Your SlideShare is downloading. ×
DKIM DNSSEC Deployment 2008-11-16
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

DKIM DNSSEC Deployment 2008-11-16

1,203
views

Published on

An short presentation on DKIM with support for DNSSEC

An short presentation on DKIM with support for DNSSEC

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,203
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DNSSEC and DKIM Deployment in .SE Patrik Wallström Project Manager, R&D
  • 2. History of DNSSEC in .SE Procect start 1999 - 2005 Dry run 2006 Commercial deployment - .SE DNSSEC 2007 -
  • 3. DNSSEC with Applications End-user applications - Web browsers - MUA - SIP - IM Server applications - MTA - OpenSSH - PGP - SSL - XMPP
  • 4. Why DKIM? ‣ Already using DNS as key storage ‣ Validation occurs normally in the MTA ‣ Thus running in a controlled server environment ‣ Not an already widely deployed standard
  • 5. SMTP Overview
  • 6. SOHO Routers Tests of Consumer Broadband Routers Joakim Åhlund & Patrik Wallström February 2008 Test Report: DNSSEC Impact on Broadband Routers and Firewalls Ray Bellis, Nominet UK & Lisa Phifer, Core Competence September 2008
  • 7. DKIM-Milter 2.8.0 beta Initial patch for DKIM-Milter 2.6.0 by John Dickinson Patch uses libunbound to use DNSSEC - retrieve a DKIM key from DNS - acquire a domain's policy record using DNS queries Published on opensource.iis.se and sent to DKIM-Milter maintainer http://sourceforge.net/projects/dkim-milter/
  • 8. More work? Murray S. Kucherawy announced 2.8.0 with a comment about writing a new draft, “dkim-sec” ... The result for any DNSSEC-aware query basically comes down to one of these four: - evaluation not completed (quot;unknownquot;) - signer not using DNSSEC (quot;insecurequot;) - signer using DNSSEC, successful (quot;securequot;) - signer using DNSSEC, unsuccessful (quot;bogusquot;)
  • 9. More work? Therefore, I believe we need four new configuration settings.  In particular (with invented names so far): InsecureKey - specifies what to do with insecure keys - possible values: - ignore (no action; default) - neutral (degrade a quot;passquot; to quot;neutralquot;) - fail (degrade a quot;passquot; to quot;failquot;) BogusKey - specifies what to do with bogus keys - possible values: - ignore - neutral - fail (default) InsecureADSP - specifies what to do with insecure keys - possible values: - apply (default) - ignore BogusADSP - specifies what to do with bogus ADSP records - possible values: - apply - ignore (default)
  • 10. Statistics Ham Spam
  • 11. Report on using DKIM with DNSSEC Work for .SE done by Rickard Bondesson To be published as his Final Thesis at Linköping University: Deployment and analysis of DKIM with DNSSEC ISRN LIU-IDA/LITH-EX-A--08/055--SE
  • 12. Thank you patrik.wallstrom@iis.se

×