Technical Report 1130006

Title: IPsec's Appeal: Protecting DNS Under the Covers
Version (s): < 1 >
Authors: Eric Osterweil
Danny McPherson
Date: 2013-01-07
Paper: Download here
Abstract: IPsec is a network-layer protection suite that has met with limited deployment success. While there are clearly some applications for which it is well suited (such as Virtual Private Networks, VPNs), there is of- ten debate over the idea of a wider role for it. Indeed, when applications and higher level protocols are secured by semantics above the network layer, such as by SSL/TLS, DNSSEC, etc. the network layerÂ’s protections are often left unaddressed. We propose that security assurances should be embraced by as many layers as possible, and that securing semantics above the network layer should not obviate one from securing the network layer itself. Specifically, we propose that there are very tangible benefits to be gained by augmenting DNSSEC's protections with IPsec. In this work we will outline the specific ways in which IPsec can be used to augment DNSSEC and how their protections are complimentary.
                author = {Eric Osterweil and Danny McPherson},
                title = {IPsec's Appeal: Protecting DNS Under the Covers},
                booktitle = {Verisign Labs Technical Reports},
                number = {1130006 version 1},
                year = {2013},