Lazy Hacker

Certificate Transparency is the open-source framework for the certificate authorities (CAs) under which they log the certificates to the domain name owners. In this way, anyone can see which CA has issued a certificate for which domains. It is like the inventory of all certificates, certificate authorities, and domains. Why do we need Certificate Transparency? By compromising the infrastructure of the certificate authority, the adversary can maliciously issue the certificates by the certificate authority without the consent of CA. The certificate authority can mistakenly issue a certificate to the wrong owner. The problem with the previous CAs infrastructure was that there was no effective way to audit or monitor SSL certificates in real-time. So, when any missteps or malicious activities happen, the suspect certificate was not usually detected and revoked for weeks or months. These miss issues of certificates were used to spoof a legitimate website or to install malicious software etc...

  Domain Name System Security Extensions (DNSSEC) is used to protect the integrity and authenticity of the data in DNS by establishing a chain of trust. Before an understanding of DNSSEC, first, understand the basics of DNS: What are the DNS functionalities? DNS is used to translate the domain names to IP addresses or vice-versa. DNS works on both TCP and UDP but normally works on UDP port 53. TCP port 53 used when very large requests and responses, for example, Zone Transfer. www.example.com  = 192.168.1.10 192.168.1.10 =  www.example.com Why DNS? Domain names are alphabet and they are easier to remember that is why we user domain name. In the old solution, the host.txt file needs to be regularly update that was distributed to all hosts on the Internet. Issues with old solutions are: The file becomes huge after some time Need to regularly update Need to maintain name uniqueness How does it work? When you enter a domain name in the browser ( www.google.com ), it first tri...