Changes

ICANN 71 (view source)

Revision as of 20:31, 21 June 2021

75 bytes added , 2 years ago

Line 94: Line 94:

=====DNSSEC & Security=====

* [[Jacques Latour]] spoke about [[Internet of Things]] (IoT) Device Identity Management. IoT devices appear to work very similarly to domains in terms of [[DNSSEC]], and his team wants to make DNSSEC integral to IoT security.

−

* [[Daniel Migault]] spoke about the [[~~TLS~~]] Identity Pinning protocol, which is meant to ensure that users have a confidential channel with an authenticated peer. It is a complementary way to authenticate in addition to the DNSSEC protocol. It is being developed to be used for critical infrastructure (and not necessarily regular end users). Whereas DNSSEC is a trust-based quest for information, TLS establishes a session based on existing information. TLS is about the communication users are establishing with an entity, while DNSSEC is about the information users are asking about the entity with which they're establishing a session.

+

* [[Daniel Migault]] spoke about the [[Transport Layer Security]] (TLS) [https://developer.apple.com/news/?id=g9ejcf8y Identity Pinning protocol], which is meant to ensure that users have a confidential channel with an authenticated peer. It is a complementary way to authenticate in addition to the DNSSEC protocol. It is being developed to be used for critical infrastructure (and not necessarily regular end users). Whereas DNSSEC is a trust-based quest for information, TLS establishes a session based on existing information. TLS is about the communication users are establishing with an entity, while DNSSEC is about the information users are asking about the entity with which they're establishing a session.

* [[Steve Crocker]] discussed two gaps in original DNSSEC protocol specifications:

# Automation of DS Updates <br/> The question is how to convey DS from 3rd party DNS providers to Registrars or Registries

Jessica

Bureaucrats, Check users, lookupuser, Administrators, translator

14,932

edits