blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
6. The AD and CD Bits and How to Resolve Securely Connected: An Internet Encyclopedia
6. The AD and CD Bits and How to Resolve Securely

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Prev: 5.6 Special Considerations at Delegation Points
Next: 6.1 The AD and CD Header Bits

6. The AD and CD Bits and How to Resolve Securely

6. The AD and CD Bits and How to Resolve Securely

Retrieving or resolving authentic data from the Domain Name System (DNS) involves starting with one or more trusted public keys for one or more zones. With trusted keys, a resolver willing to perform cryptography can progress securely through the secure DNS zone structure to the zone of interest as described in Section 6.3. Such trusted public keys would normally be configured in a manner similar to that described in Section 6.2. However, as a practical matter, a security aware resolver would still gain some confidence in the results it returns even if it was not configured with any keys but trusted what it got from a local well known server as a starting point.

Data stored at a security aware server needs to be internally categorized as Authenticated, Pending, or Insecure. There is also a fourth transient state of Bad which indicates that all SIG checks have explicitly failed on the data. Such Bad data is not retained at a security aware server. Authenticated means that the data has a valid SIG under a KEY traceable via a chain of zero or more SIG and KEY RRs to a KEY configured at the resolver via its boot file. Pending data has no authenticated SIGs and at least one additional SIG the resolver is still trying to authenticate. Insecure data is data which it is known can never be either Authenticated or found Bad because it is in or has been reached via a non-secured zone. Behavior in terms of control of and flagging based on such data labels is described in Section 6.1.

The proper validation of signatures requires a reasonably secure shared opinion of the absolute time between resolvers and servers as described in Section 6.4.


Next: 6.1 The AD and CD Header Bits

Connected: An Internet Encyclopedia
6. The AD and CD Bits and How to Resolve Securely

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609