forgery resilience phase #2 Ólafur guðmundsson [email protected]
TRANSCRIPT
![Page 2: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/2.jpg)
What is coming
How can an avalanche be stopped ?
- Build fences - Run away - Ski faster - Pray - “Let it be!”
- Deploy DNSSEC
![Page 3: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/3.jpg)
Forgery-resilience-07
• Passed WGLC will be sent to IESG next week.
• Expect RFC in about 4 months
• Deploy NOW !!!
![Page 4: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/4.jpg)
Ideas?
• There are lots of them: – http://www.psg.com/lists/namedroppers/name
droppers.2008/msg01131.html– X20– QID– ……
![Page 5: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/5.jpg)
What else to do?
• Questions for people to think about: – What can be done in the short
term ?– What can be done without
updating software?– What can be done in the
medium term ?– What work does DNSEXT or
DNSOP need to do ?
![Page 6: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/6.jpg)
DNS protocol economics 101• All changes have a “cost”
– How high the cost is for • Implementations• Deployment if there are changes in
operation• Authorative DNS data providers• DNS consumer i.e. resolvers• Is there fall-back
– When can this be deployed • Standards action needed: add 8-24
months• Code (add 1-24 months)• Testing (add 1-12 months) • Rollout (add 2-18 months)• Fixes needed (add 1-24 months)
![Page 7: Forgery Resilience Phase #2 Ólafur Guðmundsson Ogud@ogud.com](https://reader035.vdocument.in/reader035/viewer/2022070402/56649f225503460f94c3b4de/html5/thumbnails/7.jpg)
The plan
• The chairs will not propose a plan or officially adopt new work until the full details of the current scare are known.