14,952
edits
Changes
→DNSSEC & Security
* [[Daniel Migault]] spoke about the [[TLS]] Identity Pinning protocol, which is meant to ensure that users have a confidential channel with an authenticated peer. It is a complementary way to authenticate in addition to the DNSSEC protocol. It is being developed to be used for critical infrastructure (and not necessarily regular end users). Whereas DNSSEC is a trust-based quest for information, TLS establishes a session based on existing information. TLS is about the communication users are establishing with an entity, while DNSSEC is about the information users are asking about the entity with which they're establishing a session.
* [[Daniel Migault]] spoke about the [[TLS]] Identity Pinning protocol, which is meant to ensure that users have a confidential channel with an authenticated peer. It is a complementary way to authenticate in addition to the DNSSEC protocol. It is being developed to be used for critical infrastructure (and not necessarily regular end users). Whereas DNSSEC is a trust-based quest for information, TLS establishes a session based on existing information. TLS is about the communication users are establishing with an entity, while DNSSEC is about the information users are asking about the entity with which they're establishing a session.
* [[Steve Crocker]] discussed two gaps in original DNSSEC protocol specifications:
* [[Steve Crocker]] discussed two gaps in original DNSSEC protocol specifications:
# Automation of DS Updates <br/> The question is how to convey DS from 3rd party DNS providers to Registrars or Registries
# Multiple DNS providers <br/> It is difficult to accommodate the transfer of DNS services from one provider to another because the effects may be worse than expected. Multi-signer protocol (RFC 8901) has been completed but there are many moving parts and things left to do
[[Category:ICANN Meetings]]
[[Category:ICANN Meetings]]