Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
DNS	
  /	
  DNSSEC	
  /	
  DANE	
  /	
  DPRIVE	
  
Results	
  at	
  IETF	
  93	
  Hackathon	
  
18-­‐19	
  July	
  2015	
 ...
Summary	
  –	
  What	
  We	
  Are	
  Working	
  On	
  
Web	
  
Server	
  
Web	
  
Browser	
  
&	
  stub	
  
resolver	
  
h...
DNS	
  at	
  #IETFHackathon	
  at	
  #IETF93	
  
•  Visual	
  interface	
  to	
  show	
  what	
  DNSSEC	
  algorithms	
  a...
Public	
  releases	
  
•  Visual	
  interface	
  to	
  check	
  DNSSEC	
  algorithms	
  
–  hTps://github.com/ogud/DNSSEC_...
Tool	
  to	
  test	
  DNSSEC	
  algorithm	
  support	
  
•  Implemented	
  in	
  Node.js	
  using	
  getdns	
  API	
  
Tool	
  to	
  test	
  DNSSEC	
  Roadblocks	
  
•  Implemented	
  in	
  PHP	
  using	
  getdns	
  API	
  
DNS	
  Hackers	
  
•  Sara	
  Dickinson	
  
•  Daniel	
  Kahn	
  Gillmor	
  
(dkg)	
  
•  Ólafur	
  Guðmundsson	
  
•  Shu...
Upcoming SlideShare
Loading in …5
×

DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon

663 views

Published on

This shows the results of the DNS team at the IETF 93 Hackathon in Prague on July 18-19, 2015. It includes links to the public repositories where code may be found.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon

  1. 1. DNS  /  DNSSEC  /  DANE  /  DPRIVE   Results  at  IETF  93  Hackathon   18-­‐19  July  2015   Prague,  Czech  Republic  
  2. 2. Summary  –  What  We  Are  Working  On   Web   Server   Web   Browser   &  stub   resolver   hTps://example.com/   web  page   DNS   Resolver   +   ValidaZon   10.1.1.123   DNSKEY   RRSIGs   1 25 6 DNS  Svr   example.com   DNS  Svr   .com   DNS  Svr   root   3 10.1.1.123   4 example.com   NS   DS   .com   NS   DS   example.com?   INTEGRITY  –  DNSSEC  TRUST  IN  TLS  -­‐  DANE   CONFIDENTIALITY  -­‐  DPRIVE  
  3. 3. DNS  at  #IETFHackathon  at  #IETF93   •  Visual  interface  to  show  what  DNSSEC  algorithms  are  supported   by  a  DNS  resolver   •  Tool  to  test  for  DNSSEC  roadblocks   –  dra_-­‐ie`-­‐dnsop-­‐dnssec-­‐roadblock-­‐avoidance   •  Prototype  web  server  implementaLon  –  TLS  extension  to  deliver   DNSSEC  authenLcaLon  chain  to  client   –  dra_-­‐shore-­‐tls-­‐dnssec-­‐chain-­‐extension   •  DNS  confidenLality/privacy  (DPRIVE)   –  Fixed  opportunisZc  TLS  in  both  getdns  and  Unbound  to  be  strict   authenZcated  TLS   1.  Added  funcZonality  to  getdns  API  to  authenZcate  TLS  server.     2.  Patched  Unbound  server:  forward-­‐secret  key  exchange;  enabled   sending  full  TLS  cerZficate  chain  in  handshake   •  JSON  interface  to  IANA  registry  of  DNSSEC  algorithms  
  4. 4. Public  releases   •  Visual  interface  to  check  DNSSEC  algorithms   –  hTps://github.com/ogud/DNSSEC_ALG_Check     –  hTps://github.com/getdnsapi/IETF93HackathonNode     •  Tool  to  test  for  DNSSEC  roadblock  avoidance   –  hTps://www.ie`.org/registraZon/MeeZngWiki/wiki/ dnsresolvercapabiliZes   –  hSps://getdnsapi.net/roadblock.php     –  hTps://github.com/getdnsapi/IETF93HackathonPHP     •  DNS  confidenZality/privacy  -­‐  TLS   –  Patches  going  into  next  release  of  getdns  API   –  Patch  available  for  Unbound   •  JSON  interface  to  IANA  registry  of  DNSSEC  algorithms   –  hTps://github.com/danyork/dnssec-­‐algs-­‐json    
  5. 5. Tool  to  test  DNSSEC  algorithm  support   •  Implemented  in  Node.js  using  getdns  API  
  6. 6. Tool  to  test  DNSSEC  Roadblocks   •  Implemented  in  PHP  using  getdns  API  
  7. 7. DNS  Hackers   •  Sara  Dickinson   •  Daniel  Kahn  Gillmor   (dkg)   •  Ólafur  Guðmundsson   •  Shumon  Huque   •  Allison  Mankin   •  Benno  Overeinder   •  Wendy  Seltzer   •  Willem  Toorop   •  Gowri  Visweswaran   •  Tim  Wicinski   •  Dan  York  

×