Vanishing Point - Resilient DNSSEC Key Repository
Jun 27, 2015
Security analysis of DNS: provides an overview of DNSSEC architecture and limitations, and highlights some of its problems: lack of resilience, multiple-root scenario, lack of isolation, legacy and Trust Anchor Management. DNSSEC Lookaside Validation (DLV) addresses most of these problems but not only it fails in providing resilience but also it devotes the root of trust of a zone into a unique trusted entity.
We propose Vanishing Point for solving the highlighted problems of DNSSEC. Vanishing Point is a resilient DNSSEC Key Repository Service that allows lookaside validation without relying solely on a PKI infrastructure.
Paper: http://dev.sig9.net/files/ResearchProject.pdf
We propose Vanishing Point for solving the highlighted problems of DNSSEC. Vanishing Point is a resilient DNSSEC Key Repository Service that allows lookaside validation without relying solely on a PKI infrastructure.
Paper: http://dev.sig9.net/files/ResearchProject.pdf
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DNSSEC-aware
Cache Resolver
{ message }
DNSSEC-aware
Cache Resolver
{ message } another.net
K3
{ message } example.net
K2
Related Documents
