How to convince your boss to deploy DNSSEC and RPKI
An improved strategy to advocate for DNSSEC and RPKI deployment.
Tag: DNSSEC
Three of the best: Security
Here are APNIC Blog’s top three posts related to security for 2024.
[Podcast] Post-Quantum Cryptography
Geoff Huston discusses Post-Quantum Cryptography in Internet protocols and the DNS in particular.
Post-Quantum Cryptography
Using Moore’s Law, a computer 20 years into the future is predicted to be around 10,000 times more capable than today’s computation capabilities. Geoff Huston explores some practical implications.
[Podcast] Measuring DNSSEC keying ‘drift’ between parent and child
An analysis of CDS and CDNSKEY records looking at mismatches between child and parent, and the nameservers for the zone.
Web PKI: How to protect a popular security service?
Guest Post: Lessons learned from a study on the interrelation of CAA, CT, and DANE in web PKI deployments.
[Podcast] EDNS and UDP
Investigating the EDNS0 option for DNS, focusing on the specified maximum UDP packet size and its practical implications in the modern Internet.
[Podcast] Calling time on DNSSEC part 2 of 2
Following on from his last podcast, Geoff explores how to fix the problem in DNSSEC deployment and how this can benefit TLS.
[Podcast] Testing Post Quantum Cryptography DNSSEC
If quantum computing becomes viable, Post Quantum Cryptography (PQC) will be needed to replace RSA and ECC signatures in DNSSEC. How well can today’s DNS system handle PQC methods?
Where did DNSSEC go wrong?
Guest Post: What lessons can we learn from the development of DNSSEC?