understanding the role of registrars in dnssec deployment
play

Understanding the Role of Registrars in DNSSEC Deployment Taejoong - PowerPoint PPT Presentation

Sep 13, 2023 •343 likes •1.54k views

Understanding the Role of Registrars in DNSSEC Deployment Taejoong (tijay) Chung, Roland van Rijswijk-Deij, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson 1 DNSSEC 101 example.com's Authoritative DNS Resolver DNS

  1. Anecdotal Examples Experiment Result [1] They removed a DNSSEC menu We saw the DNSKEY deployed (but [2] “ Most people do not understand DNS, not DS records) so asked why you so imagine the white faces when I mention don’t upload DS records. DNSSEC ” We asked a registrar to upload a DS It was installed successfully record by email from the different email address than the one that registered We asked a registrar to upload a DS record to our domain via web live chat 10

  2. Anecdotal Examples Experiment Result [1] They removed a DNSSEC menu We saw the DNSKEY deployed (but [2] “ Most people do not understand DNS, not DS records) so asked why you so imagine the white faces when I mention don’t upload DS records. DNSSEC ” We asked a registrar to upload a DS It was installed successfully record by email from the different email address than the one that registered It was installed on someone else’s We asked a registrar to upload a DS domain due to a mistake by the record to our domain via web live customer service agent chat 10

  3. Details of the Last Example 11

  4. Details of the Last Example 3:45:32 PM tijay hg-dnssec.com 3600 IN DS 2371 13 2 129f34c04ac58ece5218b9894148304a736a63757f58ff0cddd9b8df4989 11

  5. Details of the Last Example 3:45:32 PM tijay hg-dnssec.com 3600 IN DS 2371 13 2 129f34c04ac58ece5218b9894148304a736a63757f58ff0cddd9b8df4989 3:56:05 PM Jeniffer S Awesome! one moment 11

  6. Details of the Last Example 3:45:32 PM tijay hg-dnssec.com 3600 IN DS 2371 13 2 129f34c04ac58ece5218b9894148304a736a63757f58ff0cddd9b8df4989 3:56:05 PM Jeniffer S Awesome! one moment 3:56:09 PM Jeniffer S I have now save the request information! Manage DNSSEC paananenmusic.com Record added successfully. It can take 4-8 hours for DNS to propagate 11

  7. Details of the Last Example 3:45:32 PM tijay hg-dnssec.com 3600 IN DS 2371 13 2 129f34c04ac58ece5218b9894148304a736a63757f58ff0cddd9b8df4989 3:56:05 PM Jeniffer S Awesome! one moment 3:56:09 PM Jeniffer S I have now save the request information! Manage DNSSEC paananenmusic.com Record added successfully. It can take 4-8 hours for DNS to propagate 3:57:19 PM tijay paananenmusic.com? 3:57:28 PM tijay my domain is hg-dnssec.com? 11

  8. Details of the Last Example 3:45:32 PM tijay hg-dnssec.com 3600 IN DS 2371 13 2 129f34c04ac58ece5218b9894148304a736a63757f58ff0cddd9b8df4989 3:56:05 PM Jeniffer S Awesome! one moment 3:56:09 PM Jeniffer S I have now save the request information! Manage DNSSEC paananenmusic.com Record added successfully. It can take 4-8 hours for DNS to propagate 3:57:19 PM tijay paananenmusic.com? 3:57:28 PM tijay my domain is hg-dnssec.com? 3:58:41 PM Jeniffer S I apologize, you are right, silly me, one moment 11

  9. Open Question

  10. Open Question Why is so hard to deploy DNSSEC?

  11. Open Question Why is so hard to deploy DNSSEC? ? ? How does registrar policy impact the deployment?

  12. Outline Why is so hard to deploy DNSSEC?

  13. Outline Why is so hard to deploy DNSSEC? Popular registrar with lots of (1) domains and (2) DNSSEC-enabled domains

  14. Checking Registrar’s DNSSEC Policy Registrar Supports Registrar DNSSEC? DNS Operator 14

  15. Checking Registrar’s DNSSEC Policy Registrar Supports Registrar DNSSEC? DNS Operator Registrar Owner Supports DNS Operator DS upload? 14

  16. Checking Registrar’s DNSSEC Policy Registrar Supports Registrar DNSSEC? DNS Operator Registrar Owner Supports DNS Operator DS upload? Registrar Validates DS record? 14

  17. Popular Registrar’s DNSSEC Policy Registrar Supports DNSSEC? Registrar Supports DS upload? Registrar Validates DS record? 15

  18. Popular Registrar’s DNSSEC Policy Registrar Registrar Supports GoDaddy (domaincontrol.com) DNSSEC? NameCheap (registrar-servers.com) OVH (ovh.net) HostGator (hostgator.com) Registrar Amazon (aws-dns) Supports DS upload? Google (googledomains.com) 123-reg (123-reg.co.uk) RightSide (name.com) eNom (name-services.com) Registrar NameBright (namebrightdns.com) Validates DS record? DreamHost (dreamhost.com) The others (10 registrars) 15

  19. Popular Registrar’s DNSSEC Policy Registrar Registrar Supports GoDaddy (domaincontrol.com) DNSSEC? NameCheap (registrar-servers.com) OVH (ovh.net) HostGator (hostgator.com) Registrar Amazon (aws-dns) Supports DS upload? Google (googledomains.com) 123-reg (123-reg.co.uk) RightSide (name.com) eNom (name-services.com) Registrar NameBright (namebrightdns.com) Validates DS record? DreamHost (dreamhost.com) The others (10 registrars) 15

  20. Popular Registrar’s DNSSEC Policy Registrar 2.5/20 Registrar DNS Registrar Operator Supports GoDaddy (domaincontrol.com) DNSSEC? NameCheap (registrar-servers.com) OVH (ovh.net) HostGator (hostgator.com) Registrar Amazon (aws-dns) Supports DS upload? Google (googledomains.com) 123-reg (123-reg.co.uk) RightSide (name.com) eNom (name-services.com) Registrar NameBright (namebrightdns.com) Validates DS record? DreamHost (dreamhost.com) The others (10 registrars) Some nameservers don’t support DNSSEC 15

  21. Popular Registrar’s DNSSEC Policy Owner DNS Operator 2.5/20 Registrar DS Upload Registrar Web Email Supports — GoDaddy (domaincontrol.com) DNSSEC? — NameCheap (registrar-servers.com) — OVH (ovh.net) 11/20 — HostGator (hostgator.com) Registrar — Amazon (aws-dns) Supports — DS upload? Google (googledomains.com) — 123-reg (123-reg.co.uk) — RightSide (name.com) eNom (name-services.com) Registrar NameBright (namebrightdns.com) Validates DS record? DreamHost (dreamhost.com) The others (10 registrars) 16

  22. Popular Registrar’s DNSSEC Policy Owner DNS Operator 2.5/20 DS Registrar DS Upload Validation Registrar Web Email Supports — GoDaddy (domaincontrol.com) DNSSEC? — NameCheap (registrar-servers.com) — OVH (ovh.net) 11/20 — HostGator (hostgator.com) Registrar — Amazon (aws-dns) Supports — DS upload? Google (googledomains.com) — 123-reg (123-reg.co.uk) — RightSide (name.com) 2/20 eNom (name-services.com) Registrar NameBright (namebrightdns.com) Validates DS record? DreamHost (dreamhost.com) The others (10 registrars) 17

  23. Popular Registrar DNS Operator # of Registrar Registrar 2.5/20 Support DNSSEC? Owner 11/20 Check DS Owner 2/11 Validation Registrar DNSSEC Support for popular registrars is quite poor Each registrar has different policy for supporting DNSSEC. 18

  24. Popular DNSSEC Support Registrars Registrar Registrar Supports OVH (ovh.net) DNSSEC? Loopia (loopia.se) DomainNameShop (hyp.net) TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports OVH (anycast.me) DS upload? TransIP (transip.nl) Binero (binero.se) KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) DS record? NameCheap (registrar-servers.com) 19

  25. Registrar DNS Operator Registrar DNS Operator 10/12 Registrar DNSSEC Publish DS Registrar Default Records? Supports OVH (ovh.net) DNSSEC? Loopia (loopia.se) DomainNameShop (hyp.net) TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports OVH (anycast.me) DS upload? TransIP (transip.nl) Binero (binero.se) KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) DS record? NameCheap (registrar-servers.com) Selective support 20

  26. Owner DNS Operator 10/12 Registrar Registrar Supports OVH (ovh.net) DNSSEC? Loopia (loopia.se) DomainNameShop (hyp.net) TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports OVH (anycast.me) DS upload? TransIP (transip.nl) Binero (binero.se) KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) DS record? NameCheap (registrar-servers.com)

  27. Owner DNS Operator Owner DNS 10/12 Operator Registrar Registrar DS Upload Supports OVH (ovh.net) DNSSEC? Loopia (loopia.se) DomainNameShop (hyp.net) 10/12 TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports OVH (anycast.me) DS upload? TransIP (transip.nl) Binero (binero.se) KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) DS record? NameCheap (registrar-servers.com)

  28. DS Validation Owner DNS 10/12 DS Operator Registrar Validation Registrar DS Upload Supports OVH (ovh.net) DNSSEC? Loopia (loopia.se) DomainNameShop (hyp.net) 10/12 TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports OVH (anycast.me) DS upload? TransIP (transip.nl) Binero (binero.se) 2/12 — KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) — DS record? NameCheap (registrar-servers.com) Fetches a DNSKEY from the nameserver 22

  29. Other Security Issues Owner DNS DS Upload 10/12 DS Operator Registrar Validation Registrar DS Upload Web Email Supports — OVH (ovh.net) DNSSEC? Loopia (loopia.se) — DomainNameShop (hyp.net) 10/12 — TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports — OVH (anycast.me) DS upload? — TransIP (transip.nl) Binero (binero.se) 2/12 — KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) — DS record? — NameCheap (registrar-servers.com) 23

  30. Other Security Issues Owner DNS DS Upload 10/12 DS Operator Registrar Validation Registrar DS Upload Web Email Supports — OVH (ovh.net) DNSSEC? Loopia (loopia.se) — DomainNameShop (hyp.net) 10/12 — TransIP (transip.net) Registrar MeshDigital (domainmonster.com) Supports — OVH (anycast.me) DS upload? — TransIP (transip.nl) Binero (binero.se) 2/12 — KPN (is.nl) Registrar PCExtreme (pcextreme.nl) Validates Antagonist (webhostingserver.nl) — DS record? — NameCheap (registrar-servers.com) 23

  31. Outline Why is DNSSEC deployment so rare? ? ? How does a registrar policy impact the deployment?

  32. Outline Why is DNSSEC deployment so rare? ? ? How does a registrar policy impact the deployment? We need historical dataset

  33. Dataset Domains Measurement Period TLD (Daily Scan) Percent w/ Total DNSKEY .com 2015/03/01 ~ 2016/12/31 118,147,199 0.7% .net 2015/03/01 ~ 2016/12/31 13,773,903 1.0% .org 2015/03/01 ~ 2016/12/31 9,682,750 1.1% .nl 2016/02/09 ~ 2016/12/31 5,674,208 51.6% .se 2016-06-07 ~ 2016/12/31 1,388,372 46.7% 25

  34. Dataset Domains Measurement Period TLD (Daily Scan) Percent w/ Total DNSKEY .com 2015/03/01 ~ 2016/12/31 118,147,199 0.7% .net 2015/03/01 ~ 2016/12/31 13,773,903 1.0% .org 2015/03/01 ~ 2016/12/31 9,682,750 1.1% .nl 2016/02/09 ~ 2016/12/31 5,674,208 51.6% .se 2016-06-07 ~ 2016/12/31 1,388,372 46.7% Over 750 billion DNS Records 25

  35. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 26

  36. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 26

  37. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 26

  38. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 26

  39. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 26

  40. [1] Registry: Financial Incentive 100 .com 80 .net .org .se 60 with DNSKEY and DS record .nl .nl measurement 40 begins here Percent of domains 20 KPN KPN (*.is.nl) 0 100 .com 80 .net .org 60 .se .nl 40 .se measurement 20 begins here Loopia Loopia (*.loopia.se) 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date Financial gain is a huge incentive 
 Financial for deploying DNSSEC Incentive 26

  41. [2] Registrar: Free vs. Paid Percent of domains with 30 25 DS record 20 OVH 15 GoDaddy 10 5 0 05/15 08/15 11/15 02/16 05/16 08/16 11/16 Date 27

Recommend

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010 Sara Monteiro Technical Infrastructure Service of DNS.PT Agenda ! About us ! Scope ! Goals ! Initiatives and Support ! Developments on .pt ! Next Steps

468 views • 11 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
Who am I? DNSSEC and Registrars? Employed by Netnod Who am I? Employed by Netnod IX,

Who am I? DNSSEC and Registrars? Employed by Netnod Who am I? Employed by Netnod IX,

Who am I? DNSSEC and Registrars? Employed by Netnod Who am I? Employed by Netnod IX, DNS, Root, NTP 50% owner of Frobbit! Registrar ccTLD DNS hosting etc SSAC Chair ICANN gTLD1 gTLD2 Registry Registry gTLD1 gTLD1

192 views • 15 slides
Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia

Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia

Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia National Laboratories AIMS-4 CAIDA, SDSC, San Diego, CA Feb 9, 2012 Sandia is a multiprogram laboratory operated by Sandia Corporation, a

913 views • 37 slides
Tools for Deployment of DNSSEC Russ Mundy Co-Chair DNSSEC Initiative Cobham Analytic Solutions

Tools for Deployment of DNSSEC Russ Mundy Co-Chair DNSSEC Initiative Cobham Analytic Solutions

COBHAM Tools for Deployment of DNSSEC Russ Mundy Co-Chair DNSSEC Initiative Cobham Analytic Solutions (aka: SPARTA, Inc. ) 08 December 2010 COBHAM Simple Illustration I need to have a of DNS Components WWW record Zone Administrator

979 views • 62 slides
DNSSEC Deployment: From End-Customer to Content ION San Diego December 11, 2012

DNSSEC Deployment: From End-Customer to Content ION San Diego December 11, 2012

DNSSEC Deployment: From End-Customer to Content ION San Diego December 11, 2012 www.internetsociety.org/deploy360/ Our Panel Today Moderator: Dan York, Internet Society Panelists: Jim Galvin, Afilias Rick Lamb, ICANN Cricket Liu,

772 views • 41 slides
Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based

Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based

Making the Case for Elliptic Curves in DNSSEC an analysis of the impact of switching to ECC based on current DNSSEC deployments in .com, .net and .org Introduction DNSSEC deployment has taken off, but there are still operational issues

408 views • 16 slides
1 Overview Introduction DNSSEC mechanisms To authenticate servers (TSIG ) To

1 Overview Introduction DNSSEC mechanisms To authenticate servers (TSIG ) To

Welcome! DNS/DNSSEC Deployment tutorial Champika Wijayatunga <champika@apnic.net> 2 August 2006, Karachi, Pakistan In conjunction with SANOG 8 Background The original DNS protocol wasnt designed with security in mind It has

705 views • 15 slides
Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research

Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research

Introduction Methodology Results Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research Project Nicolas Canceill SNE RP2 Presentations July 2, 2014 1/19 Introduction Methodology Results

398 views • 19 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNS Operator Role Bootstrapping DNSSEC Chain of Trust Update since ICANN53 Buenos Aires ICANN54

DNS Operator Role Bootstrapping DNSSEC Chain of Trust Update since ICANN53 Buenos Aires ICANN54

DNS Operator Role Bootstrapping DNSSEC Chain of Trust Update since ICANN53 Buenos Aires ICANN54 Dublin DNSSEC Workshop Latour - October 21, 2015 Last update ICANN53 DNSSEC Workshop June 24, 2015

442 views • 11 slides
Mouhamet Diop is the CEO of NEXT SA, an innovative

Mouhamet Diop is the CEO of NEXT SA, an innovative

DNSSEC Activities in Africa ISPs, Registries, and Registrars Wilson Abigaba Wilson is the IT Projects Manager at Orange Uganda. He led IPv6

47 views • 4 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research

Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research

Introduction Methodology Results Measuring the Deployment of DNSSEC over the Internet System & Network Engineering Research Project Nicolas Canceill RIPE68 May 14, 2014 1/20 Introduction Methodology Results Introduction 1

673 views • 20 slides
DNSSEC in .SE Anne-Marie Eklund Lwinder amel@iis.se; Twitter: @amelsec Its a long story,

DNSSEC in .SE Anne-Marie Eklund Lwinder amel@iis.se; Twitter: @amelsec Its a long story,

DNSSEC in .SE Anne-Marie Eklund Lwinder amel@iis.se; Twitter: @amelsec Its a long story, as you may already be aware of. Deployed by a smaller number out of 148 of the .SE accredited registrars, 4 from the top-10. The biggest

421 views • 5 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
Thank you for the opportunity to speak to you at this Registrars information session. I am aware

Thank you for the opportunity to speak to you at this Registrars information session. I am aware

Thank you for the opportunity to speak to you at this Registrars information session. I am aware that many of you are at different stages of understanding and experience in electronic conveyancing. During this session I would like to take you on the

623 views • 28 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
From construction to deployment of LifeWatchGreece: The potential role of EGI - LW Competence

From construction to deployment of LifeWatchGreece: The potential role of EGI - LW Competence

From construction to deployment of LifeWatchGreece: The potential role of EGI - LW Competence Centre by Emmanouela Panteri Contributors: Christos Arvanitidis, Nicolas Bailly, Sarah Faulwetter,, Jacques Lagnel, George Perantinos, Anastasis

667 views • 17 slides
An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that let your computer false

609 views • 34 slides
.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry experienced 30th April 2015-- Longest mornings I have ever had. Day started as usual but takes a turn at 9:30am Great day turns to a

449 views • 11 slides

More recommend