Read Paper (in PDF)
John Jones
University of California - Riverside
USA
Daniel Berger
University of California - Riverside
USA
Chinya Ravishankar
University of California - Riverside
USA
We present the Internet Key Service (IKS), a distributed architecture for authenticated distribution of public keys, layered on Secure DNS (DNSSEC). Clients use DNSSEC to securely discover the identities of the relevant IKS key registration and distribution servers, and send their key lookup or management requests directly to these servers using a special-purpose protocol. Clients validate and authenticate keys retrieved from IKS servers using key commitments published in DNSSEC.
IKS derives its authentication authority from the authority DNS domains have over names. The IKS architecture is loosely coupled with DNS to minimize the overhead on DNS servers. We also present RIKS, a prototype IKS implementation.
Keywords: Secure DNS, Public Key Distribution