Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
EventsInformationInformationInformationInformation
• .SE Internet Guides.SE Internet Guides.SE Internet Guides.SE Internet Guides• Internet statisticsInternet statisticsInternet statisticsInternet statistics
Technical deploymentTechnical deploymentTechnical deploymentTechnical deployment
• DNSSECDNSSECDNSSECDNSSEC• IPv6IPv6IPv6IPv6
Tending the CommonTending the CommonTending the CommonTending the Common• Reliable eReliable eReliable eReliable e----mail (mail (mail (mail (AntispamAntispamAntispamAntispam))))
• Health check of Internet in SwedenHealth check of Internet in SwedenHealth check of Internet in SwedenHealth check of Internet in Sweden• Broadband tests of Internet accessesBroadband tests of Internet accessesBroadband tests of Internet accessesBroadband tests of Internet accesses
.SE’s Development of Internet
Internet FundInternet FundInternet FundInternet Fund
Specific segmentsSpecific segmentsSpecific segmentsSpecific segments
• Internet in schoolInternet in schoolInternet in schoolInternet in school• Internet for everyone Internet for everyone Internet for everyone Internet for everyone
IETF75
Annual
conference
Reasoning
• We believe in perimeter defense• We shall do our part• We shall provide a high quality DNS service for .SE
• The DNS should be robust and deliver correct data.
• The need for reliable DNS data• By e-mail and Web
• Future - as a repository for security information for IPsec, SSH, PGP, DKIM …?
SE’s Vision:
Everybody should have an unique and secure address on the Internet
DNSSEC Development steps
-
Project start, 2001
Signing of the .SE zone, Sep 2005
Feb 16, 2007
Sept, 2007
Mar, 2009
Fall, 2009
StandardDevelopment
SoftSoftSoftSoft
launchlaunchlaunchlaunch
with
Friendly
users
CommercialCommercialCommercialCommercial
launchlaunchlaunchlaunch
with
Manual
administration
AutomationAutomationAutomationAutomation
of the adminof the adminof the adminof the admin
to provide
volumes
New New New New
businessbusinessbusinessbusiness
model model model model
for .SEfor .SEfor .SEfor .SE
With EPP
New system New system New system New system
for key for key for key for key
managementmanagementmanagementmanagement
and zone and zone and zone and zone
signingsigningsigningsigning
With
OpenDNSSEC
DNSSEC needs
Market Development
“the value chain for the DNS”
Registrants
.SE registry
ICANN/IANA
DNS Name
Service
Provider
Registrars
DNS
the Domain Name tree
DNS
Resolver
Applications Internet
users
ALL on board from the start!
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
Key findings February 2009
No end user applications.
How to handle end user awareness?
Users
Future work with DNSSEC support for DKIM milterApplications
A wide operational experience exists.
There is an interest to find common solutions for TLD public key distribution.
Resolvers
Ongoing system development and efforts to promote DNSSEC among Registrars and key Registrants.
.SE
The lack of tools for key management and administration of DNSSEC are still an obstacle.
DNS Name Service Provider
A growing interest for DNSSEC, but many are still missing out.
.SE Registrar
There exists an interest in DNS and adopting DNSSEC, but obstacles exist to get it.
Registrants
Does anybody want DNSSEC?
• Market research, November 2006
• Survey to .SE domain name holders
• 1 406 randomly selected, and 259 answers (20%).
.SE is planning the commercial launch of .SE-DNSSEC. How interesting is this to you/your company?
Mycket 14%
Ganska 51%
Inte särskilt 29%
Inte alls 6%
Bas=259 st259 answers
Not at all 6%
Not particularly 29%
Interested 51%Very 14%
How interesting is DNSSEC?
How would you react to an annual charge of €50 for this service? Is it high or low?
Mycket låg 2%
Ganska låg 22%
Ganska hög 54%
Mycket hög 22%
Bas=259 st259 answers
Very high 22%
Rather high 54%
Quite low 22%
Very low 2%
The survey indicated €20-€30 to be reasonable price
Are you willing to pay?
Pricing strategy• An additional service• Kick-backs and establishment subsidiaries to registrars
• No add-on, natural part of the domain
•
Yearly fee
2007: 240 SEK (€ 26)
2008: 80 SEK (€ 8,5)
2009: 0 SEK
Rebate?
.SE domains with DNSSEC
Domain name holders
..SE regsitrars
DNS Name
Service Providers
.SE
Resolver operato
rs
Domain name holders
.SE regsitrars
DNS Name
Service Providers
.SE
Resolver operato
rs
Phase 1
End user value?
Applicatio
ns
Internet users
Phase 2
Resolvers
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
DNS Name Service Provider
i.e. ISP’s
Registrants
Registrars
DNS
Resolver
Applications Internet
users
.SE registry.SE registry.SE registry.SE registry
ICANN/IANA
DNS Name DNS Name DNS Name DNS Name
ServiceServiceServiceService
ProviderProviderProviderProvider
DNS
the Domain Name tree
Share of .SE domains held by largest DNS Name Service Providers (2008)
49,4
79,4
94,2 98,8 100
0,0
20,0
40,0
60,0
80,0
100,0
120,0
Top 10 Top 100 Top 1000 Top 6383 Total 12766
%
.SE registars are DNS Name Service Providers as well
0102030405060708090
.SE Registrars Non .SE Registrars
Estimated share of .se domains run by registrars
.SE’s registrars
• Five registrars from day 1• Drive for getting more Registrars
• Kick-back on first 5,000 registrations• Financial establishment support
• Today• Frobbit AB• Interlan Gefle AB• Gotlandica Internet (BRS - Intron AB)• Leissner Data AB• Loopia AB• NEware AB• Melbourne IT CBS• Yask• City Network Hosting AB• Larsen Data v/Peter Larsen• TDC Sverige AB
Expectation?
Penetration
Time
2010 Vision for DNSSEC
• DNSSEC is considered a natural part of DNS• DNSSEC is fully deployed
• by many important domains
• into many useful applications
• Ongoing work to increase End User Value