DNSSEC for ccTLDs: securing national domains

06 November 2012 - A Workshop on Baku,Azerbaijan


This workshop is the result of the merger of workshop 107, “DNSSEC for ccTLDs: Securing National Domains”, and workshop 113, “The Economic and Security Benefits of Securing the Internet’s Unique Identifiers: DNSSEC”.

Securing the critical infrastructure of the Internet, particularly ccTLDs, each country's most valuable online resource, is one of the most important Internet Governance issues being faced today. To ensure the security and privacy of the Internet's billions of users, important responsibilities must be undertaken by ccTLD operations and Internet service and network providers around the world in making DNSSEC, the cryptographic signing of domain names, available to the Internet-using constituents of each national top-level domain.

DNSSEC deployment at the root is an excellent example of how the bottom-up multi-stakeholder process has worked. DNSSEC has become a universal requirement for top-level domain operators, but today fewer than one third of ccTLDs have deployed it, making the remaining countries even more susceptible to online crime and fraud such as phishing and malware. As developed countries deploy DNSSEC more rapidly, the global burden of cybercrime falls ever more heavily on the shoulders of the remaining developing countries.

This workshop will provide an overview of the technology and practices required for successful DNSSEC deployment, including comprehensive deployments with solid, long track records; secure novel cost-effective approaches; practical examples from practitioners who have created the signing infrastructure for dozens of countries, as well as the root of the domain name system. The workshop will describe the operation and management of typical DNSSEC-signed country domains, including administrative structure, technical management, trust relationships, security practices, documentation and audit requirements, relationships with other stakeholders, business model and the role and purpose of DNSSEC in securing the domain name system and higher-level aspects of Internet networks.

The workshop will describe the current state of DNSSEC deployment and describe what developing and developed countries can do for all of us to reap the full benefits from this fundamental infrastructural Internet improvement. The workshop offers participants the opportunity to learn about DNSSEC from a practical point of view, and to realize its technical and business challenges and opportunities. At the same time, the workshop allows speakers and discussants to share their knowledge and expertise with participants who will be attending the IGF meeting. The workshop targets policy makers, business and technical advisors, particularly those of governments and businesses from the developing world.


  • Welcome (Moderator)
  • Panelist introductions (Moderator)
  • DNSSEC Basics (Richard Lamb)
  • PANELIST BRIEFINGS (5 min each)
    Motivations behind deploying DNSSEC and experiences
  • DISCUSSION (Panelists and Participants). Topic include but are not limited to:
    Opportunities for security improvements and business development
    Lessons Learned
  • What impact have you had or expect to have
  • QUESTIONS AND ANSWERS SESSION (Participants and Panelists)
  • Closing comments (Moderator)

Backgroung Paper:
application/pdf icondnssecigf101rootb.pdf

Organiser(s) Name:

Bill Woodcock, Packet Clearing House

Dr. Richard Lamb, ICANN

Previous Workshop(s):

Submitted Workshop Panelists:
Emil Askerbeyli, Moderator, representing .AZ
Ondrej Filip, CEO, CZ NIC, Czech Republic
Dr. Demi Getschko, CEO, NIC BR, Brazil
Svitlana Tkachenko/Dmitry Kohmanyuk, Hostmaster Ltd, .UA ccTLD administrator, Ukraine
Charles Musisi, .UG ccTLD administrator, Uganda
Roelof Meijer, CEO, SIDN, .NL ccTLD administrator, Netherlands
Bevil Wooding, root-signing Trusted Community Representative, .TT Trinidad and Tobago
Eduardo Santoyo, .CO ccTLD administrator, Colombia
Bill Woodcock, Packet Clearing House
Dr. Richard Lamb, ICANN

Name of Remote Moderator(s):
Baher Esmat, ICANN