Be the first to like this
ION Toronto, 11 November 2013: CIRA has completed two phases of a three-phased approach to implement DNSSEC on the .CA country code Top Level Domain (ccTLD). First, they released a DNSSEC Practice Statement for comment, providing an operational outline of how CIRA plans to develop, maintain and manage DNSSEC deployment for .CA. Next, they held a key signing ceremony where they generated the cryptographic digital key that is used to secure the .CA zone. On January 21, 2013, CIRA published a signed .CA zone file, and on January 23, the .CA DS record was submitted to the Internet Assigned Numbers Authority (IANA). The next phase of CIRA’s work in implementing DNSSEC is to make the necessary upgrades to ready the registry system for transacting DNSSEC-enabled .CA domain names. This work is expected to be complete in 2014. Once complete, CIRA will be able to register DNSSEC-enabled .CA domain names.
This session will explore CIRA’s technical solution for deploying DNSSEC support in the .CA registry. With our goal of making it easier for registrars, registrants and DNS operator to support any combination of DS and DNSKEY registration. We will take a quick look at our DNSSEC awareness strategy, the status/progress of .CA signed domains, and our lessons learned and challenges for increasing numbers of signed domain names.