Generic Security Service Algorithm for Secret Key Transaction
- Generic Security Service Algorithm for Secret Key Transaction
GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is an authentication protocol for DNS, which is the extension to TSIG Protocol. The GSS-TSIG is a frame work of GSS-API to provide authentication, integrity and confidentiality.
GSS-TSIG (RFC 3645) uses frame work like Spengo with authentication protocol Kerberos or NTLM.
GSS-TSIG uses TKEY for exchange of key between DNS client and server in GSS-TSIG mode. For authentication(Kerberos) between DNS client and ADS of windows version, the AS-REQ,AS-REP,TGS-REQ,TGS-REP,these steps should take place for authentication and granting of ticket. after successful these steps the security context established between ADS (active directory server) and client.
Then remaining steps between DNS client and server for key exchange and authentication with DNS server.
The key exchange method can be done with TKEY in GSS-API mode and then dynamic updates to DNS server can take place with TSIG protocol.
Hence the GSS-TSIG is combination of TSIG, GSS-API (kerberos with spengo) and TKEY.
Wikimedia Foundation.
2010.
Look at other dictionaries:
TSIG — (Transaction SIGnature) is a computer networking protocol definedin RFC 2845. It is used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a Dynamic DNS database. TSIG uses shared secret keys and one way… … Wikipedia
TSIG — Le protocole de réseau TSIG (transaction signature ou signature de transaction) est décrit dans la RFC 2845. Il est principalement utilisé par le système des noms de domaine (DNS) pour fournir une forme d authentification pour les mises à jour… … Wikipédia en Français
TKEY record — TKEY is a record type of the Domain Name System.TKEY RR can used in number of different modes to establish shared keys between a DNS resolver and Server. TKEY record format Mode Field values * 0 Reserved * 1 Server assignment * 2 Diffie Hellman… … Wikipedia
Domain Name System — The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the… … Wikipedia
cryptology — cryptologist, n. cryptologic /krip tl oj ik/, cryptological, adj. /krip tol euh jee/, n. 1. cryptography. 2. the science and study of cryptanalysis and cryptography. [1635 45; < NL cryptologia. See CRYPTO , LOGY] * * * Introduction … Universalium
Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… … Wikipedia
