DNSSEC stands for Domain Name System Security Extensions, and comprises a suite of protocols to protect against DNS Spoofing, cache poisoning and man-in-the-middle attacks.
A scenario in layman's terms would be an attack that sends a user to a fake copy of your site. E-commerce and SaaS platforms in particular must take care to ensure they use DNSSEC for added protection.
DNSSEC can be skipped for very early stage projects where DNS server settings may change frequently.
Multi-signer DNSSEC is an additional way to implement DNNSEC. An RFC covers this (note that it is not an Internet Standard however), with contributors from Salesforce and Verisign.
No comments:
Post a Comment