Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Cipher-suite negotiation for DNSSEC: Hop-by-hop or end-to-end?

 
: Herzberg, Amir; Shulman, Haya

:

IEEE Internet Computing 19 (2015), Nr.1, S.80-84
ISSN: 1089-7801
Englisch
Zeitschriftenaufsatz
Fraunhofer SIT ()

Abstract
To ensure the best security and efficiency, cryptographic protocols such as Transport Layer Security and IPsec should let parties negotiate the use of the "best" cryptographic algorithms; this is referred to as cipher-suite negotiation. However, cipher-suite negotiation is lacking in DNS Security Extensions (DNSSEC), introducing several problems. To address these issues, the authors propose two designs: hop-by-hop and end-to-end cipher-suite negotiation. They compare these two approaches with respect to efficiency, ease of deployment, changes each would require of the existing infrastructure, and compatibility with the legacy DNS infrastructure and caches.

: http://publica.fraunhofer.de/dokumente/N-379688.html