Sign up to save your podcasts
Or
Share Calling time on DNSSEC part 2 of 2
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Calling time on DNSSEC part 2 of 2
In his regular monthly spot on PING, APNIC’s Chief Scientist Geoff Huston continues his examination of DNSSEC. In the first part of this two-part story, Geoff explored the problem space, with a review of the comparative failure of DNSSEC to be deployed by zone holders, and the lack of validation by the resolvers. This is visible to APNIC labs from carefully crafted DNS zones with validly and invalidly signed DNSSEC states, which are included in the Labs advertising method of user measurement.
This second episode offers some hope for the future. It reviews the changes which could be made to the DNS protocol, or use of existing aspects of DNS, to make DNSSEC safer to deploy. There is considerable benefit to having trust in names, especially as a "service" to Transport Layer Security (TLS) which is now ubiquitous worldwide in the web.
Read more about DNSSEC and TLS on the APNIC Labs website and the APNIC Blog:
- Calling time on DNSSEC (Geoff Huston, APNIC Blog, June 2024)
- 'Keytrap' attacks on DNSSEC (Geoff Huston, APNIC Blog, June 2024)
- DNS topics at RIPE 88 (Geoff Huston, APNIC Blog, June 2024)
- The Tranco list
- DNSSEC validation client usage (APNIC Labs)
- DNSSEC-enabled domains from Cloudflare public DNS (APNIC Labs)
View all episodes
By APNIC
5
44 ratings
In his regular monthly spot on PING, APNIC’s Chief Scientist Geoff Huston continues his examination of DNSSEC. In the first part of this two-part story, Geoff explored the problem space, with a review of the comparative failure of DNSSEC to be deployed by zone holders, and the lack of validation by the resolvers. This is visible to APNIC labs from carefully crafted DNS zones with validly and invalidly signed DNSSEC states, which are included in the Labs advertising method of user measurement.
This second episode offers some hope for the future. It reviews the changes which could be made to the DNS protocol, or use of existing aspects of DNS, to make DNSSEC safer to deploy. There is considerable benefit to having trust in names, especially as a "service" to Transport Layer Security (TLS) which is now ubiquitous worldwide in the web.
Read more about DNSSEC and TLS on the APNIC Labs website and the APNIC Blog:
- Calling time on DNSSEC (Geoff Huston, APNIC Blog, June 2024)
- 'Keytrap' attacks on DNSSEC (Geoff Huston, APNIC Blog, June 2024)
- DNS topics at RIPE 88 (Geoff Huston, APNIC Blog, June 2024)
- The Tranco list
- DNSSEC validation client usage (APNIC Labs)
- DNSSEC-enabled domains from Cloudflare public DNS (APNIC Labs)
More shows like PING
View all
Security Now (Audio)
1,999 Listeners
Radiolab
43,900 Listeners
Risky Business
370 Listeners
Freakonomics Radio
32,150 Listeners
Talk Python To Me
584 Listeners
Python Bytes
215 Listeners
Click Here
416 Listeners
Darknet Diaries
7,965 Listeners
IPv6 Buzz
33 Listeners
The Hedge
16 Listeners
Signals and Threads
74 Listeners
The RIPE Labs Podcast
1 Listeners
Risky Bulletin
43 Listeners
Oxide and Friends
59 Listeners
The 404 Media Podcast
319 Listeners