RSA vs ECDSA for DNSSEC

It has often been said of technology standards that the good thing is that there are just so many to pick from! The same is true, to perhaps a more limited extent, in the world of cryptography. The choices may not be quite so diverse, but there are still many…


On DNS Openness

When we deregulated the telephone industry, we replaced these national monopolies and their vertically bundled structures with a collection of separate enterprises whose actions are orchestrated by market forces rather than by the dictates of the incumbent monopoly telco. This was a comprehensive upheaval to the telecommunications industry, and one…


DNSSEC with RSA-4096 Keys

Let’s look at the operation of DNSSEC and its use of public key cryptographic algorithms. The DNSSEC specification does not define in advance which algorithm you should use to generate the digital signature records for a DNSSEC-signed zone. And that’s a very good thing. The issue here is that cryptographic…


Another DNS OARC Meeting

These are some notes I took from the DNS OARC meeting held in September 2021. This was a short virtual meeting with six presentations, but for those of us missing a fix of heavy-duty DNS, it was very welcome in any case! DNS Security Mechanisms There isn’t a single approach…


TLS with a side of DANE

Am I really talking to you? In a networked world that’s an important question. For example, where I’m located, when I look up the DNS name www.google.com I get the IPv6 address 2404:6800:4006:813::2004. This implies that when I send an IPv6 packet to this destination address I will reach a…


DNS at IETF 111

IETF 111 was held virtually in July 2020. These are some notes I took on the topic of current activities in the area of the Domain Name System and its continuing refinement at IETF 111. DNSOP – DNS Operations DNSOP is the general working group for most DNS topics and…


DNSSEC with Ed25519

The world of cryptographic algorithms is one that constantly evolves. In part, this evolution is required by the nature of the process. The practical objective of these algorithms is not to pose a problem that is insoluble, but to pose a problem that is computationally infeasible. For example, a problem…


DNS OARC 35

The DNS Operations, Analysis, and Research Centre (DNS-OARC) convened OARC-35 at the start of May. Here’s some thoughts on a few presentations at that meeting that caught my attention. TTL Snooping with the DNS These days it seems that the term “the digital economy” is synonymous with “the surveillance economy”.…


DNS at IETF 110

IETF 110 was held virtually in March 2020. These are some notes I took on the topic of current activities in the area of the Domain Name System and its continuing refinement at IETF 110. The amount of activity in the DNS in the IETF seems to be growing every…


Notes from the DNS Privacy Workshop at NDSS 2021

For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so you would find much discussion about the nature of the Internet’s name space. Why were there both generic top-level labels and two-letter country codes. If…