dns dnssec dane dprive
play

DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results! DNS Team - PowerPoint PPT Presentation

Dec 06, 2023 •524 likes •753 views

DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results! DNS Team Hackathon Projects DNS Privacy topics getdnsapi extension (call debugging) implemented with changes so user learns transport/privacy results edns0-client-subnet privacy

  1. DNS, DNSSEC, DANE, DPRIVE IETF 94 Hackathon Results!

  2. DNS Team Hackathon Projects • DNS Privacy topics – getdnsapi extension (call debugging) implemented with changes so user learns transport/privacy results – edns0-client-subnet privacy electjon – edns0-padding optjon (implementatjon under way) – Check TLS at Recursive - node.js applicatjon • DNSSEC topics – DNSSEC roadblock avoidance – proposed new extension for getdnsapi – CDS/CDNSKEY - …

  3. DNS Team Hackathon Projects • DANE-related – Sketch for OPENPGPKEY RRs in an ietg.org zone for IETF’s role-based email addresses – Allison Mankin and Tomofumi Okubo • Other – getdns built for OpenBSD – Melinda Shore – getdns brew formula updated – Matu Miller – getdns PHP bindings updated to new release features – Scotu Hollenbeck – Miscellaneous engagements with other tables

  4. DNS Privacy • Every Internet fmow begins with queries to DNS • DNS queries are meta-data • Example of user exposing possible travel planning • Someone monitoring A? AAAA? hotel.example.berlin A? AAAA? buytix.example.de

  5. DNS Privacy DNS queries are meta-data A? AAAA? hotel.example.berlin A? AAAA? buytix.example.de

  6. Client Privacy from drafu-ietg-dnsop-client- subnet-04 - Daniel Kahn Gillmor (DKG)

  7. Client sends value of 0 to opt out

  8. John/Sara Dickinson - Transport and Privacy Results from getdns

  9. Gowri Visweswaran/Sara Dickinson – getdns node.js Tool to Check TLS at Recursive

  10. (drafu-ietg-dprive-dns-over-tls)

  13. Extra Motjvatjon for DNSSEC as well as DNS Privacy Work

  14. Willem Toorop/Benno Overeinder - DNSSEC Roadblock Avoidance The recursive resolver needs to be DNSSEC-Aware The recursive resolver needs to be DNSSEC-Aware There are many middle boxes and others that are not. There are many middle boxes and others that are not. drafu-ietg-dnsop-dnssec-roadblock-avoidance drafu-ietg-dnsop-dnssec-roadblock-avoidance

  16. Roadblock

  17. Roadblock Avoidance Getdns release candidate containing this later this week!

  18. Shumon Huque and Jan Včelák - CDS Monitor

  21. Champions and More Champions • Dickinson, Sara • Cathrow, Andy • Kahn Gillmor, Daniel • Dickinson, John • Mankin, Allison • Huque, Shumon • Shore, Melinda • Miller, Matu • Toorop, Willem • Tomofumi Okubo • Wicinski, Tim • Overeinder, Benno • Včelák, Jan • Seltzer, Wendy • Visweswaran, Gowri

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNS / DNSSEC / DANE / DPRIVE Results at IETF 93

DNS / DNSSEC / DANE / DPRIVE Results at IETF 93

DNS / DNSSEC / DANE / DPRIVE Results at IETF 93 Hackathon 18-19 July 2015 Prague, Czech Republic Summary What We Are Working On

256 views • 7 slides
DNS/DNSSEC/DPRIVE IETF 96 Hackathon Problem Solved DNS security and

DNS/DNSSEC/DPRIVE IETF 96 Hackathon Problem Solved DNS security and

DNS/DNSSEC/DPRIVE IETF 96 Hackathon Problem Solved DNS security and privacy enhancements and interoperabilty Method of Solution multiple user stories, multiple open source prototypes Highlight 1: DNSSEC

246 views • 12 slides
DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6

DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6

DANE/DNSSEC/TLS Tes-ng in the Go6lab Jan or, ISOC/Go6 Ins-tute, Slovenia jan@go6.si zorz@isoc.org Acknowledgement I would like to thank Internet

980 views • 28 slides
DNS/DNSSEC/DANE/DNS-over- TLS etc. Team IETF95 Hackathon In-Person: Ray Bellis, Sebastian

DNS/DNSSEC/DANE/DNS-over- TLS etc. Team IETF95 Hackathon In-Person: Ray Bellis, Sebastian

DNS/DNSSEC/DANE/DNS-over- TLS etc. Team IETF95 Hackathon In-Person: Ray Bellis, Sebastian Castro, Sara Dickinson, John Dickinson, Ralph Dolman, Robert Edmonds, Evan Hunt, Shumon Huque, Daniel Kahn Gillmor, Shane Kerr, Dave Lawrence,

183 views • 16 slides
SSL -Absicherung mittels DANE und Sicheres DNSSEC mit Bind 9.x Linux hchstpersnlich.

SSL -Absicherung mittels DANE und Sicheres DNSSEC mit Bind 9.x Linux hchstpersnlich.

Dynamisches DNSSEC mit Bind 9.x Peer Heinlein <p.heinlein@heinlein-support.de> SSL -Absicherung mittels DANE und Sicheres DNSSEC mit Bind 9.x Linux hchstpersnlich. Dynamisches DNSSEC mit Bind 9.x Peer Heinlein

847 views • 66 slides
DNSSEC, DANE and SMTP Security A Mid-level Overview Wes Hardaker Parsons Downgrade Resistant,

DNSSEC, DANE and SMTP Security A Mid-level Overview Wes Hardaker Parsons Downgrade Resistant,

DNSSEC, DANE and SMTP Security A Mid-level Overview Wes Hardaker Parsons Downgrade Resistant, Opportunistic Security for Server To Server E-Mail Delivery Overview Server-to-Server E-Mail background SMTP Vulnerabilities DANE/SMTP to

360 views • 16 slides
IETF DPRIVE WG: Encrypting DNS Sara Dickinson Sinodun ICANN 54 - Tech Day October 2015 DPRIVE

IETF DPRIVE WG: Encrypting DNS Sara Dickinson Sinodun ICANN 54 - Tech Day October 2015 DPRIVE

IETF DPRIVE WG: Encrypting DNS Sara Dickinson Sinodun ICANN 54 - Tech Day October 2015 DPRIVE WG Focus is stub to recursive Group IETF92 IETF91 IETF93 created A ID: problem-statement RFC7626 ID: dns-tls-newport A ID:

244 views • 23 slides
Research Project 1: Implementing DANE Pieter Lexis System and Network Engineering Wed, Feb 8

Research Project 1: Implementing DANE Pieter Lexis System and Network Engineering Wed, Feb 8

Research Project 1: Implementing DANE Pieter Lexis System and Network Engineering Wed, Feb 8 2012 1 of 21 Table of contents Basics DNS and DNSSEC PKIX and trust DANE Research Swede Features Reactions Tests and results Conclusion 2 of

841 views • 24 slides
DPRIVE WG DNS PRIVate Exchange 1 IETF 95, Buenos Aires, AR 2016-04-06 Welcome to DPRIVE Chairs

DPRIVE WG DNS PRIVate Exchange 1 IETF 95, Buenos Aires, AR 2016-04-06 Welcome to DPRIVE Chairs

DPRIVE WG DNS PRIVate Exchange 1 IETF 95, Buenos Aires, AR 2016-04-06 Welcome to DPRIVE Chairs : o Tim Wicinski <tjw.ietf@gmail.com> o Warren Kumari <warren@kumari.net> Jabber Scribe : o dprive@ietf.jabber.org Minutes :

452 views • 9 slides
Sending E-Mail Today MX Priority #1 SMTP Exchange

Sending E-Mail Today MX Priority #1 SMTP Exchange

DANE and SMTP: TLS Protec4on for SMTP Using DANE and DNSSEC Russ Mundy & Wes Hardaker Parsons <Russ.Mundy@parsons.com> <mundy@4slabs.com> 7/17/13

481 views • 9 slides
S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background

S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background

S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background Slow Uptake of DNSSEC Need killer-app DANE!! SMIMEA!! But still slow uptake Windows still king Outlook still king Kaminsky 2009

547 views • 5 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust

Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust

Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust for Off-The-Record With DNS and DNSSEC Allison Mankin (Verisign Labs), Willem Toorop (NLNet Labs), Iain Learmonth (University of Aberdeen) ,

484 views • 9 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
Group (T2TRG) May 15, 2017 T2TRG Started in March 2015, Chartered by the Internet Research

Group (T2TRG) May 15, 2017 T2TRG Started in March 2015, Chartered by the Internet Research

IRTF Thing to Thing Research Group (T2TRG) May 15, 2017 T2TRG Started in March 2015, Chartered by the Internet Research Task Force (IRTF) Investigate "Internet of Things" applications and architecture beyond IETF CoRE/CoAP

244 views • 8 slides
Standardization: W3C & IETF Alex Fowler, Global Privacy & Public Policy Leader, Mozilla

Standardization: W3C & IETF Alex Fowler, Global Privacy & Public Policy Leader, Mozilla

Standardization: W3C & IETF Alex Fowler, Global Privacy & Public Policy Leader, Mozilla W3C Web & User Privacy Tracking Workshop April 29, 2011 Why standardize? What should get standardized? Should standards groups define policy?

331 views • 10 slides
IETF 87 Administrative Plenary 1 Agenda 1. Welcome 2. Introducing the sponsors 3. Reporting

IETF 87 Administrative Plenary 1 Agenda 1. Welcome 2. Introducing the sponsors 3. Reporting

IETF 87 Administrative Plenary 1 Agenda 1. Welcome 2. Introducing the sponsors 3. Reporting - IETF Chair - IAOC Chair and IAD - IETF Trust Chair - NomCom Chair 4. Postel Award 5. Recognition 6. More reporting - Diversity team - Open

385 views • 16 slides
VWRAP WG IETF 77 Chairs: Barry Leiba & Joshua Bell Note Well Any submission to the IETF

VWRAP WG IETF 77 Chairs: Barry Leiba & Joshua Bell Note Well Any submission to the IETF

VWRAP WG IETF 77 Chairs: Barry Leiba & Joshua Bell Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft or RFC and any statement made within the context of an IETF

311 views • 5 slides
A prior near-ignorance Gaussian Process model for nonparametric regression Francesca Mangili

A prior near-ignorance Gaussian Process model for nonparametric regression Francesca Mangili

Introduction Gaussian Process (GP) Imprecise GP (IGP) Constant mean IGP Application Conclusions A prior near-ignorance Gaussian Process model for nonparametric regression Francesca Mangili francesca@idsia.ch Istituto Dalle Molle di

309 views • 15 slides
TI-MFA: Keep Calm and Reroute Segments Fast Klaus-Tycho Foerster Mahmoud Parham University of

TI-MFA: Keep Calm and Reroute Segments Fast Klaus-Tycho Foerster Mahmoud Parham University of

TI-MFA: Keep Calm and Reroute Segments Fast Klaus-Tycho Foerster Mahmoud Parham University of Vienna, Austria University of Vienna, Austria Marco Chiesa Stefan Schmid KTH, Sweden University of Vienna, Austria Fast Rerouting (FRR)

719 views • 61 slides
Forwarding Traffic Down Tunnels Sources: MPLS Forum, Cisco V. Alwayn, Advanced MPLS Design and

Forwarding Traffic Down Tunnels Sources: MPLS Forum, Cisco V. Alwayn, Advanced MPLS Design and

Forwarding Traffic Down Tunnels Sources: MPLS Forum, Cisco V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press E. W. Gray, MPLS Implementing the Technology , Addison Wesley B. Davie and Y. Rekhter, MPLS Technology and Applications ,

696 views • 24 slides
Optimizing IGP Link Costs for Improving IP-level Resilience Gbor Rtvri, Levente Csikor,

Optimizing IGP Link Costs for Improving IP-level Resilience Gbor Rtvri, Levente Csikor,

Optimizing IGP Link Costs for Improving IP-level Resilience Gbor Rtvri, Levente Csikor, Jnos Tapolcai High Speed Networks Laboratory Department of Telecommunications and Media Informatics Budapest University of Technology and Economics

310 views • 17 slides

More recommend