Jump to first page
 -9
Motivation for DNSSEC
nDNSSEC protects against data spoofing and corruption
nDNSSEC (TSIG) provides mechanisms to authenticate servers
nDNSSEC (KEY/SIG/NXT) provides mechanisms to establish authenticity and integrity of data
n
nA secure DNS will be used as a public key infrastructure (PKI)
uHowever it is NOT a PKI
There are some technologies for which the use of the DNS for spreading key material is being considered. Opportunistic IP sec encryption by is one of those technologies. See the FreeSwan implementation.