Edward Lewis, Neustar

Using on-line data, a survey of how the root zone and TLD operate DNSSEC is presented. Key management parameters such as DNSSEC algorithm, key lengths, key lifetimes are measured, NSEC vs. NSEC3 counts, as well as a look at NSEC3 parameters and how long an operator waits after signing a zone until the DS record appears in the root zone.

Richard Lamb, ICANN

With DNSSEC deployment having progressed to the point of no return and serious efforts to make use of the resulting global PKI to expand the benefits of cryptographic security, DNSSEC has the potential to become a critical part of a wide range of applications. However, for DNSSEC to reach its full potential, further and improved support by the entities in the chain of trust from content source to end user must happen. This presentation will describe the current state of DNSSEC deployment and make suggestions on what needs to happen if the Internet is to reap the full benefits from DNSSEC.

Paul McKitrick, Domain Name Commission, NZ

.nz has developed a 'DNSSEC Friendly' status that indicates that a Registrar meets a certain level of service relative to offering DNSSEC services in the .nz space.

This is to:
-Ensure that Registrants who are early adopters of DNSSEC have the best experience possible
-Encourage Registrars to offer DNSSEC
-Promote a culture of security amongst registrars


This presentation is intended to share this idea for promoting the uptake of DNSSEC with Registrars.