Eastlake, D., "DNS Request and Transaction Signatures  Home/Search   Document Not in Database   Summary   Related Articles   Check

....time the RR can be cached. 2.2 Overview of DNSSEC The rst RFC on securing DNS was published in 1997 [18] Since then, several documents (research papers, internet drafts, and RFCs) have been published on this topic. In this section, we summarize the basic concepts of secure DNS as described in [20, 25, 27]. The primary goal of DNSSEC is to provide authentication and integrity for data received from the DNS database. This is done via digital signature schemes based on publickey cryptography. A possible approach is to sign each DNS message. The general idea is that each node in the DNS tree is ....

....supported by DNSSEC. The Die Hellman key agreement protocol is also supported [24, 26] Two di erent kinds of signatures for DNS messages as a whole are currently de ned: transaction signatures (TSIGs) 25] based on symmetric techniques, and public key signatures which are abbreviated by SIG(0) [27]. TSIG signatures have been introduced mainly for transactions between local servers, for instance between the resolver and the stub resolver. It is convenient to use TSIG to secure dynamic updates or zone transfers between master and slave servers. SIG(0) is similar to TSIG but employs public key ....

[Article contains additional citation context not shown here]

Eastlake, D., \DNS Request and Transaction Signatures (SIG(0)s)", RFC 2931, September 2000.

....the related TKEY key exchange method, and the GSS API TSIG TKEY mechanism. None of these methods encrypt the messages, since DNS data is usually considered public. DNSSEC request and transaction signatures, or SIG(0)s for short, specify a strong authentication method using public key cryptography [8, 9]. They can be used to protect and authenticate DNS requests and responses. The solution is scalable: the public key of a server or resolver is stored in DNS as a KEY RR and can be found easily by anyone who wants to authenticate it. Unfortunately, public key cryptographic operations can be ....

....so it does not need to be signed. Authorizer: POLICY Licensees: TSIG:johng key Conditions: app domain= dyndns ) zone= helsinki.example.com ) name= johng.helsinki.example.com ) type= A ) operation = delete ) operation= add ) rdata = 192 .168 .150 . [0 9] ) Example 3: Now Alice is the owner of the DNS server at a big ISP hosting hundreds of zones. Some of Alice s clients want to be able to easily update data in their own zones. Alice is obviously not going to take the risk of letting its clients modify the configuration files of her name ....

[Article contains additional citation context not shown here]

Donald E. Eastlake. DNS request and transaction signatures (SIG(0)s). RFC 2931, IETF, September 2000.

No context found.

Eastlake, D., "DNS Request and Transaction Signatures

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC