Domain Name System Security Extensions (DNSsec)
- Provides integrity to DNS
- No privacy
- Leverages digital signatures
- Different sizes of data can be treated the same way, we take this data and run it through a hashing algorithm
- This produces a Digest or a checksum
- So long that the data is never altered the digest will always be the same.
- When someone takes that digest and encrypts it with a private key
- Encrypted by private - decrypted by private
- Encrypted by public - decrypted by public
- Backwards compatible
- With DNS systems that do not support any security.
- Slow adoption
- The defensive side has not been really quick from implementing DNSsec
DNSsec and Digital Signatures
- Authoritative Name Server will share its public key
- Users can encrypt messages within public key
- Server decrypts using its private key
- Responses can be digitally signed
- Signatures can be verified using public key
- Basically just an encrypted hash