Linux Security Summit 2012/Abstracts/Wouters

From Linux Kernel Security Subsystem
Jump to: navigation, search


DNSSEC: The Shiny New Cryptographically Secured Globally Distributed Database


Paul Wouters, Red Hat


DNSSEC was designed to protect the Domain Name System from an ever increasing stream of DNS spoofing attacks and (non-)malicious DNS rewriting schemes. But from the start, many intended to use this new distributed and digitally signed database for other purposes as well.

DNSSEC can already be used to secure large scale TLS SSH and VPN deployments. Other emerging ideas to use DNSSEC in the near future include protecting instant messaging and email traffic, and identification of WebID, OTR and PGP identities. And with DNSSEC chains, devices could even authenticate to each other without an active internet connection.

The audience is strongly encouraged to discuss and find out if and how they can leverage DNSSEC for themselves. A discussion comparing DNSSEC against the Certificate Agency industry is sure to fill up any remaining time.

The presentation will be given using a Linux laptop utilising a VPN and TLS connection secured by cryptographic keys obtained via DNSSEC.