PPT-DANE/DNSSEC/TLS Testing in the Go6lab

Jan Žorž Internet Society zorzisocorg Acknowledgement I would like to thank Internet Society to let me spend some of my ISOC working time in go6lab and test all this new and exciting protocols and mechanisms that makes Internet a bit better and more secure place. Jim Schaad. August Cellars. EMU TLS Issues. Trust Anchor. Matching PKIX cert to EMU Server Name. Certificate Revocation Checking. CRLs. OCSP. DANE Review. Use DNS as alternative or secondary trust framework. IETF-76. Joe Salowey. (. jsalowey@cisco.com. ). Eric Rescorla. (. ekr@rtfm.org. ). TLS Renegotiation Vulnerability. Discovered by Marsh Ray and Steve Dispensa of PhoneFactor - 08/2009. Re-Discovered by Martin Rex duing Channel Binding Discussions on the TLS list – 11/2009. Eric Osterweil. Dan Massey. Lixia Zhang. 1. Motivation: Why Use DNSSEC?. DNS cache poisoning has been a known attack against DNS since the 1990s [1]. Now there is a new variant: the . Kaminsky. attack. Security, Attacks, TLS 1.3. HTTPS:// and FTPS:// and….. Have you done any of the following today?. E-shopping: . Amazon, . Ebay. , Audible, …. Checked your Email. Visited a social networking site: Facebook, Twitter, …. System. Brief overview. Dane County DD . System . N. ow - Demographics. 1439 . adults served; 97% use SDS (self-directed services). 91 support brokers and 6 county case managers. 64% live outside of parents’ home (56% in own home, 5% in 1-2 person adult family homes, 3% in 3-4 person adult family homes, 0.6% in group homes). Corporate Capability Statement. Principal Names: Dale B. Cole Jr. & Mark C. Shoemaker. 1851 Edison Highway. Baltimore. , Maryland . 21213-1527. Phone: 410-732-3230 Fax: . 410-497-1036. Email: . , applications. Pasi Raumonen, Markku Åkerblom, . Mikko. . Kaasalainen. Department of Mathematics, Tampere University of Technology. Tree data and modelling workshop. 7. th . - 9. th. June 2016, Tampere, Finland. Your Business Partner. A Complete Logistics & Supply Chain Company. . Introduction:-. TLS Freight forwarding is a private limited company. We are operational . in 3 . major cities of Pakistan i.e. Lahore, Islamabad & Karachi. www.pluralsight.com. Goals. Encrypting Data. Diffie Hellman Elliptical Curve Key Exchange. Validation and Encryption with Certificates. Data Loss Prevention. Wireshark Demo. Web Browser Encryption. Negotiate Encryption Session . OAS-CICTE REMJA/OAS WEF Cyber Crime Workshop, Montevideo, Uruguay. 10 July 2012. r. ichard.lamb@icann.org. What is ICANN?. IANA function . coordinate unique identifiers (root and top-level domain names, IP address allocation, protocol number assignments, time zone database, other…). James Richards, Researcher. Nominet. What are we studying?. Many DNSSEC deployment studies focus on lists of domains such as those occurring in popular lists or TLDs.. Users are rarely delivered website content from one single domain name – often multiple domains are utilized. Huston. APNIC. February 2014. The E. volution of Evil. It used to be that . they sent . evil packets to . their . chosen . victim. but this exposed the attacker, and limited the damage they could cause. in today’s Internet. Geoff Huston. APNIC . June 2016. What is being measured?. Clients who will perform DNSSEC validation of a domain name. Using RSA/SHA-1 as the crypto algorithm. Who will not resolve a badly-signed domain name. WG-14: Security. TLS Profile Changes. Two new TLS profiles defined. Best Practices . Non-downgrading Best . Practices. Two existing (old) TLS profiles . retired. ISCL . Secure Transport Connection . Profile retired.