographic algorithms for use in DNSSEC. A specific case for this is the ECDSA algorithm, but the topics I’ll cover will be applicable for all new algorithms.

7. DNSSEC - How Can I Help? – Finally, we’ll wrap up with Russ Mundy and myself talking about the steps people can take when they leave the workshop to help in accelerating the deployment of DNSSEC.

If you are interested in DNSSEC and DANE, these workshops are excellent ways to keep up-to-date with the latest changes and developments in the world of DNSSEC. I’d encourage any of you to join in and listen. (Questions can also be submitted by remote participants.)

P.S. If you would like to get started with DNSSEC or DANE, please visit the Internet Society Deploy360 “Start Here” page to find resources to begin!

By Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society

Dan is the Director, Online Content, for the Internet Society but opinions posted on CircleID are his own. View more of Dan’s writing and audio here.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global