DNS Extensions
The Domain Name System (DNS) [121,122,63,99] is a replicated hierarchical distributed database system that provides information fundamental to Internet operations, such as name to address translation (and vice-versa) and mail handling information. The basic documents are extended in [14,,] to provide for data origin authentication and public key distribution, all based on public key cryptography and public key based digital signatures. The Protocol DNSSEC (17) also includes the documents [58,203,204,106,48,,205,113,20].
Protocol DNSSEC should provide Authentication and Replay Protection (G1,2,3).
The Protocol TSIG (18) includes operations such as dynamic update with transaction signatures and secret key establishment. TSIG uses symmetric cryptography and is described in [198,,,203].
Protocol TSIG should provide Key Agreement (G1-3,7,12).
Protocol SIG(0) (19), a variant of the Transaction Signatures that uses asymmetric cryptography, where the public keys are stored in DNS, is presented in [60,163]
Protocol SIG(0) also should provide Key Agreement (G1-3,7,12).