|
 ABSTRACT
The Domain Name System (DNS) is a distributed database that allows convenient storing and retrieving of resource records. DNS has been extended to provide security services (DNSSEC) mainly through public-key cryptography. We propose a new approach to DNSSEC that may result in a significantly more efficient protocol. We introduce a new strategy to build chains of trust from root servers to authoritative servers. The techniques we employ are based on symmetric-key cryptography.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
G.Ateniese and A.Del Sorbo,"Design and Implementation Issues in SK-DNSSEC ",Manuscript i preparation 2001. Available o www.cs.jhu.edu/~ateniese/skdnssec.html
|
| |
3
|
|
| |
4
|
|
| |
5
|
Steve M.Bellovin,"Using the Domain Name System for System Break-Ins ",Proceedings of the Fifth Usenix Unix Security Symposium,pp.199 -208,June 1995.
|
 |
6
|
|
| |
7
|
James M.Galvin,""Public Key Distribution with Secure DNS ",i 6th USENIX UNIX Security Symposium,July 1996.
|
| |
8
|
Information and statistics about F.root-servers.net, www.isc.org/services/public/F-root-server.html
|
| |
9
|
|
| |
10
|
B.Cli .ord Neuman and Theodore Ts 'o.Kerberos:A Authentication Service for Computer Networks,IEEE Communications,32(9):33-38.September 1994.
|
| |
11
|
RSA Security site defaced ZDNet 2000. www.zdnet.com/zdnn/stories/news/0,4586,2437384,00.html
|
| |
12
|
Secure Network Time Protocol (stime), www.ietf.org/html.charters/stime-charter.html
|
| |
13
|
Eastlake,D.,"Bigger Domain Name System UDP Replies ", Internet Draft,www.ietf.org/proceedings/98aug/I-D/draft-ietfdnsind-udp-size-02.txt
|
| |
14
|
Lottor,M.,"Domain Administrators Operations Guide ", RFC 1033 November 1987.
|
| |
15
|
Mockapetris,P.,"Domain Names -Concepts and Facilities ",RFC 1034 November 1987.
|
| |
16
|
Mockapetris,P.,"Domain Names -Implementation and Speci .cations ",RFC 1035 November 1987.
|
| |
17
|
J.Kohl,C.Neuman,"The Kerberos Network Authentication Service (V5)",RFC 1510 September 1993.
|
| |
18
|
Eastlake,D.and C.Kaufman,"Domain Name System Security Extensions ",RFC 2065 January 1997.
|
| |
19
|
H.Krawczyk,M.Bellare,R.Canetti,"HMAC: Keyed-Hashing for Message Authentication ",RFC 2104 February 1997.
|
| |
20
|
Eastlake,D.,"Domain Name System Security Extensions ", RFC 2535 March 1999.
|
| |
21
|
EastLake,D.,"DSA KEYs and SIGs i the Domain Name System (DNS)",RFC 2536 March 1999.
|
| |
22
|
Eastlake,D.,"RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)",RFC 2537 March 1999.
|
| |
23
|
Eastlake,D.,Gudmundsson,O.,"Storing Certi .cates in the Domain Name System (DNS)",RFC 2538 March 1999.
|
| |
24
|
Eastlake,D.,"Storage of Di .e-Hellman Keys in the Domain Name System (DNS)"",RFC 2539 March 1999.
|
| |
25
|
Vixie,P.,Gudmundsson,O.,Eastlake,D.and B. Wellington,"Secret Key Transaction Signatures for DNS (TSIG)",RFC 2845 May 2000.
|
| |
26
|
Eastlake,D.,"Secret Key Establishment for DNS (TKEY RR)",RFC 2930 September 2000.
|
| |
27
|
Eastlake,D.,"DNS Request and Transaction Signatures (SIG(0)s)",RFC 2931 September 2000.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
E.3