[lir-wg] DNSSEC training WHY?
Daniel Karrenberg Daniel.Karrenberg at ripe.net
Thu Aug 15 13:44:33 CEST 2002
At 01:08 PM 8/15/2002, Stephen Burley wrote:
>Hi
> Could someone please tell me WHY we are running free training courses
>for DNS? Training how to interact with the NCC and DB i understand, but dns
>i do not. Who made the descision to implement this training and what grounds
>are there for doing this?
Stephen,
this is part of the DISI activity as specified in the RIPE NCC Activity Plan 2002
which was discussed by RIPE and adopted by the RIPE NCC membership.
I quote the most relevant parts below foir your convenience.
The idea of DISI is to promote deployment of security relevant technology
**that needs to be deployed in the Infrastructure**, as opposed to technology
that is under individual organisation's responsibility.
In particular the courses announced deal with DNSSEC technology and are targeted
at people thoroughly familiar with DNS itself. They are not general purpose DNS
courses.
More info about DISI can be found at
http://www.ripe.net/ripencc/pub-services/np/DISI/index.html
Regards
Daniel
---------
Deployment of Internet Security Infrastructure (DISI)
Security Deployment is a new activity started in late 2000. As the Internet is used for more
and more critical applications, security becomes increasingly important. A lot of security
technology has recently been developed and now needs to be deployed throughout the
Internet Infrastructure [RFC 2828]. Prominent examples are DNSSec [RFC 2535] and IPSec
[RFC 2401].
The DISI project will support the RIPE community in deploying these technologies,
specifically those technologies that need to be deployed in the Internet Infrastructure itself,
rather than at the end sites only. This project initially focuses on DNSsec and will later be
expanded to other relevant technologies.
As from the RIPE 40 Meeting, the RIPE NCC will start to offer courses on securing a zone
using DNSsec. Information and experience will also be gathered by the deployment of the
technologies within the RIPE NCC. The information will be shared with the RIPE community
in additional workshops and white papers.
During the start-up phase of this project, it has become clear that a lot of work still needs to
be done on the technology and the implementations before DNSSEC can be deployed in a
large scale production environment. The RIPE NCC has therefore set up collaborations with
NLnet-labs, Nominum, and other parties interested in these technologies to help improve the
deploy-ability of DNSSEC. This is also pursued by active involvement in the relevant IETF
working groups. DISI will continue in 2002.
[ lir-wg Archives ]