Network Application Security Using
The Domain Name System

Simon Josefsson

Abstract:

A major problem for a distributed security system is the management of cryptographic keys. Public key techniques are often used to overcome many of the problems. However, successful use of public key techniques in large systems such as the Internet requires a certificate directory, that is, a mechanism to locate and retrieve the public keys. In this thesis we explore how a common name lookup mechanism, the Domain Name System (DNS), can be used to provide this functionality. We show how the idea can be implemented in a secure mail application together with S/MIME. We compare the DNS lookup mechanism with traditional Directory Access Protocol based systems and identify weaknesses and strenghts. We also discuss and suggest a solution to privacy threats that arise because of recent security additions to the DNS, namely Secure DNS.