Providing application-level assurance through DNSSEC



Registration | Hotel | Walter E. Washington Convention Center

The presentation
The base DNS specification has certain security vulnerabilities that, with recent findings, makes it even more trivial for someone to spoof DNS responses and have the application act upon these responses. In this day and age of cloud based and web-based services it becomes even more important for an application to know that it is reaching its intended destination and to react appropriately to spoofing incidents. With DNSSEC now being actively deployed across various name server installations, now is an opportune time for applications to begin to take advantage of some of the benefits that DNSSEC provides. In this presentation we will focus on the extensions we made to the Firefox browser such that it supports various DNSSEC indicators. We will briefly discuss an API we have developed and the modifications we have made to the application user interface. We do so in order to encourage application developers to consider DNS security implications in their Internet and web applications, and to encourage them to think of even more innovative ways of harnessing the benefits of this technology.

Suresh Krishnaswamy
Suresh Krishnaswamy is a Research Scientist at SPARTA Inc and has many years of experience in protocol development and network security. He currently leads the development of the DNSSEC-Tools suite at SPARTA, develops tools and libraries in support of DNSSEC deployment, and is a partner in the US Dept. of Homeland Security S&T-led DNSSEC Deployment Initiative. He is active in the IETF and has co-authored and contributed text for a number of Internet Drafts and RFCs.