DNSSEC meets EPP - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

DNSSEC meets EPP

Description:

ICANN/MDP, Apr 5, '05. ed.lewis_at_neulevel.biz. 5. NS (DNS) vs DS (SEC) NS records ' ... ICANN/MDP, Apr 5, '05. ed.lewis_at_neulevel.biz. 6. DNSSEC to Registries ... – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 14
Provided by: edwar144
Category:

less

Transcript and Presenter's Notes

Title: DNSSEC meets EPP


1
DNSSEC meets EPP
  • Edward Lewis
  • NeuLevel

2
Agenda
  • What DNSSEC means to registries
  • Why a DNSSEC extension to EPP
  • Short demo
  • Illustrate the concept
  • The tools can be made

3
DNSSEC in a Nutshell
The data I seek www.neulevel.biz. 1800 IN A
209.173.53.163 www.neulevel.biz. 1800 IN A
209.173.57.163
The protection www.neulevel.biz. 1800 IN RRSIG
A ... by 55751 neulevel.biz.
Key to "prove it" neulevel.biz. 1800 IN
DNSKEY key id 55751
Why should I believe the key is right, and how
can this be done in a scaleable way? Via "DS
records" in registries (the TLD .biz in this
example.)
4
DNS tree and DNSSEC
Root zone "." SOA, DNSKEY biz. NS, DS
NeuLevel TLD
dot-BIZ zone biz. SOA, DNSKEY neulevel.biz. NS, DS
NeuLevel Office Zone neulevel.biz. SOA, DNSKEY
5
NS (DNS) vs DS (SEC)
  • NS records "chain" servers
  • DS records "chain" keys
  • The noticeable differences
  • DS records change more often
  • Change is in steps, "graceful"
  • DS records imply more security

6
DNSSEC to Registries
  • Need to register DS records as aspect of a domain
  • Elements of DS are documented
  • Optionally, look at the DNSKEY record
  • Additional detail
  • DNSSEC signatures have "lifetimes"
  • Need to limit lifetime of DS signatures

7
EPP
  • Extensible Provisioning Protocol
  • Provides a standard platform for providing
    services
  • Registrars and Registries can intermix
  • Extensions above the minimum are easy
  • Gives registries more exposure
  • Lessens cost to registrars when adding new
    services

8
EPP Registrations
EPP?
9
DNSSEC extensions to EPP
  • Primary goal enable registration of DNSSEC data
    in EPP registries
  • gTLDs, others are considering EPP
  • Why in EPP?
  • Existing service framework
  • Minimize software investment
  • "Market" can be defined

10
"Prototype"
From Sunday's Dilbert Cartoon, words of wisdom...
..."act" is the important word
11
Demo
  • TLD DNS(SEC) server, dynamic update
  • Registrant DNS, signed
  • EPP Client to submit delegation
  • EPP Server to accept delegation
  • DNS Update Client to change zone
  • Note missing registry "database"

12
Window layout
EPP Client
EPP Server
EPP
Log File
CutPaste
DNS Update Client
Registrant DNS "work directory"
Dynamic Update
TLD Server Running
13
Clean-up
  • Discussion?
  • Reference Documents
  • DNSSEC RFC 4033, 4034, 4035
  • EPP-DNSSEC
  • draft-hollenbeck-epp-secdns-.txt
  • current version (March 29, 2005)
  • http//www.ietf.org/internet-drafts/draft-hollenbe
    ck-epp-secdns-07.txt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DNSSEC meets EPP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!