Movatterモバイル変換

[0]ホーム
URL:

Search RFCs

Advanced Search

RFC Editor

STD 74

RFC 5011

Automated Updates of DNS Security (DNSSEC) Trust Anchors,September 2007

File formats:
icon for text fileicon for PDFicon for HTML
Status:
INTERNET STANDARD (changed from PROPOSED STANDARD)
Author:
M. StJohns
Stream:
IETF
Source:
dnsext (int)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC5011

Discuss this RFC: Send questions or comments to the mailing listdnsext@ietf.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 5011

Abstract

This document describes a means for automated, authenticated, andauthorized updating of DNSSEC "trust anchors". The method providesprotection against N-1 key compromises of N keys in the trust pointkey set. Based on the trust established by the presence of a currentanchor, other anchors may be added at the same place in thehierarchy, and, ultimately, supplant the existing anchor(s).

This mechanism will require changes to resolver management behavior(but not resolver resolution behavior), and the addition of a singleflag bit to the DNSKEY record. [STANDARDS-TRACK]

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.



IABIANAIETFIRTFISEISOCIETF Trust
ReportsPrivacy StatementSite MapContact Us

Advanced Search
[8]ページ先頭
©2009-2026 Movatter.jp