DKIM DNSSEC Deployment 2008-11-16

0 %
100 %
Information about DKIM DNSSEC Deployment 2008-11-16
Technology

Published on November 20, 2008

Author: pawal

Source: slideshare.net

Description

An short presentation on DKIM with support for DNSSEC

DNSSEC and DKIM Deployment in .SE Patrik Wallström Project Manager, R&D

History of DNSSEC in .SE Procect start 1999 - 2005 Dry run 2006 Commercial deployment - .SE DNSSEC 2007 -

DNSSEC with Applications End-user applications - Web browsers - MUA - SIP - IM Server applications - MTA - OpenSSH - PGP - SSL - XMPP

Why DKIM? ‣ Already using DNS as key storage ‣ Validation occurs normally in the MTA ‣ Thus running in a controlled server environment ‣ Not an already widely deployed standard

SMTP Overview

SOHO Routers Tests of Consumer Broadband Routers Joakim Åhlund & Patrik Wallström February 2008 Test Report: DNSSEC Impact on Broadband Routers and Firewalls Ray Bellis, Nominet UK & Lisa Phifer, Core Competence September 2008

DKIM-Milter 2.8.0 beta Initial patch for DKIM-Milter 2.6.0 by John Dickinson Patch uses libunbound to use DNSSEC - retrieve a DKIM key from DNS - acquire a domain's policy record using DNS queries Published on opensource.iis.se and sent to DKIM-Milter maintainer http://sourceforge.net/projects/dkim-milter/

More work? Murray S. Kucherawy announced 2.8.0 with a comment about writing a new draft, “dkim-sec” ... The result for any DNSSEC-aware query basically comes down to one of these four: - evaluation not completed (quot;unknownquot;) - signer not using DNSSEC (quot;insecurequot;) - signer using DNSSEC, successful (quot;securequot;) - signer using DNSSEC, unsuccessful (quot;bogusquot;)

More work? Therefore, I believe we need four new configuration settings.  In particular (with invented names so far): InsecureKey - specifies what to do with insecure keys - possible values: - ignore (no action; default) - neutral (degrade a quot;passquot; to quot;neutralquot;) - fail (degrade a quot;passquot; to quot;failquot;) BogusKey - specifies what to do with bogus keys - possible values: - ignore - neutral - fail (default) InsecureADSP - specifies what to do with insecure keys - possible values: - apply (default) - ignore BogusADSP - specifies what to do with bogus ADSP records - possible values: - apply - ignore (default)

Statistics Ham Spam

Report on using DKIM with DNSSEC Work for .SE done by Rickard Bondesson To be published as his Final Thesis at Linköping University: Deployment and analysis of DKIM with DNSSEC ISRN LIU-IDA/LITH-EX-A--08/055--SE

Thank you patrik.wallstrom@iis.se

Add a comment

Related presentations

Related pages

DKIM-Soft-Services - DomainKeys Identified Mail (DKIM)

DKIM Software and Services Deployment Reports : These are status reports from DKIM developers. The ... DNSSec: Citrus ...
Read more

DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) ... DomainKeys Identified Mail (DKIM) Development, Deployment and Operations ...
Read more

New Site Checks for DMARC, DKIM, SPF, TLS, DNSSEC, and ...

Deployment Tools; Products and Services; ... New Site Checks for DMARC, DKIM, SPF, TLS, ... DNSSEC, TLS, DKIM, DMARC, ...
Read more

Deployment of DKIM with DNSSEC - Internetdagarna

Deployment of DKIM with DNSSEC ... DKIM - DNSSEC •Digital signatures ... Deployment •DKIM Milter •Patched to handle DNSSEC
Read more

Lars Eggert – DNSSEC Deployment Trends

... given the current deployment of DNSSEC in ... It is not clear that checking DNSSEC deployment based on a set of web site ... for SPF or DKIM, ...
Read more

Dkim | LinkedIn

View 1328 Dkim posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home What is LinkedIn? Join Today
Read more

A survey of DNSSEC deployment in the US R&E community

A survey of DNSSEC deployment in the U.S. R&E community Shumon Huque; University of Pennsylvania Bill Owens; ... •DKIM _domainkey TXT record (p= ...
Read more

DNSSEC Deployment: Where We Are - ICANN

DNSSEC Deployment: Where We Are (and where we need to be) MENOG 10, Dubai 30 April 2012 . richard.lamb@icann.org . DNSSEC: We have passed the point of no ...
Read more

DNSSEC - dmarc.org – Domain Message Authentication ...

Deployment Tools; Products and Services; ... DNSSEC New Site Checks for DMARC, DKIM, SPF, TLS, DNSSEC, and IPv6. April 29, 2015 April 29 ...
Read more