@techreport{oai:ipsj.ixsq.nii.ac.jp:00233056,
 author = {村上, 登志男 and 山井, 成良 and 金, 勇 and 中川, 令 and 根木, 湧人 and Toshio, Murakami and Nariyoshi, Yamai and Yong, Jin and Rei, Nakagawa and Yuto, Motogi},
 issue = {36},
 month = {Mar},
 note = {本研究では，DNS over TLS（DoT）に対応した権威 DNS サーバを用いた関連ドメイン検証における追加証明書の検証速度の向上について検討した．DNS の基本的なセキュリティ問題に対処するため，DNSSEC および DANE 技術の導入状況を概説し，プライバシー保護を強化するための DoT などの技術の発展を紹介した．さらに，DoT 対応権威 DNS サーバが提供する X.509 証明書を利用して，権威 DNS サーバが提供するゾーンの信頼性およびドメイン間の関係性を検証する方法の高速化を提案し，構築した検証環境での実験結果を報告した．この方法は，PKIX ツリーによらない DNS-based Authentication of Named Entities (DANE) を用いることで，プライベート証明書を利用し，ドメイン間の関係性を正確に識別することが可能である．本稿では，検証プロセスの実行時間も短縮できることが確認された．, In this study, we examined how to improve the speed of verifying additional certificates in related domain verification using an authoritative DNS server that supports DNS over TLS (DoT). To address fundamental DNS security issues, we outlined the deployment of DNSSEC and DANE technologies, and introduced developments in technologies such as DoT for enhanced privacy protection. Furthermore, we proposed an accelerated method for verifying the reliability of zones and relationships between domains provided by authoritative DNS servers using X.509 certificates provided by DoT-enabled authoritative DNS servers and reported the results of experiments in a verification environment we have built. We report the results of experiments in a verification environment that uses DNS-based Authentication of Named Entities (DANE), which does not rely on the PKIX tree, to accurately identify the relationship between domains using private certificates, and to reduce the execution time of the verification process. It was also confirmed that DANE reduces the execution time of the verification process.},
 title = {DoT対応権威サーバを用いた関連ドメイン検証における追加証明書検証高速化の検討},
 year = {2024}
}