IT Security Experts

DNSSEC: Securing the DNS and beyond

Expo Theatre (Hall G) October 23, 2012 - Feedback     

Bookmark and Share

Paul Wouters

DNSSEC was designed to protect the Domain Name System from an ever increasing stream of DNS spoofing attacks and (non-)malicious DNS rewriting schemes. But from the start, many intended to use this new distributed and digitally signed database for other purposes as well.

DNSSEC can already be used to secure large scale TLS, SSH and VPN deployments. Other emerging ideas to use DNSSEC in the near future include protecting instant messaging and email traffic, and identification of WebID, OTR and PGP identities. And with DNSSEC chains, devices could even authenticate to each other without an active internet connection.

The audience is strongly encouraged to discuss and find out if and how they can leverage DNSSEC for themselves. A few handy tools to generate the proper DNSSEC records to pin down the CA for your TLS website will be demonstrated.