Speaker
Peter Thomassen
(deSEC)
Description
We introduce and discuss an authenticated in-band method for automatic signaling of a DNS zone's delegation signer information from the zone's DNS operator. In standard (single-signer) setups, the zone's registrar or registry may subsequently use this signal for automatic DS record provisioning in the parent zone. In multi-signer scenarios (RFC 8901), the method may be used to securely distribute a new signing party's keying material to existing parties. Finally, we discuss prospects and practicality of the protocol by measuring and analyzing the prevalence of the prerequisites needed for deployment.
Talk Duration | 20 Minutes Presentation ( inc 5 Minutes Q&A) |
---|
Primary authors
Peter Thomassen
(deSEC)
Nils Wisiol
(deSEC)