Don’t throw the (cryptographic) baby out with the bathwater
Even if Shor’s Algorithm is now implementable inside ten years, symmetric keying should still be trustworthy if we fix RSA with PQC methods. Don’t throw the baby out with the bathwater!
Category:
Tech matters
BGP Router ID structuring in IPv6 native networks
Guest Post: How to design and structure BGP Router IDs in IPv6-native networks.
Discovery of IPv6 router addresses using Subnet-Router Anycast addresses
Guest Post: Identifying active IPv6 addresses helps assess deployment, reveal gaps, and detect vulnerable devices. Subnet-Router Anycast (SRA) probing removes the need for prior knowledge of address allocation.
[Podcast] The Erik protocol: Improving RPKI data fetch
Job Snijders discusses the new ‘Erik’ protocol for faster RPKI repository synchronization.
Unveiling the hidden complexity of authoritative DNS resilience
Guest Post: Government online services rely on authoritative DNS as a critical foundation of national digital infrastructure. This study presents a systematic framework to assess DNS resilience, revealing strengths, weaknesses, and operational practices shaping governments’ ability to withstand failures and attacks.
From workshop to deployment: How Bangladesh ccTLD implemented DNSSEC
Guest Post: How Bangladesh’s .BD ccTLD moved from no DNSSEC coverage to a fully validated chain of trust across its most critical SLDs, overcoming tooling gaps, operational failures, and infrastructure challenges along the way.
Non-Human Identity for workloads: Securing the next phase of automation
Guest Post: Non-Human Identity is evolving as automation and AI increase machine-to-machine connections. Short-lived, key-based credentials address long-standing risks, but industry now needs clear assurance levels for workload identities. Collaboration will shape the next phase of NHI standards.
Cold start DNS
There is an obvious tension between resilience and speed in the design of a resolver’s query strategy. DNS cold starts bring that tension into focus.
Persistent device identity in the era of MAC address randomization
Guest Post: A RADIUS-based framework for stable device identification.
Centrality in the Internet’s names
The Internet’s Domain Name System undertakes a vitally important role in today’s Internet. The question here is — is the DNS centralized?