Security/DNSSEC-TLS: Difference between revisions

Jump to navigation Jump to search

Security/DNSSEC-TLS (view source)

Revision as of 21:22, 27 June 2011

15 bytes added ,  27 June 2011
m
→‎Background
Line 6: Line 6:
=Background=
=Background=


TLS sessions require a chain of trust to authenticate the server to the client. Currently this is achieved through a series of PKIX certificates that link the server's certificate to a trusted root certificate stored by the client. Trusted root certificates are issued by Certificate Authorities. Currently, nothing prevents any authority from signing a certificate for any domain name.
TLS sessions require a chain of trust to authenticate the server to the client. Currently this is achieved through a series of PKIX certificates that link the server's certificate to a trusted root certificate stored by the client. Trusted root certificates are issued by Certificate Authorities. Currently, no technical mechanism prevents any authority from signing a certificate for any domain name.


DNSSEC is a method of authenticating DNS records that also uses a chain of trust. In the case of DNSSEC, the trust structure is identical to the DNS hierarchy. For example, only the entity in charge of .com can sign the record that authenticates example.com, and only the (single) entity in charge of the (single) root can sign the record that authenticates .com.
DNSSEC is a method of authenticating DNS records that also uses a chain of trust. In the case of DNSSEC, the trust structure is identical to the DNS hierarchy. For example, only the entity in charge of .com can sign the record that authenticates example.com, and only the (single) entity in charge of the (single) root can sign the record that authenticates .com.
Dkeeler
Confirmed users
308

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/323065"

Navigation menu