1 / 5

DNSSEC and Provisioning in ENUM: Future Directions and Best Practices

Explore the possible future directions for DNSSEC and provisioning in ENUM, including issues and best practices for signing policies, key management, scaling, telco involvement, DNS content management, and name server setup.

robinm
Download Presentation

DNSSEC and Provisioning in ENUM: Future Directions and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ENUM WG • Possible Future Directions • DNSSEC • Provisioning • NAPTR management/DNS content control • Name server setup

  2. DNSSEC issues for ENUM • NOT DNSSEC protocol goop! • NOT Political stuff like who “owns” a key • Best common practices for stuff like: • Signing policies • Key lengths, signature expiry times • Howto for key rollover and/or key management • Scaling: optimal size for signing • Signed and unsigned parts of the tree? • What does this mean for ENUM clients?

  3. Provisioning Issues • Likely telco involvement in registrations • e.g. Number cancellation or portability • Telco says “this number is not valid anymore” • May be helpful to have a standard way for a telco to express this • EPP Schema? • Information flow • To registry? To Registrar? To Registrant? • Some or all of these?

  4. DNS Content Management • Fine-grained control of NAPTR order & preference fields • BCP on how applications should update the DNS? • Is it OK to mess with order & preference of existing NAPTRs? • What should DNS provider to if it encounters a conflict?

  5. Name Server Setup • Have an explicit document from the WG recommending how name servers for ENUM should be set up? • Redundancy, no SPoFs • Recursion disabled • Minimal services on name servers • Essentially smashing RFC2870 & RFC2182

More Related