Preparation for Recitation on DNSSEC
Read "Security Vulnerabilities in DNS and DNSSEC" by Ariyapperuma and Mitchell. This paper is about DNSSEC. DNS, as is, is an insecure system; DNSSEC is a proposed extension to DNS to mitigate some of the security concerns. It is not yet widespread.
- Section 2 gives an overview of DNS. Read it if you need a refresher on the protocol, but if not, you can skip it.
- Section 3 details some of the vulnerabilities to which DNS is open.
- Section 4 describes DNSSEC, which addresses some of the vulnerabilities in Section 3. DNSSEC has its own problems, however, which are detailed in Section 5.
- What are the consequences for users (such as yourself) of the vulnerabilities of DNS?
- Why must DNSSEC be backwards-compatible with DNS?
- Why are chains of trust necessary?
- Who should be in charge of the root key?
Question for Recitation
Before you come to this recitation, write up (on paper) a brief answer to the following (really—we don't need more than a couple sentences for each question). If your TA has requested that you email your answer to them, you may do that instead, but it should still be handed in before your recitation begins.
Your answers to these questions should be in your own words, not direct quotations from the paper.
- From a security standpoint, what does DNSSEC provide? (e.g., confidentially, authentication, etc.)
- How does it provide that?
- Why is DNSSEC necessary (or is it necessary?), and why hasn't it been fully deployed?