Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- short-paperOctober 2023
Extended DNS Errors: Unlocking the Full Potential of DNS Troubleshooting
IMC '23: Proceedings of the 2023 ACM on Internet Measurement ConferencePages 213–221https://doi.org/10.1145/3618257.3624835The Domain Name System (DNS) relies on response codes to confirm successful transactions or indicate anomalies. Yet, the codes are not sufficiently fine-grained to pinpoint the root causes of resolution failures. RFC~8914 (Extended DNS Errors or EDE) ...
- posterNovember 2022
Poster: The Unintended Consequences of Algorithm Agility in DNSSEC
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityPages 3363–3365https://doi.org/10.1145/3548606.3563517Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. In this work we show that the cryptographic agility in DNSSEC, although critical for provisioning ...
- research-articleNovember 2022
Behind the Scenes of RPKI
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityPages 1413–1426https://doi.org/10.1145/3548606.3560645Best practices for making RPKI resilient to failures and attacks recommend using multiple URLs and certificates for publication points as well as multiple relying parties. We find that these recommendations are already supported by 63% of the ASes with ...
- keynoteApril 2022
How (Not) to Deploy Cryptography on the Internet
CODASPY '22: Proceedings of the Twelfth ACM Conference on Data and Application Security and PrivacyPage 1https://doi.org/10.1145/3508398.3511270The core protocols in the Internet infrastructure play a central role in delivering packets to their destination. The inter-domain routing with BGP (Border Gateway Protocol) computes the correct paths in the global Internet, and DNS (Domain Name System) ...
- posterNovember 2021
Predictive Cipher-Suite Negotiation for Boosting Deployment of New Ciphers
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityPages 2423–2425https://doi.org/10.1145/3460120.3485349Deployment of strong cryptographic ciphers for DNSSEC is essential for long term security of DNS. Unfortunately, due to the hurdles involved in adoption of new ciphers coupled with the limping deployment of DNSSEC, most domains use the weak RSA-1024 ...
- rfcMarch 2017
RFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
RFC 7344 specifies how DNS trust can be maintained across key rollovers in-band between parent and child. This document elevates RFC 7344 from Informational to Standards Track. It also adds a method for initial trust setup and removal of a secure entry ...
- rfcApril 2016
RFC 7828: The edns-tcp-keepalive EDNS0 Option
DNS messages between clients and servers may be received over either UDP or TCP. UDP transport involves keeping less state on a busy server, but can cause truncation and retries over TCP. Additionally, UDP can be exploited for reflection attacks. Using ...
- research-articleSeptember 2015
Making the Case for Elliptic Curves in DNSSEC
ACM SIGCOMM Computer Communication Review (SIGCOMM-CCR), Volume 45, Issue 5Pages 13–19https://doi.org/10.1145/2831347.2831350The Domain Name System Security Extensions (DNSSEC) add authenticity and integrity to the DNS, improving its security. Unfortunately, DNSSEC is not without problems. DNSSEC adds digital signatures to the DNS, significantly increasing the size of DNS ...
- abstractOctober 2012
Revisiting DNS and WHOIS in the cloud era
CCSW '12: Proceedings of the 2012 ACM Workshop on Cloud computing security workshopPages 95–96https://doi.org/10.1145/2381913.2381929If the Internet is the original cloud, then ubiquitous Internet information services such as the Domain Name System (DNS) and WHOIS are among the classic cloud services. Although protocols from the 1980s running over ports 53 and 43 may appear to be a ...
- rfcMay 2010
RFC 5910: Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)
This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of Domain Name System security (DNSSEC) extensions for domain names stored in a shared central repository. Specified in XML, this ...
- ArticleNovember 2009
A Skandium Based Parallelization of DNSSEC
SCCC '09: Proceedings of the 2009 International Conference of the Chilean Computer Science SocietyPages 87–94https://doi.org/10.1109/SCCC.2009.22This paper shows an effective methodology to parallelize DNSSEC using an algorithmic skeleton library: Skandium. DNSSEC is the Domain Name System (DNS) Security Extensions. DNSSEC provides a set of backward compatible extensions to the DNS that secure ...
- research-articleOctober 2008
Quantifying the operational status of the DNSSEC deployment
IMC '08: Proceedings of the 8th ACM SIGCOMM conference on Internet measurementPages 231–242https://doi.org/10.1145/1452520.1452548This paper examines the deployment of the DNS Security Extensions (DNSSEC), which adds cryptographic protection to DNS, one of the core components in the Internet infrastructure. We analyze the data collected from the initial DNSSEC deployment which ...
- rfcSeptember 2006
RFC 4471: Derivation of DNS Name Predecessor and Successor
This document describes two methods for deriving the canonically-ordered predecessor and successor of a DNS name. These methods may be used for dynamic NSEC resource record synthesis, enabling security-aware name servers to provide authenticated denial ...
- rfcJanuary 2006
RFC 4255: Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
This document describes a method of verifying Secure Shell (SSH) host keys using Domain Name System Security (DNSSEC). The document defines a new DNS resource record that contains a standard SSH key fingerprint. [STANDARDS-TRACK]
- rfcDecember 2005
RFC 4310: Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)
This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of Domain Name System security extensions (DNSSEC) for domain names stored in a shared central repository. Specified in XML, this ...
- rfcMarch 2005
RFC 4035: Protocol Modifications for the DNS Security Extensions
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to ...
- rfcMarch 2005
RFC 4034: Resource Records for the DNS Security Extensions
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of resource records and protocol modifications that provide source authentication for the DNS. This document ...
- rfcMarch 2005
RFC 4033: DNS Security Introduction and Requirements
The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. This document introduces these extensions and describes their capabilities and limitations. This document also discusses the ...
- rfcAugust 2004
RFC 3845: DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
This document redefines the wire format of the "Type Bit Map" field in the DNS NextSECure (NSEC) resource record RDATA format to cover the full resource record (RR) type space. [STANDARDS-TRACK]