Security - News

Reviewers of the draft revised Guidelines should note the following differences and additions:
(1) Updated Recommendations for all cryptographic operations relating to digital signing of DNS records, verification of the signatures, Zone Transfer, Dynamic Updates, key Management and Authenticated Denial of Existence.
(2) The additional IETF RFC documents that have formed the basis for the updated recommendations include: DNNSEC Operational Practices (RFC 4641), Automated Updates for DNS Security (DNSSEC) Trust Anchors (RFC 5011), DNS Security (DNSSEC) Hashed Authenticated Denial of Existence (RFC 5155) and HMAC SHA TSIG Algorithm Identifiers (RFC 4635).
(3) The FIPS standards and NIST guidelines incorporated into the updated recommendations include: The Keyed-Hash Message Authentication Code (HMAC) (FIPS 198-1), Digital Signature Standard (FIPS 186-3) and Recommendations for Key Management (SP 800-57P1 & SP 800-57P3).
(4) Illustration of Secure configuration examples using DNS Software offering NSD, in addition to BIND.

Autor: JP

Heuristické vyhledání souvisejících článků v archívu NEWS

• Vyšlo rfc. 5155 - DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
• Rfc.5011 - Automated Updates of DNS Security (DNSSEC) Trust Anchors
• Americký NIST vydal FIPS 198--1 The Keyed-Hash Message Authentication Code (HMAC)
• NIST - draft FIPS 198-1 (HMAC)
• NIST - SP 800-81 Secure Domain Name System (DNS) Deployment Guide,