Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
DANE with OpenSSL: PKIX certificate authentication throughDNS using OpenSSL
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology.
2012 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Background

X.509 is an ITU standard for a public key infrastructure (PKI), which specifies, among other things, formats for public key certificates, certificate requests, certificate revocation lists and certification path validation algorithm. The X.509 standard was primarily designed to support the X.500 structure. However, today’s use cases centre mostly on the Internet. IETF’s Public-Key  Infrastructure (X.509) working group has adapted the standard to the requirements and structure  of the Internet. RFC 5280 specifies the PKIX Certificate and CRL Profile of the X.509v3 certificate standard. PKIX certificates are used for validating the identity or identities of the communicating parties, and optionally establishing secure keying material for protection  of a message or a communications channel. Authentication and establishment of a secure communications channel on top of TCP with the Transport Layer Security protocol (TLS, RFC 5247) or the Secure Sockets Layer protocol (SSL) is probably the most common application of PKIX on the Internet. The IETF is converging on a standard for integration of X.509 Public Key Infrastructure with DNS and DNSSEC (DANE). In order to reach wide adoption, the concept must be validated through interoperability tests between multiple independent implementations.

Results

An implementation of the DANE standard has been demonstrated  through an extension to the OpenSSL library. All use cases in the DANE standard has been validated to work as documented in the standard.

Conclusions

The DANE standard is implementable and reaches the results it sets out to achieve.

Place, publisher, year, edition, pages
2012.
Series
IT, 12 027
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:uu:diva-176749OAI: oai:DiVA.org:uu-176749DiVA: diva2:537024
Educational program
Bachelor Programme in Computer Science
Uppsok
Technology
Supervisors
Examiners
Available from: 2012-06-28 Created: 2012-06-25 Last updated: 2012-06-28Bibliographically approved

Open Access in DiVA

fulltext(461 kB)656 downloads
File information
File name FULLTEXT02.pdfFile size 461 kBChecksum SHA-512
bb6b0b4306a9b57badedde14f19b10d062ef6fed8dcc53e477d26945b9a56bd4e7c826555bdc0ec36dce684f96f444c83b241bc332193837688f3559bcd2e377
Type fulltextMimetype application/pdf

By organisation
Department of Information Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 656 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 645 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf