KE Vincent Ngundi

Advanced ccTLD Workshop Assessment and Planning Guide

=

This assessment form is to help us determine what topics and direction to take when we finalize a course outline for upcoming ccTLD workshops. We wish to customize the workshop topics to areas that will be useful to you. The more information you can give us in this assessment document, the better we will be able to do this.

1. SELF-ASSESSMENT

1a. Describe a major challenge that you have faced over the last months or years in operating and developing the registry operation.

Please include:

	* The policy and the technical aspects of the challenge.
	* Interested parties who were involved in the process.
	* Solutions, if any, you have deployed to solve the challenge(s).
	* Tools or training that were included in your planning process.

I have experienced a couple of challenges while running the dot KE registry. These include:

• Awareness ICT awareness has been an issue that needs to be addressed in the country. Worth noting, this is not an issue that can be addressed solely by KENIC. We are therefore advocating and working with the rest of the local ICT community to increase the level of ICT awareness in the country.
• Security - especially in DNS Threats, like the DNS cache poisoning vulnerability which has raised a lot of concern the word over, have been of concern to us as a registry. From our end, we are working on resolving these issues within our registry while at the same time informing the local Internet community of these vulnerabilities and recommending the way forward. Capacity building in DNSSEC is vital, especially with the exponential growth in Internet users.
• Incorporating EPP into Registry Systems Registrars/Registrants are now requesting whether they can build applications(API's) that can be integrated with the KENIC Registry system thereby automating the domain registration process. An example is using an sms application to register a domain name. Of course, this brings about the subject of registry systems that support EPP. KENIC uses the .br registry system and it would be nice if we could have a discussion on incorporating EPP solutions/modules into existing registry systems that don't support EPP. Maybe we could have participants share their experiences in implementing EPP on their registry systems.
• Dispute Resolution This is especially with the bundling up of domains with ISP services and domain name ownership. The challenge is ignorance on the part of the registrants when it comes to the registry policies/lack of knowledge on the bottom-up policy development process.

Awareness of the dot KE registry policies has been helpful as the registrars/registrants are now informed of their rights. We are also planning to have a session on registry policies during the upcoming AGM in August 2008. KENIC is also currently participating in the organisation of an East African IGF (EAIGF) that is scheduled for November this year. We are hoping that this forum will raise the level of awareness on Internet management matters.

• Privacy Issues - whois policy Registrants have requested that KENIC enhance its whois policy to include aspects of privacy, mainly concealing some domain name data from the public whois.

Given some of the challenges that this subject may bring about, especially with encouraging hacking and spamming, we'll also be discussing the same during the KENIC AGM in August 2008 and during the EAIGF. We feel that the local Internet community should be enlightened on the impact of an anonymous whois, for example. I _highly recommend that this issue be discussed during the ccTLD workshop.

• Online Payments Registrars/Registrants need convenience and they're pushing for an online payments solution to avoid the trips to KENIC when making payments. We've tried to put in place solutions like advance payments and using a semi-online solution from one of our GSM providers. But the ultimate solution wijll be a fully online solution. The challenge is that currently the country doesn't have relevant (e-commerce) legislation in place. We are hoping that this will be done by the end of the year.
• IPv6 Though the registry infrastructure/ registry system supports IPv6, none of our registrars are actually using the technology.
• Cost models The local Internet community have expressed their concerns over the cost of dot KE domain names. Their argument is that the name space needs to compete with the gTLD, mainly .com, pricing model. Though this is an issue of economies of scale, where we need to raise enough to meet the financial /operational requirements of the registry, we are working on a strategy, in partnership with the government and other stakeholders, to bring the cost to a more competitive level.

1b. Describe the projects on which you are currently working to solve or deploy, and their importance (ranking).

Please include:

	* Interested parties involved in the process.
	* Plans for new hardware or software.
	* Additional skills or training that would support your project.

• Awareness We shall be embarking on a major 3-year awareness campaign in the next few months. Lack of awareness in the country is one the major factors that has led to the low uptake of ICT's. The campaign is two-fold, there's the campaign that is being run solely by KENIC and joint initiatives with stakeholders.
• NOC We are currently working on setting up a state-of-the-art NOC for the dot KE registry. We already have a proposal for the same and are seeking sponsorship from, among others: the ICT Ministry, the local telecommunications/postal regulator, the Kenya ICT Board, the local association of ISP's, vendors, the National Startup Resource Centre (NSRC) and ISOC! The time line is one year staring October 2008. This project will require new hardware and software.
• DNSSEC This is a project we've been running for a while. We are looking at implementing TSIG on our dot KE name servers as we plan on signing our zone in the near future. Training and resources are some of the challenges we are facing in this project. We're looking at having deployed DNSSEC hopefully in the next 3 years.
• EPP Solution As described above, we are planning to integrate an EPP module on our registry system. The challenge we're having with this project is mainly human technical capacity. We are working with .br engineers to see how best to go about it. At the same time, we are exploring other registry systems which have this component out-of-the-box. The challenge with using another registry system will be moving the current data (importing) to the new system. A discussion on this would be quite vital/helpful. Time line for this project is a year and the project will require new software.
• Online Payments We are working on implementing online payments in our registry. The challenge, as described above, is lack of relevant legislature. We already have service providers testing online payment solutions in the country, so for now, I don't think the service would pose a challenge once the legislation is in place. The time line for this project is dependent on when we shall have relevant legislation in place. It will also require additional software and Service Level Agreements (SLA's).
• All the above projects are aimed at enhancing the value proposition of the dot KE registry services (domain name services).

1c. Describe the major areas where you plan to spend resources (time, money) in the next two years and how important they are to your registry.

Please include:

	* A timeline (within 6 months, within 2 years, ..).
	
	* Additional requirements (staff, tools, software, etc.).
	
	* How did these topics make your list.
          (scaling issue, customer demand, value add service etc.)
	
	* Probability of actual deployment.
          (not very likely, rather likely, very likely, unavoidable).

• Awareness (we are developing a 3-year strategy but it's an area that will receive continuous attention) This will require financial resources and consultancy services.
• Enhancing the Technical Function (this is an area that will receive continuous attention) This may require additional staff, hardware and software.
• Enhancing the Human Resource Function (this is an area that will receive continuous attention)
• Enhancing Corporate Governance (this is an area that will receive continuous attention)
• Projects that benefit the local Internet community (additional instance/mirrors of root, gTLD and ccTLD servers etc…)
• All the above projects are aimed at enhancing the value proposition of the dot KE registry services (domain name services). We aim at implementing all these plans possibly within the planned time frames.

2. GENERAL TECHNICAL QUESTIONS

These questions are for the individual or individual from your organization who will be attending. Please be sure to answer questions about knowledge of specific items as they pertain to yourself. Please check all boxes that apply to you.

2a. How would you rate yourself in terms of Linux or Unix use?

[__] Never used either

[__] Beginner: Just getting started. Have worked at the command line some.

[__] Intermediate: I've installed Linux or Unix, edited files, installed software, stopped and started services.

[Yes] Advanced: I use it regularly. Editing files, installing software, configuring services and troubleshooting problems.

2b. What is your experience using DNS?

[Yes] I understand how DNS works and use tools like dig to query the DNS.

[Yes] I've installed BIND/NSD/Other, configured zones, etc.

[Yes] I know about or am interested in DNSSEC, TSIG, DNS with IPv6, etc.

[__] I do all of the above.

[Yes] Other, please describe: I have already setup a testbed for DNSSEC (TSIG and zone signing) but I guess DNSSES is bigger than that. Most importantly, I'd like to learn more on the area of zone key management and related key management tools.

2c. Security

[Yes] I'm responsible for securing network servers and services at my location.

[Yes] I'm responsible for securing the network at my location.

[Yes] I use cryptographic security with services such as ssh, ssl, pgp, dnssec, digital certificates, etc.

[__] I do not need to deal with security issues in my position.

[Yes] Other, please describe: Despite being the Administrative Manager, my first and most vital responsibility is to ensure the stability of the dot KE registry.

2d. Network Monitoring

[Yes] I've installed, configured and use network monitoring software such as Nagios, mrtg, Smokeping, snmp, etc.

[__] Our organization uses network monitoring software which I take advantage of, but do not maintain.

[__] I have not used or installed network monitoring software.

[__] Other, please describe:

2e. Tools

Which Operating System are you running on your servers? FreeBSD

Which Operating System are you running on your Desktop/Laptop? Fedora Core, Ubuntu and Mac OS X

What is your favorite text editor? vi

List your top 5 most used command line tools: dig, ssh, telnet, nmap, ping, scp

List your top five most used applications or programming tools: entourage & PGP (mail client), safari(web browser), .br Registry System, cron, unix shell scripts, Taco HTML editor, joomla.

As for the services I manage at the registry, these include: bind (DNS), apache (web), postfix/cyrus/squirrelmail (mail), mailman (mailing list), otrs (ticketing system), NAGIOS/ntop/MRTG/Smokeping/SNMP/ etc…

3. TOPICS FOR HANDS ON TRAINING:

Looking at your current needs and plans, list five topic areas where you would like additional training for your technical staff.

Possible topics include:

    * Single to Multiple Registry to Registrar Model (EPP) - Yes
    * Building out Your Registry - Yes 
    * Registry Tools - Yes
    * DNSSEC - Yes
    * Scripting & Automation - Yes
    * Backup/Rsync Practical - Yes
    * Cryptographic Methods - Yes

    * Databases
    * DSC
    * Logging
    * MRTG/RRDTool
    * Nagios w/Examples
    * Network Monitoring/Management
    * Operating System Basics
    * PGP
    * Revision Control in Practice
    * Security - Yes 
    * Service Level Agreements (SLAs)
    * SmokePing
    * SNMP
    * SSL/Digital Certificates
    * Ticket Systems/Helpdesk (RT/Trac) 

4. ANYTHING ELSE?

If there is anything else you wish to tell us about your experience or expectations for this workshop please do so below.

I would highly recommend that we have a session where participants share their experience in registry management. Some of the topics I'd highly recommend for discussion include Single to Multiple Registry to Registrar Model (EPP), Registry Systems, Security (mailny DNSSEC) and POlicy (Dispute Resolution & WHOIS).