DNSSec presented at BlackHatAbuDhabi 2010

by Dan Kaminsky,

Summary : Introducing the Domain Key Infrastructure X509 based PKI failed. We know this. But it's still seen as the best way to distribute trust. Can we do better? Yes we can. DNSSEC has the potential to revolutionize authentication -- if it can be shown to be operationally viable. Put simply, it's either cheap and easy, or it's more of the same. In this talk, I am going to show DNSSEC deployed in minutes. I'm going to show cross-organizational federated OpenSSH. I'm going to demonstrate upgrading OpenSSL derived apps to DKI with nothing but a single command line preload. And, finally, I'm going to show end to end secure email that isn't operationally impossible to actually use -- and will work, worldwide.