Generic Security Service Algorithm for Secret Key Transaction

Generic Security Service Algorithm for Secret Key Transaction

GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is an authentication protocol for DNS, which is the extension to TSIG Protocol. The GSS-TSIG is a frame work of GSS-API to provide authentication, integrity and confidentiality.

GSS-TSIG (RFC 3645) uses frame work like Spengo with authentication protocol Kerberos or NTLM.

GSS-TSIG uses TKEY for exchange of key between DNS client and server in GSS-TSIG mode. For authentication(Kerberos) between DNS client and ADS of windows version, the AS-REQ,AS-REP,TGS-REQ,TGS-REP,these steps should take place for authentication and granting of ticket. after successful these steps the security context established between ADS (active directory server) and client.

Then remaining steps between DNS client and server for key exchange and authentication with DNS server.

The key exchange method can be done with TKEY in GSS-API mode and then dynamic updates to DNS server can take place with TSIG protocol.

Hence the GSS-TSIG is combination of TSIG, GSS-API (kerberos with spengo) and TKEY.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • TSIG — (Transaction SIGnature) is a computer networking protocol definedin RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a Dynamic DNS database. TSIG uses shared secret keys and one way… …   Wikipedia

  • TSIG — Le protocole de réseau TSIG (transaction signature ou signature de transaction) est décrit dans la RFC 2845. Il est principalement utilisé par le système des noms de domaine (DNS) pour fournir une forme d authentification pour les mises à jour… …   Wikipédia en Français

  • TKEY record — TKEY is a record type of the Domain Name System.TKEY RR can used in number of different modes to establish shared keys between a DNS resolver and Server. TKEY record format Mode Field values * 0 Reserved * 1 Server assignment * 2 Diffie Hellman… …   Wikipedia

  • Domain Name System — The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the… …   Wikipedia

  • cryptology — cryptologist, n. cryptologic /krip tl oj ik/, cryptological, adj. /krip tol euh jee/, n. 1. cryptography. 2. the science and study of cryptanalysis and cryptography. [1635 45; < NL cryptologia. See CRYPTO , LOGY] * * * Introduction …   Universalium

  • Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”