Emergency Contacts (ECON) draft-hardie-ecrit-iris-03 Andrew Newton, VeriSign Ted Hardie, Qualcomm Hannes Tschofenig, Siemens Andrew Newton IETF ECRIT Working.

Slides:



Advertisements
Similar presentations
The Internet Registry Information Service (IRIS) Protocol January 12, 2005 Marcos Sanz, DeNIC Andrew Newton, VeriSign Leslie Daigle, VeriSign.
Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
DDI3 Uniform Resource Names: Locating and Providing the Related DDI3 Objects Part of Session: DDI 3 Tools: Possibilities for Implementers IASSIST Conference,
LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
The Application Layer Chapter 7. Where are we now?
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Department of Information Engineering 1 What is port number? OK, you know that in order to connect to Internet, each computer must have a unique address.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
DNS.
SDO Emergency Services Coordination Workshop (ESW06) 1 A Location-to-Service Translation Protocol (LoST) & Mapping Protocol Architecture Ted Hardie Andrew.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.
DNS: Domain Name System
Secure Socket Layer (SSL)
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Examining TCP/IP.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept
July 2006IETF66 - ECRIT1 LoST: A Location-to-Service Translation Protocol draft-ietf-ecrit-lost-00 Ted Hardie Andrew Newton Henning Schulzrinne Hannes.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
IETF-81, Quebec City, July 25-29, 2011
1 Client-Server Interaction. 2 Functionality Transport layer and layers below –Basic communication –Reliability Application layer –Abstractions Files.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Chapter 2 Application Layer Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007.
Emergency Contacts (ECON) draft-hardie-ecrit-iris-02 Andrew Newton, VeriSign Ted Hardie, Qualcomm Hannes Tschofenig, Siemens Andrew Newton IETF ECRIT Working.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
LoST A Location-to-Service Translation Protocol draft-hardie-ecrit-lost-00.txt.
E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.
IRIS and Application Transports Andrew Newton CRISP Working Group 58 th IETF, Minneapolis, MN, USA November 12, 2003.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
ECRIT interim meeting - Washington, DC - Feb LUMP: Location-to-URL mapping draft-schulzrinne-ecrit-lump Henning Schulzrinne Columbia University.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
IMPLEMENTING NAME RESOLUTION USING DNS
DNS.
Unit 5: Providing Network Services
COMP3220 Web Infrastructure COMP6218 Web Architecture
Chapter 19 Domain Name System (DNS)
Subject Name: Computer Communication Networks Subject Code: 10EC71
SSL Protocol Figures used in the presentation
Starting TCP Connection – A High Level View
Ted Hardie Andrew Newton Henning Schulzrinne Hannes Tschofenig
Internet Applications & Programming
LUMP: Location-to-URL mapping draft-schulzrinne-ecrit-lump
Presentation transcript:

Emergency Contacts (ECON) draft-hardie-ecrit-iris-03 Andrew Newton, VeriSign Ted Hardie, Qualcomm Hannes Tschofenig, Siemens Andrew Newton IETF ECRIT Working Group 1 February 2006 Washington, DC, US

Background + Emergency Contact (ECON) is specified as an IRIS (RFC 3981) registry type. ▪ A simple request/response protocol using XML. ▪ Uses S-NAPTR (RFC 3958) – Profiled use of NAPTR and SRV – Distinguishes between App proto and Transfer Proto – Protocol preference can be stated. – Host/port preference can be stated. + IRIS was created in the CRISP working group by TLD operators. ▪ Who know a thing or two about high resolution loads, operations of highly available services, and moving data around the globe.

A Simple Request <findEconByCivic xmlns="urn:ietf:params:xml:ns:econ1" > US New York Broadway 123 Suite police

A Simple Response <emergencyContact xmlns="urn:ietf:params:xml:ns:econ1" authority="example.com" registryType="econ1" entityClass="econ" entityName="nypd" > New York City Police Department police

Caching + Caching of answers by “seekers”. + In the case of civic addresses… ▪ If your civic address does not change within X number of minutes, do not requery. + In the case of geo… ▪ If your coordinates stay within polygon Y for X number of minutes, do not requery.

Database Replication in ECON + We take no single position on database replication with ECON. ▪ It most likely will differ greatly throughout the world. ▪ Isn’t it out of scope? + But we have identified 3 methods of conducting database replication with ECON. ▪ Serialized database entries to a file as specified in IRIS. – And the file transfer protocol of your choice. Many people like SFTP. ▪ ECONREP (ECON Replication) – Interactive IRIS profile. – Replication of entries before they become active. – Incremental replication. ▪ Anything you find that works better for your situation. – RDBMS replication – Shared Network Memory – Osmosis, crystal balls, and strong hope

Object Signing Considered Harmful + My house is on fire. Who do I call? ▪ Please update your client with the proper trust anchors. – My house is still on fire. ▪ Please cryptographically verify these URIs. – It’s getting hotter. ▪ Please check this CRL. – Did I mention that my house is on fire? + Object signing is useful for diagnosing problems. ▪ But that happens after the incident, not during. ▪ All the mechanisms to get object signing to work seem to be a pretty heavy price to pay for a diagnostic tool. + Due to the nature of ECRIT, will need to be “on-the-fly”. ▪ VERY CPU INTENSIVE

Comparison to DNS SOS and LUMP + DNS SOS ▪ Similar in that it is built for speed by trying to utilize UDP when possible. ▪ Unlike in that its query framework is not intertwined with its octet framing. – IRIS/ECON uses XML, which is much more flexible. + LUMP ▪ Similar in that is just as flexible in the query framework. ▪ Unlike in that it does not require heavyweight transfer protocol interactions used by SOAP/HTTPS. – IRIS/ECON uses UDP when possible to gain efficiencies and takes into careful consideration the copious use of security mechanisms which may weigh down the protocol.

Packets in a Simple UDP Transaction ClientServer Tell me about example.com Here is the data

Packets in a typical TCP Transaction ClientServer Open a TCP connection Are you Sure? Yes. I need some data. Here is the data Thanks. Close the TCP connection Ok. { Connection induced state. Consumes memory, ports, and CPU in the server. { NOTE: At this point 3 packets have been exchanged, but no data has been exchanged.

Messages in a typical TLS Transaction ClientServer Open a TCP connection Are you Sure? Yes. I need some data. Here is the data Thanks. Close the TCP connection Ok. { This is where ECRIT data starts to be exchanged. TLS( ClientHello). TLS( ServerHello). TLS( Certificate ). TLS( ServerHelloDone ). TLS( ClientKeyExchange ). TLS( ChangeCipherSpec ). TLS( Finished ). TLS( ChangeCipherSpec ). TLS( Finished ). TLS( ClosureAlert ).

UDP vs. TCP vs. TLS + IRIS queries over UDP, TCP, and TLS. + 5 distinct queries X 500 iterations ▪ = 2,500 queries + UDP ▪ 13.8 X faster than TCP ▪ 45.9 X faster than TLS + TCP ▪ 3.4 X faster than TLS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.