Contents

• Network Application Security Using The Domain Name System
  • Preface
  • Acknowledgements
  • List of Figures
  • List of Tables
  • 1 Introduction
    • 1.1 Outline of the Report
  • 2 Background
    • 2.1 Cryptography
    • 2.2 Internet and the Domain Name System
    • 2.3 Public Key Infrastructure
    • 2.4 Domain Name System
    • 2.5 Electronic Messaging
      • 2.5.1 Secure Electronic Messaging
      • 2.5.2 Multipurpose Internet Mail Extension
      • 2.5.3 Privacy Enhanced Mail
      • 2.5.4 Pretty Good Privacy
      • 2.5.5 Security Multiparts for MIME
      • 2.5.6 Secure MIME
  • 3 Use Cases
    • 3.1 Email Client
    • 3.2 Certificate Publishing
  • 4 LDAP and DNS as Certificate Directories
    • 4.1 Why Focus on LDAP and DNS?
      • 4.1.1 How the Certificates are Used
      • 4.1.2 How the Directory is Used
    • 4.2 Locating Certificates
      • 4.2.1 Certificate Naming
      • 4.2.2 Lightweight Directory Access Protocol
      • 4.2.3 Domain Name System
    • 4.3 Updating Certificates in a Directory
      • 4.3.1 Updating in LDAP
      • 4.3.2 Updating in DNS
      • 4.3.3 Conclusions
    • 4.4 Performance and Overhead
      • 4.4.1 Caching in DNS and How it Affects Certificate Lookup
      • 4.4.2 The Domain Name System Protocol
      • 4.4.3 The Lightweight Directory Access Protocol
      • 4.4.4 Round Trips
      • 4.4.5 Packet Size
      • 4.4.6 Computer Resource Utilization
  • 5 DNS Security Considerations
    • 5.1 Secure DNS
      • 5.1.1 Data Non-existence
      • 5.1.2 NXT Chaining
    • 5.2 Data Non-existence with Minimum Disclosure
    • 5.3 Implementing the Idea in DNS
  • 6 Conclusions
  • Bibliography
  • Index
  • A. NO Resource Records
  • B. Sample Certificates
  • C. Benchmarking Tool