Title:
Roll, Roll, Roll Your Root: A Comprehensive Analysis of the First Ever DNSSEC Root KSK Rollover
ID:
Muller:2019:RRR:3355369.3355570
Publication:
Proceedings of the Internet Measurement Conference
Authors:
M\"uller, Moritz and Thomas, Matthew and Wessels, Duane and Hardaker, Wes and Chung, Taejoong and Toorop, Willem and Rijswijk-Deij, Roland van
Date:
2019
PDF:
https://www.isi.edu/~hardaker/papers/2019-10-ksk-roll.pdf
URL:
http://doi.acm.org/10.1145/3355369.3355570
DOI:
10.1145/3355369.3355570
Title:
Cache Me If You Can: Effects of DNS Time-to-Live
ID:
Moura:2019:CMY:3355369.3355568
Publication:
Proceedings of the Internet Measurement Conference
Authors:
Moura, Giovane C. M. and Heidemann, John and Schmidt, Ricardo de O. and Hardaker, Wes
Date:
2019
PDF:
https://www.isi.edu/~hardaker/papers/2019-10-cache-me-ttls.pdf
URL:
http://doi.acm.org/10.1145/3355369.3355568
DOI:
10.1145/3355369.3355568
Title:
Analyzing and Mitigating Privacy with the DNS Root Service
ID:
wjh:ndss2018dnsprivacy
Publication:
Proceedings of the NDSS DNS Privacy Workshop
Authors:
Wes Hardaker
Date:
2018/02
URL:
http://www.isi.edu/%7ehardaker/papers/2018-02-ndss-analyzing-root-privacy.pdf
Title:
Verfploeter: Broad and Load-Aware Anycast Mapping
ID:
Vries17b
Publication:
Proceedings of the ACM Internet Measurement Conference
Authors:
de Vries, Wouter B. and de O. Schmidt, Ricardo and Hardaker, Wes and Heidemann, John and de Boer, Pieter-Tjerk and Pras, Aiko
Date:
2017
PDF:
http://www.isi.edu/%7ejohnh/PAPERS/Vries17b.pdf
URL:
http://www.isi.edu/%7ejohnh/PAPERS/Vries17b.html
DOI:
https://doi.org/10.1145/3131365.3131371
Title:
Enabling DNSSEC in Open Source Applications
ID:
hardaker2011enabling
Publication:
Securing and Trusting Internet Names, SATIN 2012
Authors:
Hardaker, Wes and Krishnaswamy, Suresh
Date:
2012
PDF:
http://www.isi.edu/%7ehardaker/papers/2012-hardaker-enabling-dnssec.pdf
URL:
http://www.isi.edu/%7ehardaker/papers/2012-hardaker-enabling-dnssec.pdf
Title:
DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC
ID:
4804422
Publication:
2009 Cybersecurity Applications Technology Conference for Homeland Security
Authors:
S. Krishnaswamy and W. Hardaker and R. Mundy
Date:
2009/03
URL:
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4804422
DOI:
10.1109/CATCH.2009.21
Title:
DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC
ID:
wes:dnssecinpractice
Publication:
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications \& Technology
Authors:
Suresh Krishnaswamy and Wes Hardaker and Russ Mundy
Date:
2009/03
URL:
http://ieeexplore.ieee.org/abstract/document/4804422/
Abstract: The Domain Name System (DNS) is one of the core infrastructure components of the Internet. DNS data is also trivial to spoof. The security extensions to DNS (DNSSEC) provide a mechanism for users to verify the origin authenticity and integrity of DNS data based on cryptographic signatures. DNSSEC as a technology has steadily matured over the past several years and a number of tools and services that facilitate performing DNSSEC-related operations have emerged during this period. This paper gives an overview of using existing tools and utilities from the DNSSEC-Tools 1 suite to build environments that support DNSSEC along the complete path from the authoritative name server where domain data resides to the end-application that uses DNS data.
Title:
Justification and Requirements for a National DDoS Defense Technology Evaluation Facility
ID:
hardaker2002justification
Publication:
Network Associates Laboratories Report
Authors:
Hardaker, Wes and Kindred, Darrell and Ostrenga, Ron and Sterne, Dan and Thomas, Roshan
Date:
2002
Title:
Interactive Web-based tools for an introductory course in crystallography
ID:
wes:escher
Publication:
Journal of Applied Crystallography
Authors:
Gervais Chapuis and Wesley Hardaker
Date:
1999/12
URL:
https://doi.org/10.1107/S0021889899011152
DOI:
10.1107/S0021889899011152
Abstract: The new possibilities offered by the Java programming environment combined with the accessibility of the World Wide Web present new and interesting perspectives. It is thus now possible to perform simulations directly, using a Web browser, independently of the computer platform being used. Basic concepts of crystallography, \it i.e. crystal structures, point- and space-group symmetry, lattices, reciprocal lattices and diffraction principles can be illustrated utilizing interactive simulations written in Java. A number of such applications have been developed with the aim to facilitate the understanding of these crystallographic concepts to the newcomers in the field.
Title:
Design and implementation of a computer aided design environment for analog systems design
ID:
wes:thesis
Authors:
Wesley Hardaker
Date:
1994
URL:
https://search.library.ucdavis.edu:443/01UCD_V1:everything_scope:01UCD_ALMA21189886650003126
Title:
Block-diagram-level design capture, functional simulation, and layout assembly of analog CMOS ICs
ID:
current1993block
Publication:
Circuits and Systems, 1993., ISCAS'93, 1993 IEEE International Symposium on
Authors:
Current, K Wayne and Parker, Jim and Hardaker, Wes
Date:
1993
Title:
DNSSEC Roadblock Avoidance
ID:
rfc8027
Published:
RFC 8027 (Best Current Practice)
Authors:
W. Hardaker and O. Gudmundsson and S. Krishnaswamy
Date:
2016/11
URL:
https://www.rfc-editor.org/rfc/rfc8027.txt
DOI:
10.17487/RFC8027
Abstract: This document describes problems that a Validating DNS resolver, stub-resolver, or application might run into within a non-compliant infrastructure. It outlines potential detection and mitigation techniques. The scope of the document is to create a shared approach to detect and overcome network issues that a DNSSEC software/system may face.
Title:
The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance
ID:
rfc7671
Published:
RFC 7671 (Proposed Standard)
Authors:
V. Dukhovni and W. Hardaker
Date:
2015/10
URL:
https://www.rfc-editor.org/rfc/rfc7671.txt
DOI:
10.17487/RFC7671
Abstract: This document clarifies and updates the DNS-Based Authentication of Named Entities (DANE) TLSA specification (RFC 6698), based on subsequent implementation experience. It also contains guidance for implementers, operators, and protocol developers who want to use DANE records.
Title:
SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
ID:
rfc7672
Published:
RFC 7672 (Proposed Standard)
Authors:
V. Dukhovni and W. Hardaker
Date:
2015/10
URL:
https://www.rfc-editor.org/rfc/rfc7672.txt
DOI:
10.17487/RFC7672
Abstract: This memo describes a downgrade-resistant protocol for SMTP transport security between Message Transfer Agents (MTAs), based on the DNS-Based Authentication of Named Entities (DANE) TLSA DNS record. Adoption of this protocol enables an incremental transition of the Internet email backbone to one using encrypted and authenticated Transport Layer Security (TLS).
Title:
Child-to-Parent Synchronization in DNS
ID:
rfc7477
Published:
RFC 7477 (Proposed Standard)
Authors:
W. Hardaker
Date:
2015/03
URL:
https://www.rfc-editor.org/rfc/rfc7477.txt
DOI:
10.17487/RFC7477
Abstract: This document specifies how a child zone in the DNS can publish a record to indicate to a parental agent that the parental agent may copy and process certain records from the child zone. The existence of the record and any change in its value can be monitored by a parental agent and acted on depending on local policy.
Title:
Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)
ID:
rfc6353
Published:
RFC 6353 (Internet Standard)
Authors:
W. Hardaker
Date:
2011/07
URL:
https://www.rfc-editor.org/rfc/rfc6353.txt
DOI:
10.17487/RFC6353
Abstract: This document describes a Transport Model for the Simple Network Management Protocol (SNMP), that uses either the Transport Layer Security protocol or the Datagram Transport Layer Security (DTLS) protocol. The TLS and DTLS protocols provide authentication and privacy services for SNMP applications. This document describes how the TLS Transport Model (TLSTM) implements the needed features of an SNMP Transport Subsystem to make this protection possible in an interoperable way. This Transport Model is designed to meet the security and operational needs of network administrators. It supports the sending of SNMP messages over TLS/TCP and DTLS/UDP. The TLS mode can make use of TCP's improved support for larger packet sizes and the DTLS mode provides potentially superior operation in environments where a connectionless (e.g., UDP) transport is preferred. Both TLS and DTLS integrate well into existing public keying infrastructures. This document also defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular, it defines objects for managing the TLS Transport Model for SNMP. [STANDARDS-TRACK]
Title:
Requirements for Management of Name Servers for the DNS
ID:
rfc6168
Published:
RFC 6168 (Informational)
Authors:
W. Hardaker
Date:
2011/05
URL:
https://www.rfc-editor.org/rfc/rfc6168.txt
DOI:
10.17487/RFC6168
Abstract: Management of name servers for the Domain Name System (DNS) has traditionally been done using vendor-specific monitoring, configuration, and control methods. Although some service monitoring platforms can test the functionality of the DNS itself, there is not an interoperable way to manage (monitor, control, and configure) the internal aspects of a name server itself. This document discusses the requirements of a management system for name servers and can be used as a shopping list of needed features for such a system. This document is not an Internet Standards Track specification; it is published for informational purposes.
Title:
Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)
ID:
rfc5953
Published:
RFC 5953 (Proposed Standard)
Authors:
W. Hardaker
Date:
2010/08
URL:
https://www.rfc-editor.org/rfc/rfc5953.txt
DOI:
10.17487/RFC5953
Abstract: This document describes a Transport Model for the Simple Network Management Protocol (SNMP), that uses either the Transport Layer Security protocol or the Datagram Transport Layer Security (DTLS) protocol. The TLS and DTLS protocols provide authentication and privacy services for SNMP applications. This document describes how the TLS Transport Model (TLSTM) implements the needed features of a SNMP Transport Subsystem to make this protection possible in an interoperable way. This Transport Model is designed to meet the security and operational needs of network administrators. It supports the sending of SNMP messages over TLS/TCP and DTLS/UDP. The TLS mode can make use of TCP's improved support for larger packet sizes and the DTLS mode provides potentially superior operation in environments where a connectionless (e.g., UDP) transport is preferred. Both TLS and DTLS integrate well into existing public keying infrastructures. This document also defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular, it defines objects for managing the TLS Transport Model for SNMP. [STANDARDS-TRACK]
Title:
Transport Security Model for the Simple Network Management Protocol (SNMP)
ID:
rfc5591
Published:
RFC 5591 (Internet Standard)
Authors:
D. Harrington and W. Hardaker
Date:
2009/06
URL:
https://www.rfc-editor.org/rfc/rfc5591.txt
DOI:
10.17487/RFC5591
Abstract: This memo describes a Transport Security Model for the Simple Network Management Protocol (SNMP). This memo also defines a portion of the Management Information Base (MIB) for monitoring and managing the Transport Security Model for SNMP. [STANDARDS-TRACK]
Title:
Transport Security Model for the Simple Network Management Protocol (SNMP)
ID:
rfc5591
Published:
RFC 5591 (Internet Standard)
Authors:
D. Harrington and W. Hardaker
Date:
2009/06
URL:
https://www.rfc-editor.org/rfc/rfc5591.txt
DOI:
10.17487/RFC5591
Abstract: This memo describes a Transport Security Model for the Simple Network Management Protocol (SNMP). This memo also defines a portion of the Management Information Base (MIB) for monitoring and managing the Transport Security Model for SNMP. [STANDARDS-TRACK]
Title:
Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)
ID:
rfc5592
Published:
RFC 5592 (Proposed Standard)
Authors:
D. Harrington and J. Salowey and W. Hardaker
Date:
2009/06
URL:
https://www.rfc-editor.org/rfc/rfc5592.txt
DOI:
10.17487/RFC5592
Abstract: This memo describes a Transport Model for the Simple Network Management Protocol (SNMP), using the Secure Shell (SSH) protocol. This memo also defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for monitoring and managing the Secure Shell Transport Model for SNMP. [STANDARDS-TRACK]
Title:
IPsec Security Policy Database Configuration MIB
ID:
rfc4807
Published:
RFC 4807 (Proposed Standard)
Authors:
M. Baer and R. Charlet and W. Hardaker and R. Story and C. Wang
Date:
2007/03
URL:
https://www.rfc-editor.org/rfc/rfc4807.txt
DOI:
10.17487/RFC4807
Abstract: This document defines a Structure of Management Information Version 2 (SMIv2) Management Information Base (MIB) module for configuring the security policy database of a device implementing the IPsec protocol. The policy-based packet filtering and the corresponding execution of actions described in this document are of a more general nature than for IPsec configuration alone, such as for configuration of a firewall. This MIB module is designed to be extensible with other enterprise or standards-based defined packet filters and actions. [STANDARDS-TRACK]
Title:
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
ID:
rfc4509
Published:
RFC 4509 (Proposed Standard)
Authors:
W. Hardaker
Date:
2006/05
URL:
https://www.rfc-editor.org/rfc/rfc4509.txt
DOI:
10.17487/RFC4509
Abstract: This document specifies how to use the SHA-256 digest type in DNS Delegation Signer (DS) Resource Records (RRs). DS records, when stored in a parent zone, point to DNSKEYs in a child zone. [STANDARDS-TRACK]