DOCSLIB.ORG

Daniel Karrenberg Elected As Chair of ISOC's Board of Trustees

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Daniel Karrenberg Elected As Chair of ISOC's Board of Trustees www.ripe.net Information bulletin for the members of the RIPE NCC The RIPE NCC Member Update Daniel Karrenberg Elected as Chair of ISOC’s is intended for LIR Board of Trustees contacts. If you are not the right The RIPE NCC is pleased to announce that its person to receive Chief Scientist, Daniel Karrenberg, has been this update, please elected as the new Chair of the Internet Society’s forward it to the (ISOC’s) Board of Trustees. Daniel was elected appropriate colleague. on 1 July 2006 during ISOC’s Annual General Meeting (AGM) which was held in Marrakesh, Morocco. “The Internet Society has much to contribute to the continued success of the Internet,” said Daniel. “The diligent work of my predecessors, the Trustees and the staff has put the society in a very sound position. Building on this foundation, we will intensify our work in the areas of public policy and education. We will ensure that the © Merlin Daleman Internet Engineering Task Force (IETF) has the Daniel Karrenberg, Chief Scientist, RIPE NCC administrative support it needs to continue its exemplary standardisation work. We will continue was awarded the Jon Postel service award in to build a healthy network of chapters for local recognition of two decades of extraordinary activities close to the Internet users. All this will dedication to the development of networking help us to realise our motto ‘The Internet is for in Europe and around the world. A regular IETF Everyone’”. participant since 1992, Daniel has co-authored several RFCs. Daniel is a pioneer member of ISOC and has been actively involved with the development We hope you will join the RIPE NCC in of many of the society’s educational initiatives. congratulating Daniel on his election and wishing He taught tutorials at early INET conferences, him continued success with the important supported networking workshops and has contributions he makes to ISOC’s work for the written ISOC member briefings about Internet Internet community. • operations and coordination. In 2001, he This publication is available online at: Table of Contents http://www.ripe.net/ membership/newsletter/ Daniel Karrenberg Elected as RIPE “IP Anti-Spoofing” Task Force Formed 8 Chair of ISOC’s Board of Trustees 1 IP Resource Request Forms and If you have any Certification of IP Resources 2 - 3 Supporting Notes 9 feedback about this RIPE Policy Development in 2006 4 - 5 NRO Activities Related to Internet Governance 9 publication, please RIPE NCC Policy Development Officer 5 NRO Represented in Internet Governance contact: RIPE Meetings 5 Forum Advisory Group 9 [email protected] RIPE NCC General Meetings 6 The Internet Governance Forum, Athens 2006 10 RIPE NCC Regional Meetings 6 Improvements to RIPE NCC’s DNS Services 11 New ARIN Outreach Tools 7 The RIPE NCC E-Learning Centre 11 APNIC Update 7 - 8 Conference Calendar 12 Updated RIPE Database User Manual 8 RIPE NCC Training Courses 12 © RIPE NCC The mission of the RIPE NCC is to perform activities for the benefit of the membership; primarily activities All right reserved. that the members need to organise as a group, although they may compete with each other in other areas. Certification of IP Resources Geoff Huston, Internet Research Scientist, APNIC Introduction relating to address prefixes. So when a client network requests its ISP to accept a routing advertisement for a particular address prefix, The Internet has presented us with some novel how can the service provider establish whether challenges in its role as a global communications the request is valid and the addresses are, platform. These challenges include creating indeed, ones that properly can be associated applications that support new communication with the client network? When two ISPs enter paradigms, as well as tackling an entirely new Geoff Huston, APNIC into a peering arrangement at a local exchange, realm of security considerations. It is this latter how can each ISP tell whether all the route area, and in particular the aspect of network advertisements from the other ISP are valid? infrastructure security, that resource certification The task of establishing the validity of routing can play a critically important role. requests and routing advertisements is one that has serious repercussions if a mistake occurs, One of the common vulnerabilities of the Internet particularly if the ISP admits a malicious route lies in the routing subsystem. If it is possible to into the routing fabric. inject false routing information into the routing system, then a number of forms of hostile attack are enabled. In this case, there is no need Validating Routing Requests to compromise the proper operation of any particular application, nor is there any need to There are various information resources available create a drone army through the assembly of today that can assist in validating a routing captured end systems. request, including WHOIS database queries and Internet Routing Registries (IRRs). However, such By being able to manipulate the network’s routing resources have some issues with the currency, state, it is possible to redirect user traffic as well accuracy, completeness and the validity of the as to perform traffic inspection, alteration or information they present. Validating a routing subversion, all without the user even being aware request or a routing advertisement can quickly of the attack. Through deliberate subversion of become an exercise in data mining across routing, services can be hijacked or blocked and a rather diverse set of potentially conflicting entire networks can be black-holed. Why is the information sources. Such a validation task can Internet’s routing system, the integrity of which be complex, expensive to undertake and can appears to be so critical to the proper functioning lead to outcomes that are not totally trustworthy. of all forms of Internet services, such a point of vulnerability? In an industry of low margins and cost constraint, it is not surprising that route validation, Routing and “Trust” particularly in complex cases, is often performed in a haphazard fashion. This leads to a continual series of attack incidents via deliberate The answer lies in the nature of the Internet. A subversion of the route admission process more historical model of network service and, consequently, deliberate subversion of the provision was that of a small number of qualified routing system. network service providers and an associated set of network clients. The trust model within Can we improve this situation? Is it possible to such a framework spans across the network improve the level of accuracy of validation while service providers and explicitly excludes the at the same time making validation fast, efficient, client base. Examples of such a framework accurate and cheap? include the international postal system or the public switched telephone system. The Internet model has a broader model of a network service Resource Certification provider that includes various forms of networks that would normally be considered as clients One possible approach to this is through the use rather than peer network service providers. This of public key cryptography, coupled with a public results in a trust domain that is both very broad key certificate infrastructure. In such a framework, and very diverse. Indeed so diverse as to make IP resource holders (of IP addresses and AS the term “trust” inapplicable. Numbers) hold a private key that is associated with their resource holdings. The corresponding In such an environment, networks interconnect public key is certified by the resource issuer, by means of exchange of routing information where the public certificate lists both the matching public key and the resource holdings. This the resource sub-allocations that it performs, certificate is signed by the issuer’s private key. and so on. Validation of a resource certificate Any document signed with the resource holder’s is, within the terms of this framework, directly private key can be readily validated against the analogous to unravelling and validating a issued certificate, and if the document contains a sequence of WHOIS resource allocation records reference to an IP resource, this resource can be from the RIR to the target entity. However, in this compared to that listed in the certificate. In effect, case the path is deterministic and the information this certificate represents a form of “right-of- model being used is consistent along the use” of an IP resource, granted by the resource entire certificate path. How can such resource issuer. For example, if an entity has been certificates be used to improve the situation with assigned the IP address block 192.0.2.0/24 respect to routing security? and wishes an ISP to route that address prefix on its behalf, it would sign a route request with Improving Routing Security its private signature and attach the associated resource certificate. The recipient of the route This resource certificate framework can also request could validate the signature against the be used as the supporting infrastructure for certificate, and check that the address block in security-related refinements in inter-domain the certificate encompasses the address block routing protocols. One approach, sBGP, 192.0.2.0/24. Why is the proposes adding digital signatures to BGP update messages, allowing a BGP peer to Internet’s This certificate is then validated in the context of validate the authenticity of the address prefix routing system, a Resource Certificate Public Key Infrastructure being advertised. This also allows a BGP peer (PKI). If the certificate is valid, then there is a high the integrity of to validate that the update message itself degree of confidence that the routing request is has traversed the same network path as that which appears legitimate, that it came from the current holder of asserted in the AS PATH attribute of the update to be so critical the resource and that the resource itself is validly message.
Load more

Recommended publications
  • Understanding the Impact of Network Infrastructure Changes Using Large-Scale Measurement Platforms
    Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms Vaibhav Bajpai Understanding the Impact of Network Infrastructure Changes using Large-Scale Measurement Platforms by Vaibhav Bajpai A thesis submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Dissertation Committee: Prof. Dr. Jürgen Schönwälder Jacobs University Bremen, Germany Dr. Kinga Lipskoch Jacobs University Bremen, Germany Prof. Dr. Filip De Turck University of Ghent, Belgium Date of Defense: May 30, 2016 DECLARATION I, hereby declare that I have written this PhD thesis independently, unless where clearly stated otherwise. I have used only the sources, the data and the support that I have clearly mentioned. This PhD thesis has not been submitted for conferral of degree elsewhere. I confirm that no rights of third parties will be infringed by the publication of this thesis. Bremen, Germany, May 30, 2016 Vaibhav Bajpai This thesis is dedicated to my mom for her love, endless support and encouragement ACKNOWLEDGMENTS I would like to express my gratitude to my supervisor Jürgen Schönwälder for providing me constant feedback and support throughout the entire duration of my doctoral research. I would also like to thank my thesis committee consisting of Jürgen Schönwälder, Kinga Lipskoch and Filip De Turck for guiding and supporting my doctoral research. I am grateful to my co-authors: Steffie Jacob Eravuchira, Saba Ahsan, Radek Krejˇcí,Jörg Ott and Jürgen Schönwälder with whom I learned to be a productive collaborator. Special thanks to: Sam Crawford, Philip Eardley, Trevor Burbridge, Arthur Berger, Daniel Karrenberg, Robert Kisteleki, Al Morton, Frank Bulk, Dan Wing and Andrew Yourtchenko for providing valuable and constructive feedback for improving my manuscripts.
    [Show full text]
  • The People Who Invented the Internet Source: Wikipedia's History of the Internet
    The People Who Invented the Internet Source: Wikipedia's History of the Internet PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sat, 22 Sep 2012 02:49:54 UTC Contents Articles History of the Internet 1 Barry Appelman 26 Paul Baran 28 Vint Cerf 33 Danny Cohen (engineer) 41 David D. Clark 44 Steve Crocker 45 Donald Davies 47 Douglas Engelbart 49 Charles M. Herzfeld 56 Internet Engineering Task Force 58 Bob Kahn 61 Peter T. Kirstein 65 Leonard Kleinrock 66 John Klensin 70 J. C. R. Licklider 71 Jon Postel 77 Louis Pouzin 80 Lawrence Roberts (scientist) 81 John Romkey 84 Ivan Sutherland 85 Robert Taylor (computer scientist) 89 Ray Tomlinson 92 Oleg Vishnepolsky 94 Phil Zimmermann 96 References Article Sources and Contributors 99 Image Sources, Licenses and Contributors 102 Article Licenses License 103 History of the Internet 1 History of the Internet The history of the Internet began with the development of electronic computers in the 1950s. This began with point-to-point communication between mainframe computers and terminals, expanded to point-to-point connections between computers and then early research into packet switching. Packet switched networks such as ARPANET, Mark I at NPL in the UK, CYCLADES, Merit Network, Tymnet, and Telenet, were developed in the late 1960s and early 1970s using a variety of protocols. The ARPANET in particular led to the development of protocols for internetworking, where multiple separate networks could be joined together into a network of networks. In 1982 the Internet Protocol Suite (TCP/IP) was standardized and the concept of a world-wide network of fully interconnected TCP/IP networks called the Internet was introduced.
    [Show full text]
  • A Long Time Ago, in a Meeting Room Far, Far Away...Or Maybe 17 Years
    A long time ago, in a meeting room far, far away.... ... or maybe 17 years ago, in Houston, Texas... ...work in the IETF began on... DNSSEC For their efforts with DNSSEC, the IETF wishes to thank: Joe Abley - Danny Aerts Alain Aina - Mehmet Akcin Jaap Akerhuis - Mark Andrews Roy Arends - Derek Atkins Rob Austein - Roy Badami Alan Barrett - Doug Barton Rickard Bellgrim - Ray Bellis Steve Bellovin - Dan Bernstein David Blacka - Stéphane Bortzmeyer Eric Brunner-Williams - Len Budney Randy Bush - Bruce Campbell Vint Cerf - K.C. Claffy Alan Clegg - David Conrad Michelle S. Cotton - Olivier Courtay John Crain - Dave Crocker Steve Crocker - Alex Dalitz Joao (Luis Silva) Damas Hugh Daniel - Kim Davies John Dickinson - Vasily Dolmatov Lutz Donnerhacke - Mats Dufberg Francis Dupont - Donald Eastlake Anne-Marie Eklund-Löwinder Howard Eland - Robert Elz Patrik Fältström - Mark Feldman Ondrej Filip - Martin Fredriksson Alex Gall - James M. Galvin Joe Gersch - Demi Getchko Miek Gieben - John Gilmore Steve Goodbarn - James Gould Michael Graff - Chris Griffiths Olafur Gudmundsson - Gilles Guette Andreas Gustafsson Jun-ichiro Itojun Hagino Staffan Hagnell Phillip Hallam-Baker Ilja Hallberg - Bob Halley Cathy Handley - Wes Hardaker Ted Hardie - Ashley Heineman Jeremy Hitchcock - Bernie Hoeneisen Alfred Hoenes - Paul Hoffman Scott Hollenbeck - Russ Housley Geoff Houston - Walter Howard Bert Hubert - Greg Hudson Christian Huitema - Shumon Huque Johan Ihren - Stephen Jacob Jelte Jansen - Rodney Joffe Simon Josefsson - Daniel Kalchev Andris Kalnozols - Dan
    [Show full text]
  • Securing the Border Gateway Protocol by Stephen T
    September 2003 Volume 6, Number 3 A Quarterly Technical Publication for From The Editor Internet and Intranet Professionals In This Issue The task of adding security to Internet protocols and applications is a large and complex one. From a user’s point of view, the security- enhanced version of any given component should behave just like the From the Editor .......................1 old version, just be “better and more secure.” In some cases this is simple. Many of us now use a Secure Shell Protocol (SSH) client in place of Telnet, and shop online using the secure version of HTTP. But Securing BGP: S-BGP...............2 there is still work to be done to ensure that all of our protocols and associated applications provide security. In this issue we will look at Securing BGP: soBGP ............15 routing, specifically the Border Gateway Protocol (BGP) and efforts that are underway to provide security for this critical component of the Internet infrastructure. As is often the case with emerging Internet Virus Trends ..........................23 technologies, there exists more than one proposed solution for securing BGP. Two solutions, S-BGP and soBGP, are described by Steve Kent and Russ White, respectively. IPv6 Behind the Wall .............34 The Internet gets attacked by various forms of viruses and worms with Call for Papers .......................40 some regularity. Some of these attacks have been quite sophisticated and have caused a great deal of nuisance in recent months. The effects following the Sobig.F virus are still very much being felt as I write this. Fragments ..............................41 Tom Chen gives us an overview of the trends surrounding viruses and worms.
    [Show full text]
  • Update 6: Internet Society 20Th Anniversary and Global INET 2012
    Update 6: Internet Society 20th Anniversary and Global INET 2012 Presented is the latest update (edited from the previous “Update #6) on the Global INET 2012 and Internet Hall of Fame. Executive Summary By all accounts, Global INET was a great success. Bringing together a broad audience of industry pioneers; policy makers; technologists; business executives; global influencers; ISOC members, chapters and affiliated community; and Internet users, we hosted more than 600 attendees in Geneva, and saw more than 1,300 participate from remote locations. Global INET kicked off with our pre‐conference programs: Global Chapter Workshop, Collaborative Leadership Exchange and the Business Roundtable. These three programs brought key audiences to the event, and created a sense of energy and excitement that lasted through the week. Of key importance to the program was our outstanding line‐up of keynotes, including Dr. Leonard Kleinrock, Jimmy Wales, Francis Gurry, Mitchell Baker and Vint Cerf. The Roundtable discussions at Global INET featured critical topics, and included more than 70 leading experts engaged in active dialogue with both our in‐room and remote audiences. It was truly an opportunity to participate. The evening of Monday 23 April was an important night of celebration and recognition for the countless individuals and organizations that have dedicated time and effort to advancing the availability and vitality of the Internet. Featuring the Internet Society's 20th Anniversary Awards Gala and the induction ceremony for the Internet Hall of Fame, the importance of the evening cannot be understated. The media and press coverage we have already received is a testament to the historic nature of the Internet Hall of Fame.
    [Show full text]
  • The Amateur Computerist Gathers an Article Was Written and Published in the Some Documents from That Celebration
    The Amateur Comp u terist http://www.ais.org/~jrh/acn/ Summer 2008 ‘Across the Great Wall’ Volume 16 No. 2 2007. Participating were international Internet pio- Celebration neers, representatives of the Internet in China and The First Email Message from China to CSNET historians and journalists. From 1983 to 1987, two teams of scientists and engineers worked to overcome the technical, financial, and geographic obstacles to set up an email connection between China and the interna- tional CSNET. One team was centered around Werner Zorn at Karlsruhe University in the Federal Republic of Germany. The other team was under the general guidance of Wang Yuenfung at the In- stitute for Computer Applications (ICA) in the Peo- ple’s Republic of China. The project succeeded based on the scientific and technical skill and friendship, resourcefulness and dedication of the members of both teams. The first successful email message was sent on Sept 20, 1987 from Beijing to computer scien- tists in Germany, the U.S. and Ireland. The China- CSNET connection was granted official recogni- tion and approval on Nov 8 1987 when a letter (Composed 14 Sept 1987, sent 20 Sept 1987) signed by the Director of the U.S. National Science Foundation Division of Networking and Commu- A celebration of the 20th anniversary of the nications Research and Infrastructure Stephen first email message that was sent from China to the Wolff was forwarded to the head of the Chinese world via the international Computer Science Net- delegation, Yang Chuquan at an International work (CSNET) was held at the Hasso Plattner In- Networkshop in the U.S.
    [Show full text]
  • Vannevar Bush and JCR Licklider
    Spring 2007 On the Origin of the Net and the Netizen Volume 15 No. 2 attracted attention. People on every continent Netizens and WSIS: wanted access. In 1998, at the International Tele- Celebrating the Demand for communications Union (ITU) Plenipotentiary Universal Access Conference, Tunisia suggested the idea of a World Summit on the Information Society (WSIS). In 2002, recognizing the challenge to make access to the information society and the Internet universal, In the early 1990s, Michael Hauben and the United Nations General Assembly endorsed a Ronda Hauben began to document the history and proposal to hold such a summit. There were to be social impact of Usenet and the Internet. In 1994, two phases, the first in Geneva in 2003 and the they put their research online as the netizens second in Tunis in 2005. The papers gathered in netbook. Its title was “Netizens and the Wonderful this issue of the Amateur Computerist were World of the Net.” Then, in May 1997 there presented as a panel in the scientific side event appeared a print edition, Netizens: On the History conference, the Past, Present, and Future of and Impact of Usenet and the Internet,1 which is Research in the Information Society (PPF),2 held in celebrating its tenth anniversary in 2007. conjunction with the Tunis phase of the WSIS. Michael Hauben opens Chapter One of the The WSIS events with their culminating book Netizens with the greeting: meeting in Tunis in Nov 2005 demonstrated the Welcome to the 21st Century. You are a grassroots desire for the promise of the Internet Netizen (a Net Citizen), and you exist as a and of the netizen to be realized around the globe.
    [Show full text]
  • Encouraging Reproducibility in Scientific Research of the Internet
    Report from Dagstuhl Seminar 18412 Encouraging Reproducibility in Scientific Research of the Internet Edited by Vaibhav Bajpai1, Olivier Bonaventure2, Kimberly Claffy3, and Daniel Karrenberg4 1 TU München, DE, [email protected] 2 UC Louvain, BE, [email protected] 3 San Diego Supercomputer Center, US, [email protected] 4 RIPE NCC - Amsterdam, NL, [email protected] Abstract Reproducibility of research in Computer Science (CS) and in the field of networking in particular is a well-recognized problem. For several reasons, including the sensitive and/or proprietary nature of some Internet measurements, the networking research community pays limited attention to the of reproducibility of results, instead tending to accept papers that appear plausible. This article summarises a 2.5 day long Dagstuhl seminar on Encouraging Reproducibility in Scientific Research of the Internet held in October 2018. The seminar discussed challenges to improving reproducibility of scientific Internet research, and developed a set of recommendations that we as a community can undertake to initiate a cultural change toward reproducibility of our work. It brought together people both from academia and industry to set expectations and formulate concrete recommendations for reproducible research. This iteration of the seminar was scoped to computer networking research, although the outcomes are likely relevant for a broader audience from multiple interdisciplinary fields. Seminar October 7–10, 2018 – http://www.dagstuhl.de/18412 2012 ACM Subject Classification Networks Keywords and phrases Computer Networks, Reproducibility Digital Object Identifier 10.4230/DagRep.8.10.41 1 Executive Summary Vaibhav Bajpai Olivier Bonaventure Kimberly Claffy Daniel Karrenberg License Creative Commons BY 3.0 Unported license © Vaibhav Bajpai, Olivier Bonaventure, Kimberly Claffy, and Daniel Karrenberg Reproducibility in scientific research is a means to not only achieve trustworthiness of results, but it also lowers barriers to technology transition [40] and accelerates science by promoting incentives to data sharing.
    [Show full text]
  • Signposts in Cyberspace: the Domain Name System and Internet Navigation
    Prepublication Copy—Subject to Further Editorial Correction Signposts in Cyberspace: The Domain Name System and Internet Navigation Committee on Internet Navigation and the Domain Name System: Technical Alternatives and Policy Implications Computer Science and Telecommunications Board Division on Engineering and Physical Sciences NATIONAL ACADEMIES PRESS Washington, D.C. www.nap.edu Prepublication Copy—Subject to Further Editorial Correction THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, D.C. 20001 NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. Support for this project was provided by the U.S. Department of Commerce and the National Science Foundation under Grant No. ANI-9909852 and by the National Research Council. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Commerce Department. International Standard Book Number Cover designed by Jennifer M. Bishop. Copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, D.C. 20055, (800) 624-6242 or (202) 334-3313 in the Washington metropolitan area. Internet, http://www.nap.edu Copyright 2005 by the National Academy of Sciences. All rights reserved. Printed in the United States of America Prepublication Copy—Subject to Further Editorial Correction The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare.
    [Show full text]
  • Brought People Together Werner Zorn, Berlin; Jay Hauben, New York; Ann-Marie Plubell, Washington D.C
    How the lost e-mail message “Across the Great Wall…” brought people together Werner Zorn, Berlin; Jay Hauben, New York; Ann-Marie Plubell, Washington D.C. (08.02.2014, 10:30 MET-WZ) I. General Overview The famous e-mail message “Across the Great Wall we can reach every corner in the world” has come to stand for China’s entry into the Internet community. It was typed in on Sep. 14 and sent out on Sep. 20, 1987. There were thirteen signers of that message. Six were from a German team and seven from a Chinese team. When Jay Hauben did online research in 2004 about the first e-mail message it took him mostly to web sites in China. The story told there gave most credit for the China-CSNET connection to a Chinese engineer, Qian Tian Bai but his name was not on the original e-mail message. Also missing from the history on the websites in China was any credit to Professor Wang Yuen Fung whose name headed the Chinese team or to Professor Werner Zorn whose name headed the German team. Fifteen years passed, before the first attempts were made to bring more light into the past of the adolescent Chinese Internet. All three authors of this paper became involved and now try to outline how that e-mail brought people together, not only in researching the history later, but also from the very first moment after the e-mail being sent from Beijing over Karlsruhe to key persons in the US and Europe, who distributed the mail within the inner circle of decision makers in the emerging Internet.
    [Show full text]
  • The Internet Domain Name System Explained for Non- Experts Internet Society Member Briefing #16 by Daniel Karrenberg
    The Internet Domain Name System Explained for Non- Experts Internet Society Member Briefing #16 By Daniel Karrenberg The Internet Domain Name System Explained for Non-Experts Dear non-Experts, This is for you, who always wanted or needed to know how Internet names really work. The Internet Domain Name System (DNS) is a fascinating technology; almost all Internet applications make use of it. After reading this you will not suddenly have become a DNS expert, but you will have an understanding of how the DNS works and you should be able to distinguish a real DNS expert from a pretender. Dear Experts, This is not for you. For the sake of explaining principles we will often generalise and do this sometimes to the point where our explanations are not strictly correct in every last detail. The relevant Internet standards are where you find the details. Purpose of the DNS The purpose of the DNS is to enable Internet applications and their users to name things that have to have a globally unique name. The obvious benefit is easily memorizable names for things like web pages and mailboxes, rather than long numbers or codes. Less obvious but equally important is the separation of the name of something from its location. Things can move to a totally different location in the network fully transparently, without changing their name. www.isoc. org can be on a computer in Virginia today and on another computer in Geneva tomorrow without anyone noticing. In order to achieve this separation, names must be translated into other identifiers which the applications use to communicate via the appropriate Internet protocols.
    [Show full text]
  • Tls Performance
    TLS PERFORMANCE Masterarbeit zur Erlangung des akademischen Grades Master of Science Verfasser: Richard Fussenegger, BSc Vorgelegt am FH-Masterstudiengang MultiMediaTechnology, Fachhochschule Salzburg Begutachtet durch: Dipl.-Ing. Dr. Peter Meerwald (Betreuer) Mag. (FH) Hannes Moser (Zweitgutachter) Thal, 1. Juni 2015 I Eidesstattliche Erklärung Hiermit versichere ich, Richard Fussenegger, geboren am 27. Juni 1985 in Bregenz, dass ich die Grundsätze wissenschaftlichen Arbeitens nach bestem Wissen und Gewissen einge- halten habe und die vorliegende Masterarbeit von mir selbstständig verfasst wurde. Zur Erstellung wurden von mir keine anderen als die angegebenen Quellen und Hilfsmittel verwendet. Ich versichere, dass ich die Masterarbeit weder im In- noch Ausland bisher in ir- gendeiner Form als Prüfungsarbeit vorgelegt habe und dass diese Arbeit mit der den BegutachterInnen vorgelegten Arbeit übereinstimmt. Thal, am 1. Juni 2015 1210695017 Richard Fussenegger Personenkennzeichen II Kurzfassung Verschlüsselte Kommunikation ist ein Muss im Internet, die neuen Protokolle SPDY und HTTP/2 verpflichten quasi sogar dazu. Eine wichtige Frage die bleibt, ist, wie stark die Verschlüsselung sich auf die Leistung der Webkommunikation auswirkt. Vor etwas mehr als zehn Jahren variierte der Mehraufwand für den Einsatz von Transport Layer Security (TLS) zwischen einem Faktor von 3,5 und 9 gegenüber einer unverschlüsselten Kommunikation. Die Anforderungen an verschlüsselte Kommunikation sind in den letzten Jahren stark angestiegen und sehr viele Verfahren haben sich als unsicher und problematisch erwiesen. Schlüssellängen sind angewachsen und aufwendigere Verfahren kommen zum Einsatz für den Schlüsselaustausch. Es stellt sich somit die Frage ob schnellere Hardware, Webser- ver, Algorithmen und Implementierungen – wie damals angenommen – den Mehraufwand verschwindend gering machen, oder gegenwärtige Technologien nicht mit den erhöhten Anforderungen mithalten können.
    [Show full text]