mirror of
https://gitlab.com/netravnen/NetworkLabNotes.git
synced 2024-12-26 21:07:55 +00:00
DNS: describe ksk and zsk
This commit is contained in:
parent
025ab2184b
commit
828384231f
|
@ -86,6 +86,7 @@
|
||||||
\newacronym{isp}{ISP}{Internet Service Provider}
|
\newacronym{isp}{ISP}{Internet Service Provider}
|
||||||
\newacronym{ixp}{IXP}{Internet Exchange Point}
|
\newacronym{ixp}{IXP}{Internet Exchange Point}
|
||||||
\newacronym{junos}{JUNOS}{Juniper Network Operating System}
|
\newacronym{junos}{JUNOS}{Juniper Network Operating System}
|
||||||
|
\newacronym{ksk}{KSK}{Key Signing key}
|
||||||
\newacronym{l2}{L2}{Layer 2}
|
\newacronym{l2}{L2}{Layer 2}
|
||||||
\newacronym{l2vpn}{L2VPN}{Layer 2 Virtual Private Network}
|
\newacronym{l2vpn}{L2VPN}{Layer 2 Virtual Private Network}
|
||||||
\newacronym{l3}{L3}{Layer 3}
|
\newacronym{l3}{L3}{Layer 3}
|
||||||
|
@ -181,4 +182,5 @@
|
||||||
\newacronym{wlan}{WLAN}{Wireless Local Area Network}
|
\newacronym{wlan}{WLAN}{Wireless Local Area Network}
|
||||||
\newacronym{wred}{WRED}{Weighted Random Early Detection}
|
\newacronym{wred}{WRED}{Weighted Random Early Detection}
|
||||||
\newacronym{zbc}{ZBC}{Zealand Business School}
|
\newacronym{zbc}{ZBC}{Zealand Business School}
|
||||||
|
\newacronym{zsk}{ZSK}{Zone Signing Key}
|
||||||
\newacronym{aaa}{AAA}{Authentication, Authorization, Accounting}
|
\newacronym{aaa}{AAA}{Authentication, Authorization, Accounting}
|
||||||
|
|
|
@ -6,4 +6,11 @@
|
||||||
|
|
||||||
\section[KSK]{Key Signing Key}
|
\section[KSK]{Key Signing Key}
|
||||||
|
|
||||||
|
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
|
||||||
|
|
||||||
|
A prime example of this the current \gns{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
|
||||||
|
|
||||||
|
The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}.
|
||||||
|
|
||||||
\subsection[Rollover]{Key Signing Key Rollover}
|
\subsection[Rollover]{Key Signing Key Rollover}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue