Dear all, This is just a reminder that our DNSSEC survey is still running and we would like to invite all ccTLDs to participate. Many thanks to all of you who already have replied! I'm copying in all questions which are asked below, so that you can get familiar with them. The survey can be accessed at: http://www.zoomerang.com/Survey/?p=WEB229C76TPWJ4 The results will be compiled and presented in an anonymised way (in the same fashion as the 2007 DNSSEC survey - see http://ccnso.icann.org/surveys/dnssec-survey-report-2007.pdf) The survey is open for your replies until Monday, 7th September 2009. Your participation is gratefully appreciated! Kind regards, Gabi Dear all, The ccNSO is relaunching the DNSSEC survey which was first conducted in September/October 2007 (see results at http://ccnso.icann.org/surveys/dnssec-survey-report-2007.pdf). We would be very grateful if you could take a few minutes to reply to the survey which you can access at: http://www.zoomerang.com/Survey/?p=WEB229C76TPWJ4 (it can only be filled in once per computer station) You will note that a few questions have been added, or slightly reshaped compared to the previous version (these questions have been clearly marked), in order to better reflect the current situation. The reason for the re-launch is a request from the .se registry and the European Network and Information Security Agency (ENISA) which suggested that a comparison between the two surveys could be of great interest. Your participation in this survey is very valuable and we are grateful over every reply received! Please, let me know should you have any questions! Kind regards, Gabi ----------- 1. Your top-level domain: 2. Do you know what DNSSEC is? Yes I know what it is, but don't know how it works. I have heard about it, but don't know what problem it solves No 3. Has your registry implemented DNSSEC, or is actively implementing DNSSEC? Yes No 4. Do you plan to implement DNSSEC? Yes No 5. Please briefly explain why you do not intend to implement DNSSEC in the next three years. Questions for registries that have deployed DNSSEC 6. [NEW] For DNSSEC, what implementation phase are you in now? Implementation Phase Test Phase Fully Deployed 7. Please briefly describe the technical environment you use for DNSSEC 8. Please briefly describe your experience in implementing DNSSEC Questions for registries about to implement DNSSEC 9. What is the planned timeline for implementing DNSSEC? Within 12 months Within 2 years 2-4 years 10. Please briefly describe the technical environment you plan to use to implement DNSSEC: 11. Please briefly describe how strategically important you consider DNSSEC to be. (Please explain what the principal drivers are, the goals you would like to achieve with DNSSEC, and the main threats and opportunities you foresee). Signing the DNS Root 12. Is it important to you that the DNS root zone is signed? Yes No 13. [UPDATED] Who, in your opinion, should be signer of the DNS root zone? VeriSign ICANN/IANA Some other non-governmental organisation A government A grouping of governments Other, please specify 14. [NEW] Are you aware of the Interim Trust Anchor Repository (ITAR) provided by IANA? Yes No 15. [NEW] Are you using ITAR for your registry? Yes, deployed DNSSEC and used ITAR No, deployed DNSSEC without using ITAR No, haven¹t deployed DNSSEC 16. [NEW] It was announced on 3 June 2009 that two agencies of the U.S. Department of Commerce, ICANN and VeriSign are working on an interim approach to deployment, by year¹s end, of DNSSEC at the authoritative root zone. What is your view? The fact that the deployment is interim does not impact our implementation plan We are reconsidering our planning until it is clear how under the interim approach DNSSEC will be deployed. We postpone our implementation until the definite plan to sign the root is made public. 17. [NEW] It was also identified that VeriSign will manage and have operational responsibility for the Zone Signing Key in the interim arrangement, and that ICANN will manage the Key Signing Key process. ICANN will work closely with VeriSign regarding the operational and cryptographic issues involved. Does the proposed arrangement concern you? Yes No 18. Please explain your concerns about the proposed signing arrangement. 19. Please choose your view: The proposed arrangement between VeriSign and ICANN does not impact our planning We are reconsidering our planning as a result of the proposed arrangement We will not implement DNSSEC as a result of the proposed arrangement 20. Please explain your concerns that is causing you to reconsider or not deploy DNSSEC. Exchange of Information and Experiences 21. [NEW] Would it be of any interest to you to have updated and relevant statistics about the total number of signed zones, worldwide (or as far as applicable)? Yes No 22. Do you think there is a need to exchange DNSSEC experiences between TLD managers? Yes No 23. Do you think the ccNSO should actively promote the deployment of DNSSEC? Yes No 24. Please explain how you think the ccNSO should promote DNSSEC:
Dear all, This is a last reminder about our DNSSEC survey, which is closing on Monday, 7th September. Everyone's reply is valuable and appreciated - whether you deal with DNSSEC, or not! All the details about the survey are available in my previous emails below. Please, note that the replies will be anonymised once presented. The survey is available at http://www.zoomerang.com/Survey/?p=WEB229C76TPWJ4 I have copied in the questions below if you would like to get familiar with them before taking the survey. Many thanks to all of you who already contributed! Kind regards, Gabi ------ Forwarded Message From: Gabriella Schittek <gabriella.schittek@icann.org> Date: Thu, 27 Aug 2009 07:34:11 -0700 To: <ccnso-members@icann.org>, <cctldcommunity@cctld-managers.org> Cc: <ccnso-council@icann.org> Subject: [ccTLDcommunity] Reminder: DNSSEC Survey Dear all, This is just a reminder that our DNSSEC survey is still running and we would like to invite all ccTLDs to participate. Many thanks to all of you who already have replied! I'm copying in all questions which are asked below, so that you can get familiar with them. The survey can be accessed at: http://www.zoomerang.com/Survey/?p=WEB229C76TPWJ4 The results will be compiled and presented in an anonymised way (in the same fashion as the 2007 DNSSEC survey - see http://ccnso.icann.org/surveys/dnssec-survey-report-2007.pdf) The survey is open for your replies until Monday, 7th September 2009. Your participation is gratefully appreciated! Kind regards, Gabi Dear all, The ccNSO is relaunching the DNSSEC survey which was first conducted in September/October 2007 (see results at http://ccnso.icann.org/surveys/dnssec-survey-report-2007.pdf). We would be very grateful if you could take a few minutes to reply to the survey which you can access at: http://www.zoomerang.com/Survey/?p=WEB229C76TPWJ4 (it can only be filled in once per computer station) You will note that a few questions have been added, or slightly reshaped compared to the previous version (these questions have been clearly marked), in order to better reflect the current situation. The reason for the re-launch is a request from the .se registry and the European Network and Information Security Agency (ENISA) which suggested that a comparison between the two surveys could be of great interest. Your participation in this survey is very valuable and we are grateful over every reply received! Please, let me know should you have any questions! Kind regards, Gabi ----------- 1. Your top-level domain: 2. Do you know what DNSSEC is? Yes I know what it is, but don't know how it works. I have heard about it, but don't know what problem it solves No 3. Has your registry implemented DNSSEC, or is actively implementing DNSSEC? Yes No 4. Do you plan to implement DNSSEC? Yes No 5. Please briefly explain why you do not intend to implement DNSSEC in the next three years. Questions for registries that have deployed DNSSEC 6. [NEW] For DNSSEC, what implementation phase are you in now? Implementation Phase Test Phase Fully Deployed 7. Please briefly describe the technical environment you use for DNSSEC 8. Please briefly describe your experience in implementing DNSSEC Questions for registries about to implement DNSSEC 9. What is the planned timeline for implementing DNSSEC? Within 12 months Within 2 years 2-4 years 10. Please briefly describe the technical environment you plan to use to implement DNSSEC: 11. Please briefly describe how strategically important you consider DNSSEC to be. (Please explain what the principal drivers are, the goals you would like to achieve with DNSSEC, and the main threats and opportunities you foresee). Signing the DNS Root 12. Is it important to you that the DNS root zone is signed? Yes No 13. [UPDATED] Who, in your opinion, should be signer of the DNS root zone? VeriSign ICANN/IANA Some other non-governmental organisation A government A grouping of governments Other, please specify 14. [NEW] Are you aware of the Interim Trust Anchor Repository (ITAR) provided by IANA? Yes No 15. [NEW] Are you using ITAR for your registry? Yes, deployed DNSSEC and used ITAR No, deployed DNSSEC without using ITAR No, haven't deployed DNSSEC 16. [NEW] It was announced on 3 June 2009 that two agencies of the U.S. Department of Commerce, ICANN and VeriSign are working on an interim approach to deployment, by year's end, of DNSSEC at the authoritative root zone. What is your view? The fact that the deployment is interim does not impact our implementation plan We are reconsidering our planning until it is clear how under the interim approach DNSSEC will be deployed. We postpone our implementation until the definite plan to sign the root is made public. 17. [NEW] It was also identified that VeriSign will manage and have operational responsibility for the Zone Signing Key in the interim arrangement, and that ICANN will manage the Key Signing Key process. ICANN will work closely with VeriSign regarding the operational and cryptographic issues involved. Does the proposed arrangement concern you? Yes No 18. Please explain your concerns about the proposed signing arrangement. 19. Please choose your view: The proposed arrangement between VeriSign and ICANN does not impact our planning We are reconsidering our planning as a result of the proposed arrangement We will not implement DNSSEC as a result of the proposed arrangement 20. Please explain your concerns that is causing you to reconsider or not deploy DNSSEC. Exchange of Information and Experiences 21. [NEW] Would it be of any interest to you to have updated and relevant statistics about the total number of signed zones, worldwide (or as far as applicable)? Yes No 22. Do you think there is a need to exchange DNSSEC experiences between TLD managers? Yes No 23. Do you think the ccNSO should actively promote the deployment of DNSSEC? Yes No 24. Please explain how you think the ccNSO should promote DNSSEC: _______________________________________________ ccTLDcommunity mailing list ccTLDcommunity@cctld-managers.org http://www.lists.cctld-managers.org/mailman/listinfo/cctldcommunity ------ End of Forwarded Message
participants (1)
-
Gabriella Schittek