RFC 2065:Domain Name System Security Extensions
RFC-Ref

1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z

transaction

Click on the red underlined text to get to the source

1. Overview of Contents
... Section 2 provides an overview of the extensions and the key distribution, data origin authentication, and transaction and request security they provide. ...
... DNS and optionally to authenticate DNS transactions and requests. ...


2. Overview of the DNS Extensions
... below, data origin authentication as described in Section 2.3 below, and transaction and request authentication, described in Section 2.4 below. ...
... RR(s) may be signed with the entity's key. The other is for support of transaction and request authentication as described in Section 2.4 immediately below. ...
... DNS Transaction and Request Authentication ...
... If header bits are falsely set by a server, there is little that can be done. However, it is possible to add transaction authentication. Such authentication ...
... The private keys used in transaction and request security belongs to the host ...


3. The KEY Resource Record
... public key used in connection with the optional DNS transaction authentication service if the owner name is a DNS server ...


4. The SIG Resource Record
... Transaction and Request SIGs ...
... SIG as the last item in the additional information section to authenticate the transaction. ...
... data = full response (less final transaction SIG) | full query ...
... Verification of the transaction SIG (which is signed by the server ...
... begining or any preceding request SIGs at the end. Such request SIGs are included in the "data" used to form any optional response transaction SIG. ...
... 5. Optionally, DNS transactions may be authenticated by a SIG RR ...
... SHOULD be zero. To conserve space, the owner name SHOULD be root (a single zero octet). If transaction authentication is desired, that SIG ...
... RR in a response in the additional information section and has a type covered of zero, it is a transaction signature of the response and the query that produced the ...
... query that produced the response. It MAY be optionally checked and the message rejected if the checks fail. But even if the checks succeed, such a transaction authentication SIG ...
... authenticate RRs. If a resolver does not implement transaction and/or request SIGs, it MUST ignore them without error. ...
... file [RFC1033] but there are some special considerations as described below. (It does not make sense to include a transaction or request authenticating SIG RR ...
... RR in a file as they are a transient authentication that covers data including an ephemeral transaction number and so must be calculated in real time.) ...


6. The AD and CD Bits and How to Resolve Securely
... trust the server they are talking to and either have a secure path to it or use DNS transaction security. ...


7. Operational Considerations
... real-time purposes such as DNS transaction security, IPSEC session ...


9. Security Considerations
... authentication, public key distribution, and optional transaction and request security. ...

1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org