DNSSEC with Dan York

Event: Friday May 3rd at 1 PM EDT

All audio versions are here

What is DNSSEC (Domain Name System Security Extensions) and why is it important enough to send the likes of Mr. York around the globe? This and more Friday on VUC. The graphic below is from an analysis by DNSViz.
How do you know that you are in fact connecting to the correct VoIP system when you initiate a call or launch a client? What if someone redirected you to a different server? How would you know? Are there ways that we can improve the security of VoIP/UC systems? We rely on the Domain Name System (DNS) to resolve domain names to IP addresses and connect our computers to the correct destinations – but there are some weaknesses there that can be exploited. The “DNS Security Extensions” (DNSSEC) provide a mechanism to cryptographically ensure that the information you are getting out of DNS is the same information the operator of a domain put into DNS. A companion protocol, DANE, provides a mechanism to publish TLS/SSL certificates (or fingerprints of certificates) in DNS and add a stronger layer of trust to certificates. Both DNSSEC and DANE can potentially have a role to play with VoIP/UC.

In this VUC episode, Dan York will explain what DNSSEC and DANE are all about, how they work and will open a discussion about how they might be used within VoIP/UC to strengthen the security of communication. He’ll also talk about the DNSSEC support included in both the latest version of the Jitsi softphone and the Kamailio server. He’s looking for feedback and really just trying to raise questions around how all this work happening in the DNS area could benefit what we’re doing in the world of VoIP / UC / RTC / whatever. What could we do in VoIP if we had a global PKI we could use? Please come with your questions and ideas.

Comments on this entry are closed.

Previous post:

Next post: