ISSN : 1796-2056
Volume : 3    Issue : 6    Date : June 2008

Key Revocation System for DNSSEC
Gilles Guette
Page(s): 54-61
Full Text:
PDF (355 KB)

The Doma in Name System (DNS) is a distributed tree-based database largely used to translate a
human readable machine name into an IP address. The DNS security extensions (DNSSEC) has
been designed to protect the DNS protocol using public key cryptography and digital signatures. In
this paper, we show how DNSSEC can be attacked using compromised keys and the
consequences of such attacks. Then, we propose a new revocation scheme for DNSSEC based on
two new resource records. There is currently no revocation system defined in the DNSSEC standard.
Index Terms
DNSSEC, Revocation, Key Management, Network Security