DNS Privacy Clients. Stubby, Mobile apps and beyond! dnsprivacy.org
|
|
- Juliana Richard
- 6 years ago
- Views:
Transcription
1 DNS Privacy Clients Stubby, Mobile apps and beyond! dnsprivacy.org Sara Dickinson Allison Mankin Willem Toorop OARC 27 San Jose, Sep 2017
2 Overview What do we mean here by DNS Privacy? What clients support DNS Privacy today? Comparison of features Shameless plug for Stubby Wish list 2
3 FUNCTIONALITY DNS Privacy (stub to recursive) Concentrate on DNS-over-TLS (RFC7858) No implementations of DNS-over-DTLS (RFC8094) DNSCrypt not standard, HTTPS, QUIC Good TCP (RFC7766, RFC7828) Pipeline queries over persistent connections, handle OOOR, TCP Fast open, etc. Good TLS (RFC7525, TLS 1.2, Session resumption) 3
4 FUNCTIONALITY DNS Privacy (stub to recursive) EDNS0 Padding to hide msg size (RFC7830, draft) EDNS0 Client Subnet (to prevent ECS upstream) TLS authentication of server (draft-tls-profiles) Authentication name/spki pinset DANE, TLS DNSSEC Chain Extension Strict vs Opportunistic Usage profile 4
5 Authentication in FUNCTIONALITY DNS-over-TLS Profiles draft defines 2 Usage profiles: Strict Do or do not. There is no try. Opportunistic Success is stumbling from failure to failure with no loss of enthusiasm 5
6 Authentication in FUNCTIONALITY DNS-over-TLS Profiles draft defines 2 Usage profiles: Strict (Encrypt & Authenticate) or Nothing Do or do not. There is no try. Opportunistic Success is stumbling from failure to failure with no loss of enthusiasm 5
7 Authentication in FUNCTIONALITY DNS-over-TLS Profiles draft defines 2 Usage profiles: Strict (Encrypt & Authenticate) or Nothing Do or do not. There is no try. Opportunistic Success is stumbling from failure to failure with no loss of enthusiasm Try in order: 1. Encrypt & Authenticate then 2. Encrypt then 3. Clear text 5
8 USABILITY DNS Privacy Client Usability DNS Privacy is a new paradigm for end users End users are a new paradigm for DNS people! 6
9 USABILITY DNS Privacy Client Usability DNS Privacy is a new paradigm for end users End users are a new paradigm for DNS people! Uptake critically dependant on clients being usable Usable Security : Good GUIs aren t enough - users still struggle with the basics if they don t understand what they are doing (DNSSEC, HTTPS, PGP) 6
10 Flavours of client Desktop system resolvers Command line tools/libraries/forwarders Mobile DISCLAIMER!! Not exhaustive, other DNS clients are available All data here are to the best of my knowledge! Please send corrections/updates/additions to 7
11 Desktop System resolvers TLS support Linux libc, systemd* macos Windows 8
12 Desktop System resolvers TLS support Linux libc, systemd* macos Windows But then again, think about DNSSEC support 8
13 STUB Command line tools Features getdns_query kdig delv (dig) drill DNS ECS privacy 9.12 TCP Pipelining OOOR Keepalive/DSO 9.12 TCP Fast Open 9.12 TLS TLS Authentication Strict vs Oppo EDNS0 Padding 9.12 Dark Green: Light Green: Yellow: Grey: Latest stable release supports this Patch available Patch/work in progress Not applicable or not yet planned 9
14 STUB Libraries Features getdns libknot libunbound ldns dnsmasq DNS TCP ECS Privacy Pipelining OOOR Keepalive/DSO TCP Fast Open TLS TLS Authentication Strict vs Oppo EDNS0 Padding Dark Green: Light Green: Yellow: Grey: Latest stable release supports this Patch available Patch/work in progress Not applicable or not yet planned 10
15 STUB Local forwarders Features stubby (getdns) Stub unbound proxy (stunnel) DNS TCP ECS Privacy Pipelining OOOR Keepalive/DSO TCP Fast Open TLS TLS Authentication Strict vs Oppo EDNS0 Padding Dark Green: Light Green: Yellow: Grey: Latest stable release supports this Patch available Patch/work in progress Not applicable or not yet planned 11
16 STUB Local forwarders Features stubby (getdns) Stub unbound proxy (stunnel) DNS TCP ECS Privacy Pipelining OOOR Keepalive/DSO TCP Fast Open TLS TLS Authentication Strict vs Oppo EDNS0 Padding Dark Green: Light Green: Yellow: Grey: Latest stable release supports this Patch available Patch/work in progress Not applicable or not yet planned 11 Knot resolver support coming soon!
17 Mobile Native support Apps Android IETF 99 Hackathon: WIP on Opportunistic DNS-over-TLS ios Work inprogress!! Wrapper around Stubby: dnsdisco.com, GitHub repo 12
18 CLIENTS Stubby A privacy enabling stub resolver: User Guide From getdns team, but is now a standalone application And a movie (Stg. Stubby movie) Daemon listening on localhost, TLS proxy Comes with config for experimental servers, including authentication information (Strict is easy) 13
19 CLIENTS Stubby status Command line tool - for advanced users 1.2 release: Stability improvements, YAML for config Linux Packages for getdns, not yet for Stubby macos: Homebrew formula for stubby service NEW! Windows binary NEW! macos: GUI prototype NEW! 14
20 CLIENTS Stubby status Command line tool - for advanced users 1.2 release: Stability improvements, YAML for config Linux Packages for getdns, not yet for Stubby macos: Homebrew formula for stubby service NEW! Windows binary macos: GUI prototype NEW! NEW! Funded by NLnet Foundation and Salesforce! 14
21 CLIENTS Subby GUI preview Prototype! HELP WANTED
22 RECURSIVE Experimental! Test DNS Privacy servers Details on dnsprivacy.org: DNS Test Servers
23 Wish list Windows support (targeting non-technical users) ios: Native support Large open resolver offering DNS-over-TLS Usable security research on DNS Privacy (NDSS 2018) More testing at IETF 100!! 17
24 Thank you! Any Questions? dnsprivacy.org 18
25 Additional slides
26 DNS Auth using DANE DNS Privacy client [DNSSEC] DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 20
27 DNS Auth using DANE DNS Privacy client [DNSSEC] DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 2a: Opportunistic lookup of DANE records for server Validate locally with DNSSEC 20
28 DNS Auth using DANE DNS Privacy client [DNSSEC] DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 2a: Opportunistic lookup of DANE records for server Validate locally with DNSSEC 20
29 DNS Auth using DANE DNS Privacy client [DNSSEC] TLS DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 2a: Opportunistic lookup of DANE records for server Validate locally with DNSSEC 20
30 DNS Auth using DANE DNS Privacy client [DNSSEC] TLS DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 2a: Opportunistic lookup of DANE records for server Validate locally with DNSSEC 20
31 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] DNS Privacy server 1: Obtain a Auth Domain name & IP address (1a) Configure Auth domain name Do Opportunistic A lookup 21
32 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] DNS Privacy server 1: Obtain a Auth Domain name & IP address 0 (or 2): Obtains DANE records for itself! (1a) Configure Auth domain name Do Opportunistic A lookup 21
33 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] Client Hello: TLS DNSSEC Chain Ext DNS Privacy server 1: Obtain a Auth Domain name & IP address 0 (or 2): Obtains DANE records for itself! (1a) Configure Auth domain name Do Opportunistic A lookup 21
34 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] Client Hello: TLS DNSSEC Chain Ext Server Hello: Server DANE records DNS Privacy server 1: Obtain a Auth Domain name & IP address 0 (or 2): Obtains DANE records for itself! (1a) Configure Auth domain name Do Opportunistic A lookup 21
35 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] Client Hello: TLS DNSSEC Chain Ext Server Hello: Server DANE records DNS Privacy server 1: Obtain a Auth Domain name & IP address 0 (or 2): Obtains DANE records for itself! (1a) Configure Auth domain name Do Opportunistic A lookup 21
36 TLS DNSSEC Chain Extension DNS Privacy client [DNSSEC] Client Hello: TLS DNSSEC Chain Ext Server Hello: Server DANE records DNS Privacy server 1: Obtain a Auth Domain name & IP address 0 (or 2): Obtains DANE records for itself! (1a) Configure Auth domain name Do Opportunistic A lookup Reduces Latency Eliminates need for intermediate recursive 21
DNS Privacy. EDU Tutorial dnsprivacy.org. Sara Dickinson Sinodun
DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99 Prague, July 2017 Overview The problem: Why Internet privacy and DNS Privacy are important (DNS leakage) Recent Progress:
More informationDNS Privacy - Implementation and Deployment Status
DNS Privacy - Implementation and Deployment Status Sara Dickinson Sinodun Allison Mankin Salesforce IEPG@IETF96 Berlin, July 2016 DNS Privacy - Background RFC 7558 - Pervasive Monitoring is an Attack DPRIVE
More informationLatest Measurements on DNS Privacy
Latest Measurements on DNS Privacy Sinodun Sara Dickinson sara@sinodun.com (Presenter) John Dickinson jad@sinodun.com Jim Hague jim@sinodun.com 1 Agenda Two topics Summary of initial benchmarking work
More informationThe Importance of Being an Earnest stub
The Importance of Being an Earnest Challenges and solution for the versatile Willem Toorop 13 May 2017 OARC 26 (Madrid) From the ground-up security et n A rc a -o s 98 n 1 d 910 1 4 6 Recursive dns-oarc
More informationWhere s my DNS? Sara Dickinson IDS 2. Where s my DNS?
Sara Dickinson sara@sinodun.com Stub to recursive The DNS protocol is evolving DoT: DNS-over-TLS DoH: DNS-over-HTTPS (WIP) DoT RFC7858 standard May 2016 Implemented to-date in standard open source DNS
More informationRecommendations for DNS Privacy Service Operators
Recommendations for DNS Privacy Service Operators Presenter: Sara Dickinson sara@sinodun.com Co-authors: Roland van Rijswijk-Deij, Allison Mankin, Benno Overeinder 1 Brief history of DNS Privacy Date 2
More informationHow to get a trustworthy DNS Privacy enabling recursive resolver
How to get a trustworthy DNS an analysis of authentication mechanisms for DNS s Willem Toorop NLnet Labs (presenter) Melinda Shore Fastly Benno Overeinder NLnet Labs DNS over TLS What are the actors, and
More informationgetdns API Implementation Update Update Willem Toorop NLnet Labs 14 May 2015 NLnet Labs
AP implementation Willem Toorop Update Willem@.nl Willem Toorop ( ) getdns AP mplementation Update 1 / 13 AP is: A DNS AP specification by and for application developers (for resolving) (for applications)
More informationDNS Sessions. - where next? OARC 27 San Jose, Sep Sep 2017, San Jose. DNS OARC 27
DNS Sessions - where next? Sara Dickinson sara@sinodun.com OARC 27 San Jose, Sep 2017 1 Overview A tour of the evolution of doing DNS over session based protocols Recent use cases for DNS Sessions Trade-offs
More informationDeveloping a monitoring plugin for DNS-over-TLS at the IETF hackathon
Developing a monitoring plugin for DNS-over-TLS at the IETF hackathon Stéphane Bortzmeyer First publication of this article on 7 March 017 The weekend of 5-6 march 017, I
More informationDoH and DoT experience. Ólafur Guðmundsson Marek Vavrusa
DoH and DoT experience Ólafur Guðmundsson Marek Vavrusa Announced April 1 st 2018 Our mission: to help build a better Internet. We use 1.1.1.1 and 1.0.0.1 (easy to remember) for our resolver. DNS resolver,
More informationA New Internet? RIPE76 - Marseille May Jordi Palet
A New Internet? RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 (a quick) Introduction to HTTP/2, QUIC and DOH and more RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com)
More informationA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH and more LACNIC 29 - Panamá May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 Internet is Changing More and more, Internet traffic is moving
More informationDeveloping DNS-over-HTTPS clients and servers
Developing DNS-over-HTTPS clients and servers Stéphane Bortzmeyer First publication of this article on 23 March 2018 The weekend of 17-18 March 2018, I participated to the
More informationQNAME minimisation. Ralph Dolmans (NLnet Labs) https://www.nlnetlabs.nl/ March 2016 Stichting NLnet Labs
QNAME minimisation Ralph Dolmans ralph@nlnetlabs.nl (NLnet Labs) March 2016 Stichting NLnet Labs page 2 Introduction About NLnet Labs A not for profit, public benefit foundation develop Open Source software
More informationImpact of security vulnerabilities in timing protocols on Domain Name System (DNS)
November 12 2017 IEPG Open Meeting-IETF100 Impact of security vulnerabilities in timing protocols on Domain Name System (DNS) Aanchal Malhotra 1, Willem Toorop 2, Benno Overeinder 2, Sharon Goldberg 1
More informationIs your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018
lieter_ PowerDNS pieterlexis PowerDNS Is your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018 1 What s all this about? A DNS recap What is EDNS? Issues with EDNS on the internet
More informationAPI implementation. Willem Toorop NLnet. Labs. 11 May NLnet. Labs
AP implementation Willem Toorop Willem@.nl Willem Toorop ( ) getdns AP mplementation 1 / 22 AP is: A DNS AP specification by and for application developers (for resolving) (for applications) LABS From
More informationUpdate on DNS Privacy Measurements
Update on DNS Privacy Measurements Funded by a grant from the Open Technology Fund Sara Dickinson sara@sinodun.com (Presenter) John Dickinson jad@sinodun.com Jim Hague jim@sinodun.com sinodun.com @SinodunCom
More informationUpdates: 7858 (if approved) Intended status: Standards Track Expires: March 15, 2018 McAfee September 11, 2017
dprive Internet-Draft Updates: 7858 (if approved) Intended status: Standards Track Expires: March 15, 2018 S. Dickinson Sinodun D. Gillmor ACLU T. Reddy McAfee September 11, 2017 Usage and (D)TLS Profiles
More informationThe Changing Landscape of the DNS
The Changing Landscape of the DNS or: the Battle for the Namespace Roland van Rijswijk-Deij Benno Overeinder RoN++ meeting Introduction That the DNS has privacy issues is a public secret Protocol from
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Standards Track. McAfee March 2018
Internet Engineering Task Force (IETF) Request for Comments: 8310 Updates: 7858 Category: Standards Track ISSN: 2070-1721 S. Dickinson Sinodun D. Gillmor ACLU T. Reddy McAfee March 2018 Usage Profiles
More informationA Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover
A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover Duane Wessels DNS-OARC 26 San Jose, CA September 29, 2017 Background 2 2017 Root Zone KSK Rollover October 11, 2017! Root zone DNSKEY
More informationLet s Encrypt and DANE
Let s Encrypt and DANE CaribNOG 13 Barbados 18 Apr 2017 The Deploy360 Programme The Challenge: The IETF creates protocols based on open standards, but some are not widely known or deployed People seeking
More informationDNS64 and NAT64. IPv6 Migration workshop for IETF and 3GPP. November 5-6, 2009 Shanghai, China. Simon Perreault Viagénie
DNS64 and NAT64 IPv6 Migration workshop for IETF and 3GPP November 5-6, 2009 Shanghai, China Simon Perreault Viagénie simon.perreault@viagenie.ca http://www.viagenie.ca Credentials Participation in the
More informationDNS(SEC) client analysis
DNS(SEC) client analysis powered by assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011 Overview DNS traffic analysis CLIENT [8], [9] Applic. browser Operating system DNS stub [7] Resolver
More informationTowards Secure Name Resolution on the Internet
Towards Secure Name Resolution on the Internet C. Grothoff M. Wachs M. Ermert J. Appelbaum 26.2.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Security Goals for Name Systems
More informationUnderstanding and Characterizing Hidden Interception of the DNS Resolution Path
Who Is Answering My Queries? Understanding and Characterizing Hidden Interception of the DNS Resolution Path Baojun Liu, Chaoyi Lu, Haixin Duan, YingLiu, ZhouLi, ShuangHaoand MinYang ISP DNS Resolver DNS
More informationSession initiation protocol & TLS
POSH bof Session initiation protocol & TLS Olle E. Johansson, IETF 87 Berlin, July 2013 oej@edvina.net * @oej v 1.42 Executive summary: SIP security filosophy: Let s put a nice and soft fluffy TLS wrapper
More informationDNS Flag day. A tale of five cctlds. Hugo Salgado,.CL Sebastián Castro,.NZ DNS-OARC 29, Amsterdam
DNS Flag day A tale of five cctlds Hugo Salgado,.CL Sebastián Castro,.NZ DNS-OARC 29, Amsterdam 1 What is EDNS? RFC 6891 Defines a backward compatible mechanism to signal support for new DNS options Original
More informationFeature Comparison Checklist
Feature Comparison Checklist We invite you to use this checklist to help guide your team in identifying your mobile forms requirements. This checklist also provides an easy way to compare the Formotus
More informationDNSSEC Workshop. Dan York, Internet Society ICANN 54 October 2015
DNSSEC Workshop Dan York, Internet Society ICANN 54 October 2015 Remote Participation Slides and audio streams at: https://meetings.icann.org/en/dublin54/ schedule/wed-dnssec Live video stream via YouTube
More informationThe DNS Camel. Or How many features can we add to this protocol before it breaks? Bert Hubert /
The DNS Camel Or How many features can we add to this protocol before it breaks? Bert Hubert / bert.hubert@powerdns.com 185 RFCs 2781 pages / 166891 lines 888233 words This is 2 times The C++
More informationDNS Survival Guide. Artyom Gavrichenkov
DNS Survival Guide Artyom Gavrichenkov A bit of a history: DNS 1983: (int32)*host_str; A bit of a history: DNS 1983: (int32)*host_str; 1997-2017: load balancing geobalancing ASN policies
More informationDANE, why we need it. Daniel Stirnimann Bern, 29. March SWITCH 1
DANE, why we need it Daniel Stirnimann daniel.stirnimann@switch.ch Bern, 29. March 2017 2017 SWITCH 1 Why do we trust this website? 2017 SWITCH 2 Why do we trust this website? 1. DNS lookup for www.credit-suisse.com
More informationJohn S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante
John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS http://aqualab.cs.northwestern.edu ! DNS designed to map names to addresses Evolved into a large-scale distributed system!
More informationDomain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
More informationMeasuring the effects of DNSSEC deployment on query load
Measuring the effects of DNSSEC deployment on query load Jelte Jansen NLnet Labs NLnet Labs document 26-2 May 1, 26 Abstract Ripe NCC recently started signing the zones on their DNS servers. This document
More informationIntroduction to the DANE Protocol
Introduction to the DANE Protocol ICANN 46 April 10, 2013 Internet Society Deploy360 Programme Providing real-world deployment info for IPv6, DNSSEC and other Internet technologies: Case Studies Tutorials
More informationApplication Layer. Applications and application-layer protocols. Goals:
Application Layer Goals: Conceptual aspects of network application protocols Client paradigm Service models Learn about protocols by examining popular application-level protocols HTTP DNS 1 Applications
More informationVMware Tunnel on Linux. VMware Workspace ONE UEM 1811
VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback
More informationECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
More informationIETF Working Groups. https://datatracker.ietf.org/wg/ 127 Working Groups in:
IETF Working Groups https://datatracker.ietf.org/wg/ 127 Working Groups in: Applications Transport Internet Operations and Management Real-time Applications and Infrastructure Routing Security tcpinc,
More informationEvaluation and consideration of multiple responses. Kazunori Fujiwara, JPRS OARC 28
Evaluation and consideration of multiple responses Kazunori Fujiwara, JPRS fujiwara@jprs.co.jp OARC 28 Past discussion Background DNS is query response based protocol Each query contains one QNAME / QTYPE
More informationFencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1
Fencing the Cloud with Identity Roger Casals Senior Director Product Management Shared vision for the Identity: Fencing the Cloud 1 Disclaimer Copyright 2014 Symantec Corporation. All rights reserved.
More informationNetwork Requirements
GETTING STARTED GUIDE l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l
More informationDANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014!
DANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014! Outline! What is DANE?! The TLSA Record! TLSA Browser Plugin! Generating the TLSA Record! Other uses for DANE! 2!
More informationWhat s new in TLS 1.3 (and OpenSSL as a result) Rich Salz
What s new in TLS 1.3 (and OpenSSL as a result) Rich Salz Timeline TLS 1.0 RFC 2246 January 1999 TLS 1.1 RFC 4346 April 2006 TLS 1.2 RFC 5246 August 2008 a whole bunch of RFC s for new crypto, secure renegotiation,
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationDNSSEC: what every sysadmin should know to keep things working
DNSSEC: what every sysadmin should know to keep things working Roland van Rijswijk - Deij roland.vanrijswijk@surfnet.nl About SURFnet National Research and Education Network (NREN) Founded in 1986 > 11000km
More informationRequest for Comments: 3764 Category: Standards Track April enumservice registration for Session Initiation Protocol (SIP) Addresses-of-Record
Network Working Group J. Peterson Request for Comments: 3764 NeuStar Category: Standards Track April 2004 enumservice registration for Session Initiation Protocol (SIP) Addresses-of-Record Status of this
More informationBT CLOUD VOICE COMMUNICATOR USER GUIDE.
BT CLOUD VOICE COMMUNICATOR iphone EDITION. USER GUIDE. WHAT S IN THIS GUIDE. 1. Introduction. 3 1.1 Overview 3 1.2 Audience 3 2. Requirements. 4 2.1 Hardware & Software Requirements 4 2.2 Licensing Requirements
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationInternet and Intranet Protocols and Applications
Internet and Intranet Protocols and Applications Lecture 4: General Characteristics of Internet Protocols; the Email Protocol February 10, 2004 Arthur Goldberg Computer Science Department New York University
More informationeduvpn François Kooman
eduvpn François Kooman @fkooman Enschede, 2018-02-09 Me Software Developer (PHP, C) Freelancer traveling around Europe Used to work for SURFnet Now: lead developer eduvpn / Let s Connect!
More informationRoot KSK Roll Update Webinar
Root KSK Roll Update Webinar Matt Larson, VP of Research 11 October 2017 1 Who has KSK-2017 configured as a trust anchor? Until recently, there was no way to know which trust anchors validators have configured
More informationWhy do we really want an ID/locator split anyway?
Why do we really want an ID/locator split anyway? Dave Thaler dthaler@microsoft.com MobiArch 2008 1 Starting from basics Users deal with names, not addresses (esp. in IPv6) Humans need friendly identifiers
More informationBuilding a Kubernetes on Bare-Metal Cluster to Serve Wikipedia. Alexandros Kosiaris Giuseppe Lavagetto
Building a Kubernetes on Bare-Metal Cluster to Serve Wikipedia Alexandros Kosiaris Giuseppe Lavagetto Introduction The Wikimedia Foundation is the organization running the infrastructure supporting Wikipedia
More informationBack-end architecture
Back-end architecture Tiberiu Vilcu Prepared for EECS 411 Sugih Jamin 2 January 2018 https://education.github.com/pack 1 2 Outline HTTP 1. HTTP and useful web tools 2. Designing APIs 3. Back-end services
More informationDNSSEC Basics, Risks and Benefits
DNSSEC Basics, Risks and Benefits Olaf M. Kolkman olaf@ripe.net This presentation About DNS and its vulnerabilities DNSSEC status DNSSEC near term future DNS: Data Flow Registry/Registrar Provisioning
More informationSaaS Providers. ThousandEyes for. Summary
USE CASE ThousandEyes for SaaS Providers Summary With Software-as-a-Service (SaaS) applications rapidly replacing onpremise solutions, the onus of ensuring a great user experience for these applications
More informationSIP Compliance APPENDIX
APPENDIX E This appendix describes Cisco SIP proxy server (Cisco SPS) compliance with the Internet Engineering Task Force (IETF) definition of Session Initiation Protocol (SIP) as described in the following
More informationWhat Is Wireless Setup
What Is Wireless Setup Wireless Setup provides an easy way to set up wireless flows for 802.1x, guest, and BYOD. It also provides workflows to configure and customize each portal for guest and BYOD, where
More informationCloudFleet Documentation
CloudFleet Documentation Release 0.1 The CloudFleet Team Sep 27, 2017 Contents 1 Table of Contents 3 1.1 Getting Started.............................................. 3 1.2 Getting Started for Hackers.......................................
More informationDesktop sharing with the Session Initiation Protocol
Desktop sharing with the Session Initiation Protocol Willem Toorop willem.toorop@os3.nl February 25, 2009 How can application and desktop sharing, initiated by SIP, be realised in existing SIP infrastructure
More informationIdentifier Technology Health Indicators (ITHI) Alain Durand, Christian Huitema 13 March 2018
Identifier Technology Health Indicators (ITHI) Alain Durand, Christian Huitema 13 March 2018 ITHI Principles of Operation Technical focus Problem areas à Metrics à Measurement Current value and trend over
More informationOn Host Identity Protocol
On Host Identity Protocol Miika Komu Data Communications Software Group Dep. of Computer Science and Engineering School of Science Aalto University 17.10.2011 Table of Contents Introduction
More informationLast mile authentication problem
Last mile authentication problem Exploiting the missing link in end-to-end secure communication DEF CON 26 Our team Sid Rao Doctoral Candidate Aalto University Finland Thanh Bui Doctoral Candidate Aalto
More informationTLS 1.3. Eric Rescorla Mozilla draft-ietf-tls-tls13-21 IETF 100 TLS 1
TLS 1.3 draft-ietf-tls-tls13-21 Eric Rescorla Mozilla ekr@rtfm.com IETF 100 TLS 1 Agenda Middlebox issues (PR#1091) close_notify and half-close (PR#1092) SNI and resumption(pr#1080) IETF 100 TLS 2 Middlebox
More informationSR-201 Network Relay Quick Start Guide
SR-201 Network Relay Quick Start Guide Table of Content Connect to your device...2 Change configurations...3 Setup remote control via internet...4 Android software...5 Integrate to your applications...6
More informationperdition: Mail Retrieval Proxy
perdition: Mail Retrieval Proxy Horms (Simon Horman) Verge Networks horms@verge.net.au VA Linux Systems Japan, K.K. horms@valinux.co.jp January 2003 http://verge.net.au/linux/perdition/ Introduction Perdition
More informationUnbound in C. San Diego Wouter Wijngaards Stichting NLnet Labs
Unbound in C San Diego - 2006 Wouter Wijngaards (wouter@nlnetlabs.nl) Stichting NLnet Labs page 2 Outline Goals Design Server design Module design Major Issues Threads Local zone server Compression Detail
More informationOverview of Open Source Tools for DNSSEC
Overview of Open Source Tools for DNSSEC Russ Mundy Analytic Solutions (aka: SPARTA, Inc. ) June 23, 2010 I need to have a WWW record Simple DNS Illustration Add Zone Administrator Zone Data publish Authoritative
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationLecture 4 Naming. Prof. Wilson Rivera. University of Puerto Rico at Mayaguez Electrical and Computer Engineering Department
Lecture 4 Naming Prof. Wilson Rivera University of Puerto Rico at Mayaguez Electrical and Computer Engineering Department Outline Names, identifiers, addresses Flat naming Structured naming Attribute based
More informationTAPS-related topics from the NEAT project. Naeem Khademi (NEAT project) TAPS WG - IETF 97 Seoul- South Korea 16 November 2016
TAPS-related topics from the NEAT project Naeem Khademi (NEAT project) TAPS WG - IETF 97 Seoul- South Korea 16 November 2016 Introduction on NEAT NEAT project has been ongoing since March 2015 NEAT library
More informationOverview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly
Last Lecture Overview Scheduled tasks and log management This Lecture DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly Next Lecture Address assignment (DHCP) TELE 301 Lecture 11: DNS 1 TELE
More information2017 DNSSEC KSK Rollover. DSSEC KSK Rollover
2017 DNSSEC KSK Rollover 2017 Edward Lewis DSSEC KSK Rollover APNIC 44 Edward.Lewis@icann.org FIRST TC September 11, 2017 13 September 2017 DNSSEC Signing vs. Validation DNS Security Extensions Digital
More informationWeb as a Distributed System
Web as a Distributed System The World Wide Web is a large distributed system. In 1998 comprises 70-75% of Internet traffic. With large transfers of streaming media and p2p, no longer a majority of bytes,
More informationWhat we did last OARC. Keith Mitchell DNS-OARC RIPE77 DNS WG Amsterdam, Oct 2018
What we did last OARC Keith Mitchell DNS-OARC RIPE77 DNS WG Amsterdam, Oct 2018 OARC's Mission Statement The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit, membership
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 8. Internet Applications Internet Applications Overview Domain Name Service (DNS) Electronic Mail File Transfer Protocol (FTP) WWW and HTTP Content
More informationApplication Layer: OSI and TCP/IP Models
Application Layer Application Layer: OSI and TCP/IP Models The communication process between two communicating nodes is actually a communication process between two applications on these devices. Service
More informationConsiderations and Actions of Content Providers in Adopting IPv6
Considerations and Actions of Content Providers in Adopting IPv6 Sheng Jiang / Huawei Brian Carpenter / University of Auckland www.huawei.com IPv6 Trends Global IPv4 registry (IANA) ran out of spare blocks
More informationSkype for Business for Android
Skype for Business for Android November 2015 Topics in this guide include: Joining meetings Updating availability status Managing contacts Having conversations Customizing your settings For more information
More informationSSL Orchestrator Reference Guide. Version
SSL Orchestrator Reference Guide Version 14.0.0-4.0 SSL Orchestrator v4.0 Reference Guide Page 2 Table of Contents Table of Contents... 3 Document Overview... 4 SSL Orchestrator Object Reference... 5 Common
More informationMagister 6 API Documentation
Magister 6 API Documentation Release 2.0 magister-api November 15, 2017 Contents 1 User Guide 3 1.1 Installation................................................ 3 1.1.1 Server Requirements......................................
More informationStichting NLnet Labs NLnet Labs
Stichting NLnet Labs NLnet Labs To develop Open Source Software and Open Standards for the benefits of the Internet. Paraphrased Article 1 of the Foundations Charter Areas of Interest DNS IP and Routing
More informationRFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal ---
RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal --- Kazunori Fujiwara fujiwara@jprs.co.jp Japan Registry Services Co., Ltd (JPRS) DNS-OARC Workshop 2016/10/16 Last
More informationMAN-IN-THE-MACHINE: EXPLOIT ILL-SECURE COMMUNICATION INSIDE THE COMPUTER
MAN-IN-THE-MACHINE: EXPLOIT ILL-SECURE COMMUNICATION INSIDE THE COMPUTER Thanh Bui*, Siddharth Rao*, Markku Antikainen, Viswanathan Bojan*, Tuomas Aura* *Aalto University, Finland University of Helsinki,
More informationSSSD. Client side identity management. LinuxDays 2012 Jakub Hrozek
SSSD Client side identity management LinuxDays 2012 Jakub Hrozek 20. října 2012 1 User login in Linux 2 Centralized user databases 3 SSSD Section 1 User login in Linux User login in Linux User login in
More informationIPv6 How-To for a Registry 17th CENTR Technical Workshop
IPv6 How-To for a Registry 17th CENTR Technical Workshop Amsterdam, October 2007 Alvaro Vives (alvaro.vives@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) Introduction Main steps to be undertaken
More informationSIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels
Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs
ProxyCap Help 2016 Proxy Labs Table of contents Configuring ProxyCap The Ruleset panel Loading and saving rulesets Delegating ruleset management The Proxies panel The proxy list view Adding, removing and
More informationApplication-layer Protocols
Application-layer Protocols Kai Shen application transport data link physical Network Applications and Application-Layer Protocols application transport data link physical application transport data link
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationDNSSEC Basics, Risks and Benefits
DNSSEC Basics, Risks and Benefits Olaf M. Kolkman olaf@ripe.net This presentation About DNS and its vulnerabilities DNSSEC status DNSSEC near term future DNS: Data Flow Registry/Registrar Provisioning
More informationQUIC. Internet-Scale Deployment on Linux. Ian Swett Google. TSVArea, IETF 102, Montreal
QUIC Internet-Scale Deployment on Linux TSVArea, IETF 102, Montreal Ian Swett Google 1 A QUIC History - SIGCOMM 2017 Protocol for HTTPS transport, deployed at Google starting 2014 Between Google services
More informationBIG-IP Local Traffic Management: Profiles Reference. Version 12.1
BIG-IP Local Traffic Management: Profiles Reference Version 12.1 Table of Contents Table of Contents Introduction to Local Traffic Profiles...7 Introduction to profiles...7 Profile types...7 Default profiles...7
More information