-
10 years of Kirei
2016 is the 10th year of Kirei. It’s been 10 years full of interesting and challenging assignments. We’re looking at the future with great curiosity and joy, and would like to thank all our customers for good teamwork during our first 10 years.
-
Infoblox & DNSSEC
Infoblox NIOS implements very basic DNSSEC signing functionality. DNSSEC capabilities in general and key management capabilities in particular are very limited compared to other implementations. Several design choices seems to have been made without considering best current practices from operational experience. Unless the current design changes, we cannot recommend Infoblox NIOS for managing DNSSEC-signed zones.
-
Vacation!
Kirei is now off on vacation and we’ll be back in the beginning of August. We wish all our customers, colleagues and friends a nice and relaxing summer!
-
Death of the PKI dragons?
The recent attack on the Comodo Certification Authority has not only shown how vulnerable the current public key infrastructure is, but also that the protocols (e.g., OSCP) used to mitigate these vulnerabilities once exploited, are not in use, not implemented correctly or not even implemented att all. Is this the beginning of the death of the PKI dragons and what alternatives do we have?
-
The first Root Zone Key Signing Key
The first Root Zone Key Signing Key was generated June 16, 2010, at 21:19 (UTC) during a key ceremony in Culpeper, VA.
-
Top Level Domains and a Signed Root
With DNSSEC for the root zone going into production in a couple of weeks, it is now possible for Top Level Domain (TLD) managers to submit their Delegation Signer (DS) information to IANA. But what does this really mean for a TLD? In this post we’re going to try to sort that out.
-
Kirei & DNSSEC for the Root Zone
As many of you know already, Kirei - as part of the Root DNSSEC Design Team, and on behalf of ICANN - has a central role in implementing DNSSEC for the Root Zone. The team, consisting of a group of Internet and security experts from ICANN, VeriSign and Kirei, has been working closely together with the primary objective of implementing a stable and secure solution for DNSSEC at the Root Zone ready by July 2010.
-
Using OpenDNSSEC for managing keys in BIND
In deployment scenarios where you require dynamic updates, or want to use a HSM which requires multiple threads for decent signing performance, OpenDNSSEC version 1.x come short. There are plans for how to address this in version 2.x, but fortunately there are other options until then.
-
Happy New Year!
Kirei wish all our customers, colleagues and friends a very happy new year. We leave 2009 behind us - a year that despite financial crisis and pandemic viruses was a prosperous year for Kirei.
-
OpenDNSSEC Technology Preview
Last week, Kirei in co-operation with .SE, John A Dickinson, NLnet Labs, Nominet, SIDN and SURFnet, released a technology preview of OpenDNSSEC.
-
Vacation!
Kirei is off to vacation – see you again in August or at the IETF-meeting in Stockholm!
-
SIP Anycast Signaling
-
Complexity is the Achilles Heel of eID
-
Shared responsibility for the root zone key signing key (KSK)?
Awaiting the signing of the root zone there has been an extensive discussion regarding who should control the cryptographic key signing key (KSK) forming the basis for validating the root zone, and consequently also all lower-level domains of the Domain Name System (DNS). At stake is the trust in the root zone and the confidence for the corporation administering and implementing it, i.e. ICANN. The threat they’re trying to avert is a partitioning of the Internet into several alternative root zones. To strengthen ICANN’s legitimacy and the trust in the root zone some people are advocating that the control of the key signing keys should be divided between several interest groups through so called M-of-N control.
