14,952
edits
Changes
→DNSSEC & Security
====RSSAC====
====RSSAC====
=====DNSSEC & Security=====
=====DNSSEC & Security=====
* [[Jacques Latour]] spoke about [[IoT]] Device Identity Management. IoT devices appear to work very similarly to domains in terms of [[DNSSEC]], and his team wants to make DNSSEC integral to IoT security.
* [[Daniel Migault]] spoke about the [[TLS]] Identity Pinning protocol, which is meant to ensure that users have a confidential channel with an authenticated peer. It is a complementary way to authenticate in addition to the DNSSEC protocol. It is being developed to be used for critical infrastructure (and not necessarily regular end users). Whereas DNSSEC is a trust-based quest for information, TLS establishes a session based on existing information. TLS is about the communication users are establishing with an entity, while DNSSEC is about the information users are asking about the entity with which they're establishing a session.
* [[Steve Crocker]] discussed two gaps in original DNSSEC protocol specifications:
:# Automation of DS Updates
:: How to convey DS from 3rd party DNS providers to Rr or Ry
:# Multiple DNS providers
:: It is difficult to accommodate the transfer of DNS services from one provider to another because the effects may be worse than expected. Multi-signer protocol (RFC 8901) has been completed but there are many moving parts and things left to do
[[Category:ICANN Meetings]]
[[Category:ICANN Meetings]]