Sébastien Barré's blog

LinShim6 0.8 released

Tue, 07/15/2008 - 15:43 by Sébastien Barré • Categories:

LinShim6 0.8 has been released.

LinShim6 is an implementation of the Shim6 protocol, that provides host-centric multihoming capabilities to IPv6.
The major new feature present in version 0.8 is the support for locator updates, that is, the peer is now informed when new locators become locally available.
More information here : http://inl.info.ucl.ac.be/LinShim6

Observations from the DNSSEC deployment

Tue, 05/20/2008 - 15:43 by Sébastien Barré • Categories:

This paper by E. Osterwell, D. Massey and L. Zhang describes the experience learned from their tool, secspider (http://secspider.cs.ucla.edu/).

After introducing DNSSEC, they show that DNSSEC is currently not widely deployed, and many "islands of security" exists. An island of security is a (set of) zone(s) that have deployed DNSSEC, but their parent have not DNSSEC. Thus the trust chain cannot be established. In particular the root servers have not enabled DNSSEC.

IP Address Authorization for Secure Address Proxying using Multi-key CGAs and RING Signatures

Mon, 05/19/2008 - 16:43 by Sébastien Barré • Categories:

That paper from Kempf, Wood, Ramzan and Gentry proposes to use multi-key CGAs as a way to secure address proxying.

Examples of address proxying include proxy-SEND (previously proxy-arp for IPv4), or Mobile IPv6, where the home agent locally claims ownership of an adress, on behalf of its real owner, because the owner is away from the network.

Pure SEND does not work in those cases, since it relies on a private key, that is not known by the proxy.

Syndicate content