We present the first implementation of post-quantum DNSSEC. As a prototype, we extended PowerDNS authoritative DNS server and recursor to sign, serve, and validate DNSSEC-signatures based on the FALCON signature scheme.
A high-level overview of the implementation work, which is based on a modification of the OpenSSL post-quantum fork, will be given, and statistics on performance and packet sizes of our test-bench setup are presented. Finally, we consider arguments around the necessity of post-quantum signatures in DNSSEC in general.
|Presentation delivery||Remotely (online)|