Browse Prior Art Database

Domain Name System Security Extensions (RFC2065)

IP.com Disclosure Number: IPCOM000002616D
Original Publication Date: 1997-Jan-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 32 page(s) / 91K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

3rd: AUTHOR [+3]

Abstract

The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group D. Eastlake, 3rd

Request for Comments: 2065 CyberCash

Updates: 1034, 1035 C. Kaufman

Category: Standards Track Iris

January 1997

Domain Name System Security Extensions

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Abstract

The Domain Name System (DNS) has become a critical operational part

of the Internet infrastructure yet it has no strong security

mechanisms to assure data integrity or authentication. Extensions to

the DNS are described that provide these services to security aware

resolvers or applications through the use of cryptographic digital

signatures. These digital signatures are included in secured zones

as resource records. Security can still be provided even through

non-security aware DNS servers in many cases.

The extensions also provide for the storage of authenticated public

keys in the DNS. This storage of keys can support general public key

distribution service as well as DNS security. The stored keys enable

security aware resolvers to learn the authenticating key of zones in

addition to those for which they are initially configured. Keys

associated with DNS names can be retrieved to support other

protocols. Provision is made for a variety of key types and

algorithms.

In addition, the security extensions provide for the optional

authentication of DNS protocol transactions.

Acknowledgments

The significant contributions of the following persons (in alphabetic

order) to this document are gratefully acknowledged:

Harald T. Alvestrand

Madelyn Badger

Scott Bradner

Matt Crawford

James M. Galvin

Olafur Gudmundsson

Edie Gunter

Sandy Murphy

Masataka Ohta

Michael A. Patton

Jeffrey I. Schiller

Table of Contents

1. Overview of Contents....................................3

2. Overview of the DNS Extensions.........................4

2.1 Services Not Provided..................................4

2.2 Key Distribution.........................................