DNSSEC project information
The project started with a prestudy in 2012, and is given the highest priority in 2013 and 2014.
The project will develop and deliver the DNSSEC functionality in two phases:
- Phase 1:
Support signing of the ‘no’ zone, as well as the approximate 790 other subzones which are managed by Norid.
The DNSSEC requirement specifications shall be developed.
To support the decisions, a special registrar working group has been established. Here the various technical and administrative problems are discussed, with recommendations to solutions.
Note that this is advisory, and that Norid will make the final decisions.
A comprehensive and preparatory work is done in 2013, as a ‘pipeline’ for zonefile production is being developed. The pipeline shall be put in operation in the current system to automate our zonefile production, something we have been planning for a long time.
A signature module will then be developed and included in the pipeline.
An important goal is to run the automated, unsigned zonefile in production for a good period before any signing is activated.
The next important goal is to have phase 1 in operation some time during the winter/spring 2014.
For quality assurance, phase 1 shall prove itself to be operative and stable for at least 3 months before we will add any phase 2 functionality. That means that the project will extend further in calendar time than is required for the development part of the project.
- Phase 2:
Support signing of the delegations.
Support in the registry system to exhange key information over the EPP interface.
The goal is to have the phase 2 functionality in place early summer 2014. If this date becomes too close to the summer holidays, the production will be postponed till after the summer.
Another goal is to offer phase 2 functionality in the test system early new year 2014.
This will make it possible for the registrars to develop and test the necessary DNSSEC functionality in their EPP systems.