Hi-index | 0.00 |
The Domain Name System (DNS) has been a critical component of the Internet since the 1980s. Incidents from the wild, such as recent cache poisoning exploits, emphasize that it's vulnerable to attacks. DNS Security Extensions (DNSSEC) define a way to use cryptography for end-to-end protection of DNS data. Although the visible deployment of DNSSEC has grown at a tremendous rate, evidence suggests that the management of cryptographic keys is deceptively complex and has led to visible misconfigurations. Here, the authors outline the problem of managing DNSKEYs as it stands today, and where there exist competing proposed solutions, present a survey comparison.