Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN72 Virtual Annual General Meeting

[Jacques Latour <Jacques.Latour () cira ca>]

Hello NANOG!
This is the CfP for our next DNSSEC & Security workshop @ ICANN72.
Jacques

Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN72 Virtual Annual General Meeting

In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), we are planning a DNSSEC and Security 
Workshop for the ICANN72 Annual General Meeting being held virtually from 23-28 October 2021 in the Pacific Daylight 
Time Zone (UTC -7). This workshop date will be determined once ICANN creates a block schedule for us to follow; then we 
will be able to request a day and time. The DNSSEC and Security Workshop has been a part of ICANN meetings for several 
years and has provided a forum for both experienced and new people to meet, present and discuss current and future 
DNSSEC deployments.  For reference, the most recent session was held at the ICANN71 Virtual Meeting on 14 June 2021. 
The presentations and transcripts are available at https://71.schedule.icann.org/meetings/3q22SHqif9XF5nFqG and 
https://71.schedule.icann.org/meetings/vv7XkuePvghwFaLgt

The DNSSEC Workshop Program Committee is developing a program.  Proposals will be considered for the following topic 
areas and included if space permits.  In addition, we welcome suggestions for additional topics either for inclusion in 
the ICANN72 workshop, or for consideration for future workshops.

1.  Global DNSSEC Activities Panel
For this panel, we are seeking participation from those who have been involved in DNSSEC deployment as well as from 
those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment, including 
Root Key Signing Key (KSK) Rollover activities and plans.

2.  DNSSEC Best Practice
Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about 
how we manage DNSSEC?  Do you still submit/accept DS records with Digest Type 1? What is the best practice around key 
roll-overs?  What about Algorithm roll-overs? Do you use and support DNSKEY Algorithms 13-16? How often do you review 
your disaster recovery procedures? Is there operational familiarity within your customer support teams? What 
operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best 
practices, or something similar, for transfer of signed zones?  Activities and issues related to DNSSEC in the DNS Root 
Zone are also desired.

3. DNSSEC Deployment Challenges
The program committee is seeking input from those that are interested in implementation of DNSSEC but have general or 
particular concerns with DNSSEC.  In particular, we are seeking input from individuals that would be willing to 
participate in a panel that would discuss questions of the following nature:
- Are there any policies directly or indirectly impeding your DNSSEC deployment? (RRR model, CDS/CDNSKEY automation)
- What are your most significant concerns with DNSSEC, e.g., complexity, training, implementation, operation or 
something else?
- What do you expect DNSSEC to do for you and what doesn't it do?
- What do you see as the most important trade-offs with respect to doing or not doing DNSSEC?

4. Security Panel
The program committee is looking for presentations on DNS and Routing topics that could impact the security and/or 
stability of the internet. .
- DoH and DoT implementation issues, challenges and opportunities
- RPKI adoption and implementation  issues, challenges and opportunities
- BGP/routing/hijack issues, challenges and opportunities
- MANRS implementation challenges and opportunities
- Emerging threats that could impact (real or perceived)  the security and/or stability of the internet
- Domain hacking/hijacking prevention, best practice and techniques
- Browser related security implementations
- DMARC Challenges, opportunities and Best Practices
- BGP Flowspec challenges, opportunities and Best Practices

If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to 
dnssec-security-workshop () icann org by Friday, 10 September 2021

Thank you,
Kathy and Andrew
On behalf of the DNSSEC Workshop Program Committee:
Mark Elkins, DNS/ZACR
Jacques Latour, .CA
Russ Mundy, Parsons
Ondrej Filip, CZ.NIC
Yoshiro Yoneya, JPRS
Fred Baker, ISC
Dan York, Internet Society