DNSSEC and DANE
Note: WE ARE MEETING AT TWO SIGMA!! We'll need names, and you will need IDs. RSVP will open Wednesday October 3rd, 2018, 4:30pm.
The talk will introduce the audience to DNSSEC and its role in securing server-to-server email transport via opportunistic use of DANE TLSA records to resist active attacks on STARTTLS.
We will cover DNSSEC and DANE theory and practice, focusing on how to avoid operational pitfalls. Adoption metrics from an ongoing DNSSEC/DANE survey will be briefly covered. Questions from the audience welcome.
Coincidentally, ICANN will be replacing the original 2010 root zone key-signing-key (KSK-2010, key id 19036) with the new KSK-2017 (key id 20326) the day after the talk. The audience should be well prepared for the change.
Join us afterwards at the Cupping Room Cafe where we'll continue the discussion over drinks and/or food. The Cupping Room Cafe is located at 359 W Broadway, two blocks from the venue.
Viktor Dukhovni is the maintainer of the TLS stack in Postfix and the DANE and X.509 support in OpenSSL. He is the author of RFC7435, which broadly defines opportunistic security and RFCs 7671 and 7672 which update DANE and apply it to SMTP. He developed and operates a DNSSEC/DANE survey which helps to drive adoption and detect/fix implementation obstacles.
101 Avenue of the Americas