Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Limiting the Scope of the KEY Resource Record (RR) (RFC3445)

IP.com Disclosure Number: IPCOM000010553D
Original Publication Date: 2002-Dec-01
Included in the Prior Art Database: 2002-Dec-17
Document File: 11 page(s) / 21K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Massey: AUTHOR [+2]

Abstract

This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC). The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys. Storing both DNSSEC and application keys with the same record type is a mistake. This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data. As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined. Three existing application key sub- types are changed to reserved, but the format of the KEY record is not changed. This document updates RFC 2535.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 14% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � D. Massey

Request for Comments: 3445� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � USC/ISI

Updates: 2535� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � S. Rose

Category: Standards Track� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � NIST

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � December 2002

� � � � � � � � � � Limiting the Scope of the KEY Resource Record (RR)

Status of this Memo

� � This document specifies an Internet standards track protocol for the

� � Internet community, and requests discussion and suggestions for

� � improvements.� Please refer to the current edition of the "Internet

� � Official Protocol Standards" (STD 1) for the standardization state

� � and status of this protocol.� Distribution of this memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2002).� All Rights Reserved.

Abstract

� � This document limits the Domain Name System (DNS) KEY Resource Record

� � (RR) to only keys used by the Domain Name System Security Extensions

� � (DNSSEC).� The original KEY RR used sub-typing to store both DNSSEC

� � keys and arbitrary application keys.� Storing both DNSSEC and

� � application keys with the same record type is a mistake.� This

� � document removes application keys from the KEY record by redefining

� � the Protocol Octet field in the KEY RR Data.� As a result of removing

� � application keys, all but one of the flags in the KEY record become

� � unnecessary and are redefined.� Three existing application key sub-

� � types are changed to reserved, but the format of the KEY record is

� � not changed.� This document updates RFC 2535.

1. Introduction

� � This document limits the scope of the KEY Resource Record (RR).� The

� � KEY RR was defined in [3] and used resource record sub-typing to hold

� � arbitrary public keys such as Email, IPSEC, DNSSEC, and TLS keys.

� � This document eliminates the existing Email, IPSEC, and TLS sub-types

� � and prohibits the introduction of new sub-types.� DNSSEC will be the

� � only allowable sub-type for the KEY RR (hence sub-typing is

� � essentially eliminated) and all but one of the KEY RR flags are also

� � eliminated.

Massey & Rose� � � � � � � � � � � � � � Standards Track� � � � � � � � � � � � � � � � � � � � [Page 1]

RFC 3445� � � � � � � � Limiting the KEY Resource Record (RR)� � � � December 2002

� � Section 2 presents the motivation for restricting the KEY record and

� � Section 3 defines the revised KEY RR.� Sections 4 and 5 summarize the

� � changes from RFC 2535 and discuss backwards compatibility.� It is

� � important to note that this document restricts the use of the KEY RR

� � and simplifies the flags, but does not change the definition or use

� � of DNSSEC ke...