Speaker
Peter Thomassen
(deSEC)
Description
We introduce and discuss an authenticated in-band method for automatic signaling of a DNS zone's delegation signer information from the zone's DNS operator. In standard (single-signer) setups, the zone's registrar or registry may subsequently use this signal for automatic DS record provisioning in the parent zone. In multi-signer scenarios (RFC 8901), the method may be used to securely distribute a new signing party's keying material to existing parties. Finally, we discuss prospects and practicality of the protocol by measuring and analyzing the prevalence of the prerequisites needed for deployment.
| Talk Duration | 20 Minutes Presentation ( inc 5 Minutes Q&A) |
|---|
Primary authors
Peter Thomassen
(deSEC)
Nils Wisiol
(deSEC)
