Matt Larson
(ICANN)
15/05/2017, 09:00
Public Workshop
Standard Presentation
ICANN would like to provide another update on the progress of the root zone KSK rollover. Since the rollover is scheduled for October 11, 2017, this DNS-OARC workshop could be the last one before the rollover takes place in the fall, so we would appreciate one more chance to reach the important segment of the DNS operational community that attends DNS-OARC workshops. Recent developments to...
Mr
Geoff Huston
(APNIC)
15/05/2017, 09:15
Public Workshop
Standard Presentation
The forthcoming roll of the Root Zone KSK has prompted some studies of the
behaviour of resolvers that ask questions of the root. Some of these
studies use direct experimentation, where a large number of end users are
given a DNS name to resolve in order to understand the behaviour of the
DNS recursive resolvers that they use. The DNS responses they are given
are intended to mimic the...
David Lawrence
(Akamai Technologies),
Jan Včelák
(NS1),
Shumon Huque
(Salesforce)
15/05/2017, 09:45
Public Workshop
Standard Presentation
NSEC5 is a proposed enhancement to DNSSEC that provably prevents zone enumeration. It does this by replacing the hashes used in NSEC3 with hashes computed by a verifiable random function (VRF), and requiring authoritative servers to perform a small amount of online cryptography for negative responses. This talk will give an overview of the latest NSEC5 protocol specification, and describe the...
Paul Hoffman
(ICANN)
15/05/2017, 10:15
Public Workshop
Standard Presentation
There is a lot of talk about the need for post-quantum cryptography (PQC) due to the possibility that quantum computers will be able to break the current cryptography in coming decades. If it becomes possible to build massive quantum computers, all cryptographic protocols will probably move to using PQC algorithms.
It is expected that PQC algorithms for signatures use keys and/or signatures...
Shane Kerr
(Oracle / Dyn)
15/05/2017, 10:30
Public Workshop
Standard Presentation
EDNS Key Tag promises to provide much-needed information about the DNSSEC configuration of recursive resolvers. Sadly, this technology is not yet standardized or implemented. Luckily, we can fake it in a useful way.
This presentation very briefly covers the EDNS Key Tag as well as a hack built to provide EDNS Key Tag functionality for systems that do not support it. Also, we learn that awk...
