ICANN - Cape Town 11/30/2004 DNSSEC and the Zone Enumeration Andreas Baess DENIC eG

Slides:



Advertisements
Similar presentations
Whois Task Force GNSO Public Forum Wellington March 28, 2006.
Advertisements

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Review iClickers. Ch 1: The Importance of DNS Security.
NSEC5: Provably Preventing DNSSEC Zone Enumeration
The German Experience: Patent litigation and nullification cases
RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
IANA Activities Update Jean-Jacques Sahel | RIPE 70 Amsterdam| 15 May 2015.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Transition of U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) Stewardship of the IANA Functions to the Global.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.
DSSA-WG Progress Update Dakar – October Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
Working Group #4: Network Security – Best Practices March 6, 2013 Presenters: Rod Rasmussen, Internet Identity Tony Tauber, Comcast WG #4.
DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson
Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman
CIS 450 – Network Security Chapter 8 – Password Security.
IANA Activities Update Naela Sarras | ARIN 35 San Francisco | 14 April 2015.
JIG (Joint ccNSO-GNSO IDN Group) Update APTLD | New Delhi Feb 23, 2012.
Security Through Publicity Eric Osterweil Dan Massey Batsukh Tsendjav Beichuan Zhang Lixia Zhang.
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
DNS based IP NetLocation Service China Telecom Guangzhou Institute
BRAG Climate Discloser Standards Board The views expressed in this presentation are those of the presenter Climate Change Reporting Taxonomy XBRL Europe.
Community Readiness for IDN Variant TLDs Arabic Script Case Sarmad Hussain Center for Language Engineering Al-Khawarizmi Institute of Computer.
WHOIS Next Steps Bruce Tonkin Acting Chair GNSO WHOIS Steering Committee.
Working Group #4: Network Security Best Practices September 12, 2012 Presenter: Rod Rasmussen, Internet Identity WG #4 Co-Chair.
DNS Privacy Overview Allison Mankin & Shumon Huque, Verisign Labs DNS-OARC Fall Workshop October 3, 2015.
This is the DNSEXT Working Group (where the microphones are at Scandic hights) San Diego IETF60
Registry Showcase Project Kim Davies Council of European National Top Level Domain Registries ICANN 23, Luxembourg 10 July, 2005.
This is the DNSEXT Working Group Minneapolis IETF 62
1 The Legal Conditions for Neglected Buildings in Germany Prof. Dr. Andreas Saxinger.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs.
Objectives To promote skills development and information exchange related to Internet domain names amongst members To provide a forum to discuss policy.
1 German Valdez Communications Area Director Communications Area Report.
OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.
DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29.
REPORT ON LEAKAGES OF QUESTION PAPERS AT TVET COLLEGES AND TURNAROUND PLAN TO PREVENT QUESTION PAPER LEAKAGES 1 Presentation to the Portfolio Committee.
PCE 64 th IETF PCE Policy Architecture draft-berger-pce-policy-architecture-00.txt Lou Berger Igor Bryskin Dimitri Papadimitriou.
Ministry of Enterprise, Energy and Communications Sweden RIPE Cooperation WG ITU PP 10 update Maria Häll, Deputy Director Division of IT Policy Ministry.
Olaf M. Kolkman. IETF58, Minneapolis, November DNSSEC Operational Practices draft-ietf-dnsop-dnssec-operational-practices-00.txt.
Network Security and Cryptography
Update on Consumer Choice, Competition and Innovation (CCI) WG Rosemary Sinclair.
66th IETF, Montreal, July 2006 PCE Working Group Meeting IETF-66, July 2006, Montreal A Backward Recursive PCE-based Computation (BRPC) procedure to compute.
Internet Technology & Network Management Lecture # 01 Information Technology Lucky Sharma Subject Code: IT 603.
Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.
DNSSEC Practices Statement Module 2 CaribNOG 3 12 June 2012, Port of Spain, Trinidad
Jaime Pérez Lyon, February The EQUAL group –No activity in the last months. The Domain Reputation WG of the IETF –No activity since November 2010.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots Andreas Kurtz, Felix Freiling, Daniel Metz Technical Report.
Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Evaluating Existing Systems
Evaluating Existing Systems
DNSSEC Basics, Risks and Benefits
Which type of claim does this represent?
Which type of claim does this represent?
دانشگاه شهیدرجایی تهران
تعهدات مشتری در کنوانسیون بیع بین المللی
Charles Shen, Henning Schulzrinne, Arata Koike
Final Conference 18 Set 2018.
Presentation transcript:

ICANN - Cape Town 11/30/2004 DNSSEC and the Zone Enumeration Andreas Baess DENIC eG

ICANN - Cape Town 11/30/2004 Abstract Known Facts Claimed problems Way ahead

ICANN - Cape Town 11/30/2004 Facts The introduction of DNSSEC with the current form of the specification provides Zone Enumeration: – An authoritative denial of existence of a given domain name delivers as a proof the next existing domain name. There were protocol changes to refuse AXFR

ICANN - Cape Town 11/30/2004 Facts Some key players for a successful widespread deployment of DNSSEC consider this as a problem: –Security problem? –Policy problem? –Legal problem?

ICANN - Cape Town 11/30/2004 Security problem? An attack begins by identifying your target: “But domain names can be gathered by other means, for instance, dictionary attacks” –German + English dictionary + John the Ripper = 1% of the de-zone –Brute force on all 8-characters delivers 13% of the de-zone. –com-zone as a dictionary = 42% of the nl-zone

ICANN - Cape Town 11/30/2004 Policy problem? DNS information is public......there’s a qualitative difference between: –Making data available as a query/response mechanism –Making data available as a compilation DENIC’s policy: /index.html#section_185 /index.html#section_185

ICANN - Cape Town 11/30/2004 Legal problem? IANAL Nominet’s position: oppers.2004/msg00687.html oppers.2004/msg00687.html DENIC’s position: –In conflict with Germany’s Federal Data Protection Act

ICANN - Cape Town 11/30/2004 Way ahead IETF dnsext wg decided to advance the current specification as a proposed standard Inmediately started to work on the problem following The Engineering Way (TM): –Listing the requirements for a denial of existence –Weighting their relevance, since sometimes trade-offs exist –Evaluating proposals

ICANN - Cape Town 11/30/2004 Working documents signed-nonexistence-requirements-01.txthttp:// signed-nonexistence-requirements-01.txt txthttp:// 02.txt 00.txthttp:// 00.txt dnssec-trans-01.txthttp:// dnssec-trans-01.txt

ICANN - Cape Town 11/30/2004 Many thanks for your attention! Any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.