ABSTRACT
The deployment of DNS Security (DNSSEC) can only succeed if there is an effective mechanism for DNS public key validation. This paper compares three potential approaches to DNS key validation. A tree based approach utilizes the existing structure of the DNS tree to form highly structured key signing rules. This makes following chains of trust simple, but it allows no flexibility for individual zones and makes incremental deployment impossible. A pure web of trust based approach imposes no structure what so ever on the key signing process. This lack of structure provides a high degree of local control, but also makes it difficult to find trusted chains or specify security policies.
The third approach is a new proposal based on the concept of a fault-tolerant mesh of trust. The mesh approach utilizes some structured elements from the tree-based approach while maintaining the local flexibility found in the web of trust. Our analysis shows the hybrid mesh approach has the best chance of succeeding in the Internet.
TABLE OF CONTENT
TITLE PAGE
CERTIFICATION
APPROVAL
DEDICATION
ACKNOWLEDGEMENT
ABSTRACT
TABLE OF CONTENT
CHAPTER ONE
1.0INTRODUCTION
1.1STATEMENT OF PROBLEM
1.2PURPOSE OF STUDY
1.3AIMS AND OBJECTIVES
1.4SCOPE/DELIMITATIONS
1.5LIMITATIONS/CONSTRAINTS
1.6DEFINITION OF TERMS
CHAPTER TWO
2.0LITERATURE REVIEW
CHAPTER THREE
3.0METHODS FOR FACT FINDING AND DETAILED DISCUSSIONS OF THE SYSTEM
3.1 METHODOLOGIES FOR FACT-FINDING
3.2DISCUSSIONS
CHAPTER FOUR
4.0FUTURES, IMPLICATIONS AND CHALLENGES OF THE SYSTEM
4.1FUTURES
4.2IMPLICATIONS
4.3CHALLENGES
CHAPTER FIVE
5.0RECOMMENDATIONS, SUMMARY AND CONCLUSION
5.1RECOMMENDATION
5.2SUMMARY
5.3CONCLUSION
5.4REFERENCES