ebook img

Living on the Edge PDF

104 Pages·2017·5.36 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Living on the Edge

Living on the Edge Greatly needed stub resolver capabilities for applications and systems with the library Willem Toorop 4 February 2018 FOSDEM18 (Bruxelles) photo: Pixabay the edge (end user devices) Muhammad Rafizeldi the infrastructure Cskiran Pratyeka Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 2/104 Muhammad Rafizeldi Encryption everywhere Cskiran Pratyeka Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 3/104 The DNS ecosystem Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 4/104 Encryption everywhere Authoritative . Authoritative org DNSSEC Aware Recursive Authoritative fosdem.org resolver Browser (application) WebSrv https stub OS ● TLS authenticates the DNS name Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 5/104 DNSKEY DS A fosdem.org DNSKEY DS org DNSKEY · Encryption everywhere Authoritative . Authoritative org DNSSEC Aware Recursive Authoritative fosdem.org resolver Mailer (application) Apeiron stub MailServ OS ● TLS authenticates the DNS name ● Still need DNSSEC for redirections (MX, SRV) Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 6/104 DNSKEY DS MX fosdem.org DNSKEY DS org DNSKEY · smtp + STARTTLS apeiron.fosdem.org Encryption everywhere © Olaf Kolkman ● 1482 Certificate Authorities in 2010 Eckersley, Peter, and Jesse Burns. "An observatory for the SSLiverse." Talk at Defcon 18 (2010). ● Strengthen TLS with stub: DANE ● Signalling TLS support (for SMTP and the like) Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 7/104 Encryption everywhere st 1 hurdle: Trust Anchor Management Root KSK ● RFC5011 (in protocol rollover) ● Assumes permanent running process with system privileges Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 8/104 Encryption everywhere st 1 hurdle: Trust Anchor Management Root KSK ● RFC7958 ICANN Root CA Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 9/104 2029-12-18 Encryption everywhere st 1 hurdle: Trust Anchor Management Root KSK RFC 7958 Root Zone Trust Anchor Publication August 2016 ● IRt FisC i7mp9o5rt8ant to note that the ICANN CA is not a DNSSEC trust anchor. Instead, it is an optional mechanism for verifying the content and origin of the XML and certificate trust anchors. Abley, et al. Informational [Page 10] ICANN Root CA Willem Toorop (NLnet Labs) Living on the Edge – FOSDEM18 10/104 2029-12-18

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.