This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead fro...

We present a model of security monitoring that distinguishes between two types of logging and auditing, and from the model draw implications for the design and use of security monitoring mechanisms. We then demonstrate the usefulness of the model by analyzing several different monitoring mechanisms.

The basis of this paper is a comparative stud~ on German machine readable dictionaries which has been conducted during the last two years In connection with a research project financed by the German minister for science and technology. The aim of this project was to compare and to describe about 12 dictionaries, used in computer systems, in more or less conventional language analysis and synthe...

Reliable data delivery and congestion control are two fundamental transport layer functions. Due to the specific characteristics of Wireless Sensor Networks (WSNs), traditional transport layer protocols (e.g. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)) that are widely used in the Internet may not be suitable for WSNs. In this paper, the characteristics of WSNs are revi...

As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overv...

The characteristics of grid are outlined to point out that the traditional authorization mechanisms cannot satisfy the requirement of the grid security. Then the authorization mechanisms employed in five prevalent Grid Security Architectures are compared in terms of granularity assessment, flexibility of rights control, and achievement approach. Based on these, we propose several approaches tha...

This paper discusses progress in the verification of security protocols. Focusing on a small, classic example, it stresses the use of program-like representations of protocols, and their automatic analysis in symbolic and computational

A chargeable session on the Internet may consist of more than one underlying chargeable service. Typically there will be two, one at the network layer and one at the session layer. Since different applications can have different demands from the Network, a generic charging scheme has to separate the service provided by the network from the service provided by an application/service provider. In...

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling t...