.CA is the Trusted Platform for IoT
Transcript of .CA is the Trusted Platform for IoT
![Page 1: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/1.jpg)
![Page 2: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/2.jpg)
IoT613 - September 2015
About CIRA
1. Operate the .CA top-level domain registry Registrant Registrar Registry .CA DNS
2. Operate the .CA top-level domain DNS Root “.” “.CA” 2nd Level .CA domains Internet Users ISP “.CA”
3. Invest in the Canadian Internet Promote development & adoption of IPv6 and DNSSEC D-Zone (Canadian DNS Secondary Anycast)
4. CIRA is a member-driven organization of over 70 employees and an elected 12-person board
![Page 3: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/3.jpg)
IoT613 - September 2015
Internet of Things
• Things that are on the Internet• Things that are not on the Internet• Things referencing other Things on the Internet Things connecting to other Things on the Internet
• IoT is not here yet…• But marketing hype sure is!
![Page 4: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/4.jpg)
IoT613 - September 2015
IoT Design Consideration
• Think about the Internet plumbing • For the things that are on the Internet:
Internet Protocol support: IPv6Trusted Domain Names & URL: .CASecurity: DNSSEC, IPSec
thebay.ca/olympics
![Page 5: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/5.jpg)
Internet Infrastructure - Why .CA
• .CA is 2.4 million domain names– 100% Canadian– Top global rank for security, trusted– 800 million authoritative DNS queries a day
1069 TLDs & end-user confusion
![Page 6: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/6.jpg)
IoT613 - September 2015
Internet Infrastructure - Why IPv6
• Design on IPv6 –> “The Future”– Scalable – 128 bits vs. 32 bits address scheme– Peer to peer (no NAT)– End to end security– Tiny stack, extensions, mobility, address mgmt.
Did you know?We ran out of IPv4 addresses (i.e. 1.1.1.1)
![Page 7: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/7.jpg)
IoT613 - September 2015
Internet Infrastructure - Why IPv6
https://www.arin.net/knowledge/ipv6_info_center.html
![Page 8: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/8.jpg)
IoT613 - September 2015
Internet Infrastructure - Why DNSSEC
• Think about integrity in domain name resolution– Domain name DNSSEC validation – prevents
domain/application hijacking
![Page 9: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/9.jpg)
IoT613 - September 2015
Internet Infrastructure - Why DNSSEC
• Think about integrity in domain name resolution– Domain name DNSSEC validation – prevents
domain/application hijacking
![Page 10: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/10.jpg)
IoT613 - September 2015
Internet Infrastructure - Why DNSSEC
• Platform for innovation– Cryptography, PKI based, application security
Signing an authoritative DNS zone with DNSSEC
www.cira.ca A 1.1.1.1 www.cira.ca RRSIG TaHZFGsjp…
DNS record(Private Key)
![Page 11: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/11.jpg)
IoT613 - September 2015
Internet Infrastructure - Why DNSSEC
Resolver DNS Response - Calculate hashwww.cira.ca A 1.1.1.1
Resolver DNS Response - Decrypt signaturewww.cira.ca RRSIG TaHZFGsj….
(Public Key)
![Page 12: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/12.jpg)
Links to Innovation & Research
• Think .CA, IPv6 and DNSSEC• IPv6 | Deploy360 Programme - ISOC• DNSSEC DANE| Deploy360 Programme - ISOC• The Physical web – Scott Jenson• IoT DNS Security - CircleID • IETF working on home network naming architecture
![Page 13: .CA is the Trusted Platform for IoT](https://reader035.fdocuments.us/reader035/viewer/2022070603/587199501a28ab044e8b5561/html5/thumbnails/13.jpg)
Thank you
Jacques LatourChief Technology Officer
Canadian Internet Registration Authority (CIRA) [email protected]