Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson

Published byHope Arnold Modified over 8 years ago

Similar presentations

Presentation on theme: "DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson"— Presentation transcript:

1 DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson ogud@ogud.com

2 Current Status 2 drafts: –Threshold n out of m –Timers IPR claim filed against both drafts –Patent is issued in Israel –License terms Royalty free –Clause about references causes problems for some implementers IPR holder wants to update IPR statement with new terms but not posted yet

3 Larger picture Lack of DNSSEC KEY management is may soon become the excuse “de Jour” for not doing DNSSEC Large TLD’s will not deploy DNSSEC any time soon without a market.  In early deployment “configured” trust anchors will be the rule  The need for configured trust anchors may never go away

4 Next steps: WG needs to get more active on this issue or DROP IT completely WG owes the proposals: –DISCUSSION –FEEDBACK –Selection criteria –Timeline

5 Why we need Trust Anchor Management (TAM) Secure Entry Points.SE enables all domains with DS to be trusted Root will always need TAM. COMORG “.” DE ISUKSE IETF OGUDISOCDENIC wwwOPS RFCPAF

6 Trust Anchor: Timers One optional protocol change –DNSKEY Revoke bit  Invalidates DS/DNSKEY fast, this is a revocation schema for DNSSEC  “immediately” is within the traditional DNS sense of:  zone update propagation delay + TTL

7 Resolver Trust Anchor State Machine NB: Differs slightly from ID version!

8 Trust Anchors: n out of m Larger DNSKEY set required

9 The state machine

10 Open Mike Comments on proposals Comments

11 Next Step Advance –One –Both –Neither Take discussion to mailing list

Download ppt "DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson"

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
Reverse DNS SIG Summary Report APNIC Annual Member Meeting Bangkok, March 7 2002.

Reverse DNS SIG Summary Report APNIC Annual Member Meeting Bangkok, March
Oct 15 th, 2009 OGF 27, Infrastructure Area: Status of FVGA-WG Status of Firewall Virtualization for Grid Applications - Working Group

Oct 15 th, 2009 OGF 27, Infrastructure Area: Status of FVGA-WG Status of Firewall Virtualization for Grid Applications - Working Group
PWG Instructions for the WG Chair At Each Meeting, the Working Group Chair shall: Show slides #2 and #3 of this presentation Advise the WG membership that:

PWG Instructions for the WG Chair At Each Meeting, the Working Group Chair shall: Show slides #2 and #3 of this presentation Advise the WG membership that:
Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.

DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
IETF-751 Olafur Gudmundsson Andrew Sullivan.

IETF-751 Olafur Gudmundsson Andrew Sullivan.
Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.

Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting (2008-01-16)

Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting ( )
© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:

© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.
Tcpsecure ipr 1 Cisco IPR Disclosure Relating to tcpsecure Scott Bradner

Tcpsecure ipr 1 Cisco IPR Disclosure Relating to tcpsecure Scott Bradner
Ogud at ogud dot com DNS implementations guide Ólafur Guðmundsson DNSEXT chair

Ogud at ogud dot com DNS implementations guide Ólafur Guðmundsson DNSEXT chair

Similar presentations

Ads by Google