Jump to content

Generic Security Service Algorithm for Secret Key Transaction

Add links
From Wikipedia, the free encyclopedia
This is the current revision of this page, as edited by Jon Kolbert (talk | contribs) at 06:33, 26 August 2017 (Updating links from HTTP→HTTPS for Microsoft TechNet). The present address (URL) is a permanent link to this version.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is an extension to the TSIG DNS authentication protocol for secure key exchange. It is a GSS-API algorithm which uses Kerberos for passing security tokens to provide authentication, integrity and confidentiality.

GSS-TSIG (RFC 3645) uses a mechanism like SPNEGO with Kerberos or NTLM. In Windows, this implementation is called Secure Dynamic Update.[1]

GSS-TSIG uses TKEY records for key exchange between the DNS client and server in GSS-TSIG mode. For authentication between the DNS client and Active Directory, the AS-REQ, AS-REP, TGS-REQ, TGS-REP exchanges must take place for granting of ticket and establishing a security context. The security context has a limited lifetime during which dynamic updates to the DNS server can take place.

References

[edit]
  1. ^ Secure Dynamic Update: Windows 2000 DNS - MSDN
Retrieved from "https://en.wikipedia.org/w/index.php?title=Generic_Security_Service_Algorithm_for_Secret_Key_Transaction&oldid=797307005"