From 828384231f215dcc9c3a94beaecf6c30450dc811 Mon Sep 17 00:00:00 2001 From: Christoffer Date: Sun, 10 Sep 2017 00:11:07 +0200 Subject: [PATCH] DNS: describe ksk and zsk --- acronyms.tex | 2 ++ chapter/dns.tex | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/acronyms.tex b/acronyms.tex index b5d2d46..db49b09 100644 --- a/acronyms.tex +++ b/acronyms.tex @@ -86,6 +86,7 @@ \newacronym{isp}{ISP}{Internet Service Provider} \newacronym{ixp}{IXP}{Internet Exchange Point} \newacronym{junos}{JUNOS}{Juniper Network Operating System} +\newacronym{ksk}{KSK}{Key Signing key} \newacronym{l2}{L2}{Layer 2} \newacronym{l2vpn}{L2VPN}{Layer 2 Virtual Private Network} \newacronym{l3}{L3}{Layer 3} @@ -181,4 +182,5 @@ \newacronym{wlan}{WLAN}{Wireless Local Area Network} \newacronym{wred}{WRED}{Weighted Random Early Detection} \newacronym{zbc}{ZBC}{Zealand Business School} +\newacronym{zsk}{ZSK}{Zone Signing Key} \newacronym{aaa}{AAA}{Authentication, Authorization, Accounting} diff --git a/chapter/dns.tex b/chapter/dns.tex index 8731e11..ef2e57e 100644 --- a/chapter/dns.tex +++ b/chapter/dns.tex @@ -6,4 +6,11 @@ \section[KSK]{Key Signing Key} -\subsection[Rollover]{Key Signing Key Rollover} \ No newline at end of file +The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust. + +A prime example of this the current \gns{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.} + +The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}. + +\subsection[Rollover]{Key Signing Key Rollover} +