his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Establishing DANE TLSA Deployment Levels Among Swedish Second Level Domains
University of Skövde, School of Informatics.
2017 (English)Independent thesis Basic level (degree of Bachelor), 15 credits / 22,5 HE creditsStudent thesis
Abstract [en]

Domain Based Authentication of Named Entities (DANE) is an Internet Engineering Task Force (IETF) standard released in 2012 intended to complement or in some cases replace the current Public Key Infrastructure (PKI) model. The current PKI model uses Transport Layer Security (TLS) certificates issued by Certificate Authorities (CA) binding domain names to public key. These CAs act as trust anchors during the certificate validation process. Web browsers and other TLS supported applications have large lists of trusted CA public keys. If one of these trusted CAs are compromised the whole system is compromised. DANE uses the Domain Name System (DNS) to publish TLS certificate information and create certificate associations to domain names. DANE relies on DNS Security Extensions (DNSSEC) for authentication and message integrity. Using the DNS root as a single trust anchor instead of the many CA trust anchors the attack surface is drastically reduced.In this study a quantitative survey among Swedish DNSSEC signed Second Level Domains (SLD) is performed with the aim to establish the DANE TLSA deployment level among the SLDs in Top Level Domain (TLD) .se.The results show that 686 471 of the Swedish SLDs have been DNSSEC signed which is approximately 49% of all Swedish SLDs. The number of domains that have deployed DANE is very low, with only 79 SLD found to have DANE TLSA resource records in DNS. The total number of DANE TLSA resource records were 175 and the most common service used with DANE TLSA was HTTPS on port 443 which was 62% of all DANE TLSA resource records found. The most common certificate usage field setting was three, domain issued certificates.

Place, publisher, year, edition, pages
2017. , 19 p.
Keyword [en]
DNS, DNSSEC, DANE, Deployment
National Category
Computer Science
Identifiers
URN: urn:nbn:se:his:diva-13730OAI: oai:DiVA.org:his-13730DiVA: diva2:1110505
Subject / course
Informationsteknologi
Educational program
Network and Systems Administration
Supervisors
Examiners
Available from: 2017-06-16 Created: 2017-06-15 Last updated: 2017-06-16Bibliographically approved

Open Access in DiVA

fulltext(677 kB)54 downloads
File information
File name FULLTEXT01.pdfFile size 677 kBChecksum SHA-512
d44bac52901ed4c7f4c7252ac56f676dd2db209652c161cacb61f5efb9d29a966cf4afdc07e50ce1680bf0f0df0efba472f606a03069b04541a8df7e06855020
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sandelin, Rikard
By organisation
School of Informatics
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 54 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 37 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf