Be the first to like this
Security analysis of DNS: provides an overview of DNSSEC architecture and limitations, and highlights some of its problems: lack of resilience, multiple-root scenario, lack of isolation, legacy and Trust Anchor Management. DNSSEC Lookaside Validation (DLV) addresses most of these problems but not only it fails in providing resilience but also it devotes the root of trust of a zone into a unique trusted entity.
We propose Vanishing Point for solving the highlighted problems of DNSSEC. Vanishing Point is a resilient DNSSEC Key Repository Service that allows lookaside validation without relying solely on a PKI infrastructure.