Published on November 20, 2008
DNSSEC and DKIM Deployment in .SE Patrik Wallström Project Manager, R&D
History of DNSSEC in .SE Procect start 1999 - 2005 Dry run 2006 Commercial deployment - .SE DNSSEC 2007 -
DNSSEC with Applications End-user applications - Web browsers - MUA - SIP - IM Server applications - MTA - OpenSSH - PGP - SSL - XMPP
Why DKIM? ‣ Already using DNS as key storage ‣ Validation occurs normally in the MTA ‣ Thus running in a controlled server environment ‣ Not an already widely deployed standard
SOHO Routers Tests of Consumer Broadband Routers Joakim Åhlund & Patrik Wallström February 2008 Test Report: DNSSEC Impact on Broadband Routers and Firewalls Ray Bellis, Nominet UK & Lisa Phifer, Core Competence September 2008
DKIM-Milter 2.8.0 beta Initial patch for DKIM-Milter 2.6.0 by John Dickinson Patch uses libunbound to use DNSSEC - retrieve a DKIM key from DNS - acquire a domain's policy record using DNS queries Published on opensource.iis.se and sent to DKIM-Milter maintainer http://sourceforge.net/projects/dkim-milter/
More work? Murray S. Kucherawy announced 2.8.0 with a comment about writing a new draft, “dkim-sec” ... The result for any DNSSEC-aware query basically comes down to one of these four: - evaluation not completed (quot;unknownquot;) - signer not using DNSSEC (quot;insecurequot;) - signer using DNSSEC, successful (quot;securequot;) - signer using DNSSEC, unsuccessful (quot;bogusquot;)
More work? Therefore, I believe we need four new configuration settings. In particular (with invented names so far): InsecureKey - specifies what to do with insecure keys - possible values: - ignore (no action; default) - neutral (degrade a quot;passquot; to quot;neutralquot;) - fail (degrade a quot;passquot; to quot;failquot;) BogusKey - specifies what to do with bogus keys - possible values: - ignore - neutral - fail (default) InsecureADSP - specifies what to do with insecure keys - possible values: - apply (default) - ignore BogusADSP - specifies what to do with bogus ADSP records - possible values: - apply - ignore (default)
Statistics Ham Spam
Report on using DKIM with DNSSEC Work for .SE done by Rickard Bondesson To be published as his Final Thesis at Linköping University: Deployment and analysis of DKIM with DNSSEC ISRN LIU-IDA/LITH-EX-A--08/055--SE
Thank you firstname.lastname@example.org
DKIM Software and Services Deployment Reports : These are status reports from DKIM developers. The ... DNSSec: Citrus ...
DomainKeys Identified Mail (DKIM) ... DomainKeys Identified Mail (DKIM) Development, Deployment and Operations ...
Deployment Tools; Products and Services; ... New Site Checks for DMARC, DKIM, SPF, TLS, ... DNSSEC, TLS, DKIM, DMARC, ...
Deployment of DKIM with DNSSEC ... DKIM - DNSSEC •Digital signatures ... Deployment •DKIM Milter •Patched to handle DNSSEC
... given the current deployment of DNSSEC in ... It is not clear that checking DNSSEC deployment based on a set of web site ... for SPF or DKIM, ...
View 1328 Dkim posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home What is LinkedIn? Join Today
A survey of DNSSEC deployment in the U.S. R&E community Shumon Huque; University of Pennsylvania Bill Owens; ... •DKIM _domainkey TXT record (p= ...
DNSSEC Deployment: Where We Are (and where we need to be) MENOG 10, Dubai 30 April 2012 . email@example.com . DNSSEC: We have passed the point of no ...
Deployment Tools; Products and Services; ... DNSSEC New Site Checks for DMARC, DKIM, SPF, TLS, DNSSEC, and IPv6. April 29, 2015 April 29 ...