2009
DOI: 10.3233/jcs-2009-0343
|View full text |Cite
|
Sign up to set email alerts
|

Automating trusted key rollover in DNSSEC

Abstract: The Domain Name System (DNS) is a distributed tree-based database largely used to translate a human readable machine name into an IP address. The DNS security extensions (DNSSEC) has been designed to protect the DNS protocol using public key cryptography and digital signatures. Every secure DNS zone owns at least a key pair (public/private) to provide two security services: data integrity and authentication. To trust some DNS data, a DNS client has to verify the signature of this data with the right zone key. … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
2
1

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(3 citation statements)
references
References 14 publications
0
3
0
Order By: Relevance
“…DNSSEC zones are often presumed to create distinct keys for themselves without sharing usage with other zones, and that once a key expires and completes its operational lifetime, it will '06 '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17 '18 '19 [36] suggested an extension to the DNSKEY format itself to indicate when key transitions are underway. In subsequent work [37], this approach was evolved by proposing the new Resource Record KRI. Interestingly, the semantics that those works suggest as being necessary are already observable in the current DNSSEC, when using the methodology we introduced in this paper.…”
Section: Related Workmentioning
confidence: 99%
“…DNSSEC zones are often presumed to create distinct keys for themselves without sharing usage with other zones, and that once a key expires and completes its operational lifetime, it will '06 '07 '08 '09 '10 '11 '12 '13 '14 '15 '16 '17 '18 '19 [36] suggested an extension to the DNSKEY format itself to indicate when key transitions are underway. In subsequent work [37], this approach was evolved by proposing the new Resource Record KRI. Interestingly, the semantics that those works suggest as being necessary are already observable in the current DNSSEC, when using the methodology we introduced in this paper.…”
Section: Related Workmentioning
confidence: 99%
“…Osterweil et al [38] Deccio et al [12] ' 13 Lian et al [28] ' 15 Chung et al [10] Müller et al [32] van Rijswijk-Deij et al [43] Müller et al [33] Data coverage DNS(SEC) Events In this work, we propose to represent the complexity of key transitions by identifying which elements are necessary to measure (which we define as the anatomy of DNSSEC key transitions), and a measurement methodology to quantify key transitions seen in the wild. By using our anatomy and transition model as a platform, we are able to model key transition behaviors in the wild from both RFCs [31,41] and from related work in the literature [44].…”
Section: This Work Coveragementioning
confidence: 99%
“…Guette et al [16] suggested an extension to the DNSKEY format, itself, to indicate when key transitions are underway. Then, in subsequent work [15], this approach was evolved by proposing a new Resource Record (the KRI). Interestingly, the semantics that those works suggest as being necessary are observable in the current DNSSEC, when using our methodology.…”
Section: Related Workmentioning
confidence: 99%