2005
DOI: 10.1007/978-3-540-30582-8_71
|View full text |Cite
|
Sign up to set email alerts
|

Algorithm for DNSSEC Trusted Key Rollover

Abstract: Abstract. The Domain Name System Security Extensions (DNSSEC) architecture is based on public-key cryptography. A secure DNS zone has one or more keys and signs its resource records with these keys in order to provide two security services: data integrity and authentication. These services allow to protect DNS transactions and permit the detection of attempted attacks on DNS. The DNSSEC validation process is based on the establishment of a chain of trust between zones. This chain needs a secure entry point: a … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
4
0

Year Published

2008
2008
2022
2022

Publication Types

Select...
2
2

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(4 citation statements)
references
References 12 publications
0
4
0
Order By: Relevance
“…Recycled keys are those that were shared in separate zones or used, removed, and then re-used. DNSSEC zones are often presumed to create distinct keys for themselves without sharing usage with other zones, and that once a key expires and completes its operational lifetime, it will '06 '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17 '18 '19 [36] suggested an extension to the DNSKEY format itself to indicate when key transitions are underway. In subsequent work [37], this approach was evolved by proposing the new Resource Record KRI.…”
Section: Related Workmentioning
confidence: 99%
“…Recycled keys are those that were shared in separate zones or used, removed, and then re-used. DNSSEC zones are often presumed to create distinct keys for themselves without sharing usage with other zones, and that once a key expires and completes its operational lifetime, it will '06 '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17 '18 '19 [36] suggested an extension to the DNSKEY format itself to indicate when key transitions are underway. In subsequent work [37], this approach was evolved by proposing the new Resource Record KRI.…”
Section: Related Workmentioning
confidence: 99%
“…While recent related work signals a renewed interest in key transitions, previous literature exists that suggests augmenting the DNSSEC protocol to add explicit semantics that indicate ongoing key transitions. Guette et al [16] suggested an extension to the DNSKEY format, itself, to indicate when key transitions are underway. Then, in subsequent work [15], this approach was evolved by proposing a new Resource Record (the KRI).…”
Section: Related Workmentioning
confidence: 99%
“…During the last two years, three methods [10,12,18] have been designed to automatically update the trusted key set of a resolver. In this section, we describe briefly these three methods and we discuss their limitations.…”
Section: Related Workmentioning
confidence: 99%
“…In [10], the authors propose to use the first of the reserved bits of the Flag field and to call it the under changes bit. That gives the following meaning to this bit: when this bit is set the key contained in the DNSKEY RR is under changes and is going to be removed from the DNS zone file.…”
Section: The Automated Trusted Key Rollover Algorithmmentioning
confidence: 99%