For both DANE and DNS Privacy, stub resolvers need to be able to reliably establish the authenticity of data and the remote end. This alone already involves DNSSEC and/or PKIX validation, and might also involve DNSSEC roadblocks avoidance, discovery and anticipating IPv6-only networks (DNS64/NAT64), and reliable trust requirements maintenance (i.e. the KSK rollover). Furthermore, to correctly perform DANE, applications need to learn from the stub resolver the status of the authentication result.
In this course of the presentation the following topics will be covered:
- the current techniques stub resolvers have to reliably do DNSSEC,
- the changing architectural role of the stub-resolver system-component
(Stub as daemon, as library, as both, dbus interface, nsswitch module),
- the stub resolver specific challenges with the KSK rollover, and
- the implementation status of different stub software with respect to the bullet points above.
|Talk Duration||30 Minutes|