Oct 22 – 23, 2022 Workshop
Golden Tulip Zira
Europe/Belgrade timezone

PKI for IoT using the DNS infrastructure

Oct 22, 2022, 3:35 PM
Mykonos / Rodos (Golden Tulip Zira)

Mykonos / Rodos

Golden Tulip Zira

Ruzveltova 35 11000 Belgrade Republic of Serbia
Standard Presentation Main Session OARC 39 - D1


Sandoche Balakrichenan (Afnic)


One of the main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using security solutions used in the Internet. Constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having trust based on a single private trusted CA does does not scale. The Domain Name System (DNS) using the DNS-based Authentication of Named Entities protocol (DANE) and DNS’s security extensions (DNSSEC) can help create the sought after Public Key Infrastructure (PKI) for IoT. With a concrete example, this presentation will explain how DNS can deliver IoT PKI functions based on DANE, backed by DNSSEC. The implementation is based on two drafts in the DANCE (DANE Authentication for Network Clients Everywhere) WG at the IETF.

Presentation delivery In-person at the workshop venue

Primary author

Sandoche Balakrichenan (Afnic)

Presentation materials