Speaker
Description
Three components to this lightning talk:
1) I'd like to describe the threat that still remains to the DNS because we do not have encryption between recursive resolvers and authoritative servers. This is based on real-world experiences from Quad9, and what we think the future holds.
2) A plea for current operators to try out opportunistic DOT as the costs are low and the testing return is quite interesting.
3) Make a case for standards to be worked on again for getting this turned into a more formal model that can be applied on a zone-by-zone basis, with resistance to downgrade attacks. DELEG has potential for this, but are there non-DELEG methods that are in people's minds? This is a plea for people thinking and helping on this concept - DNS-OARC/IETC/etc.
Summary
See title.
| Talk duration | 10 Minutes (+5 for Q&A) |
|---|
