TSIG (Transaction SIGnature) is a computer networking protocol defined in RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of identifying each endpoint of a connection as being allowed to make or respond to a DNS update.
| Property | Value |
|---|
| dbpprop:abstract
|
- TSIG (Transaction SIGnature) is a computer networking protocol defined in RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of identifying each endpoint of a connection as being allowed to make or respond to a DNS update. Although queries to DNS may be made anonymously, updates to DNS must be authenticated since they make lasting changes to the structure of the Internet naming system. The use of a key shared by the client making the update and the DNS server guarantees the authenticity of the update request. However, the update request may be passing over an insecure channel (the Internet). A one-way hashing function is used to prevent malicious observers from learning the secret key and using it to make their own modifications. A timestamp is included in the TSIG protocol to prevent recorded responses from being reused, which would allow an attacker to breach the security of TSIG. This places a requirement on dynamic DNS servers and TSIG clients to contain an accurate clock. Since DNS servers are connected to a network, Network Time Protocol may be used to provide an accurate time source. DNS updates, like queries, normally are transported via UDP since it requires lower overhead than TCP. However, DNS servers support both UDP and TCP requests.
- Ziel von TSIG (Transaction SIGnature) ist es, Authentizität von DNS-Partnern sicherzustellen und die Datenintegrität bei Transaktionen zu gewährleisten. Ein DNS-Teilnehmer soll damit verifizieren können, dass der Partner, mit dem er kommuniziert auch tatsächlich der ist, der er vorgibt zu sein und dass empfangene DNS-Nachrichten auf dem Transportweg nicht verfälscht wurden. TSIG wird hauptsächlich bei der Server-Server-Kommunikation eingesetzt und weniger bei der Client-Server-Kommunikation . Eine Verschlüsselung von DNS-Daten ist im Rahmen von TSIG nicht vorgesehen. Da DNS-Informationen grundsätzlich der Öffentlichkeit zur Verfügung gestellt werden, würde eine Verschlüsselung keinen nennenswerten Sicherheitsgewinn bedeuten.
|
| dbpprop:alt
| |
| dbpprop:hasPhotoCollection
| |
| dbpprop:wikiPageUsesTemplate
| |
| rdf:type
| |
| rdfs:comment
|
- TSIG (Transaction SIGnature) is a computer networking protocol defined in RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of identifying each endpoint of a connection as being allowed to make or respond to a DNS update.
- Ziel von TSIG (Transaction SIGnature) ist es, Authentizität von DNS-Partnern sicherzustellen und die Datenintegrität bei Transaktionen zu gewährleisten. Ein DNS-Teilnehmer soll damit verifizieren können, dass der Partner, mit dem er kommuniziert auch tatsächlich der ist, der er vorgibt zu sein und dass empfangene DNS-Nachrichten auf dem Transportweg nicht verfälscht wurden.
|
| rdfs:label
| |
| owl:sameAs
| |
| skos:subject
| |
| foaf:page
| |
| is owl:sameAs
of | |
![[RDF Data]](/statics/sw-cube.png)
