一种基于DNS的零信任增强认证系统设计OA

The article addresses the security risks associated with the widespread reuse of certificates in current HTTPS applica-tions.Drawing on the idea of dynamic authorization of security policies in the Zero Trust model,it proposes a solution that en-hances authentication capabilities by leveraging the existing Internet infrastructure,specifically DNS.This solution involves dy-namically authenticating HTTPS access requests by adding enhanced authentication information to existing DNS authoritative serv-ers.By doing so,it enables real-time validation of the security status of current HTTPS certificates.This approach effectively tackles the security issues arising from the common practice of certificate reuse in HTTPS,utilizing the trusted and readily availa-ble DNS infrastructure.It represents a flexible,efficient,and scalable Zero Trust security enhancement authentication framework.