Browse Prior Art Database

Limiting the Scope of the KEY Resource Record (RR) (RFC3445)

IP.com Disclosure Number: IPCOM000010553D
Original Publication Date: 2002-Dec-01
Included in the Prior Art Database: 2002-Dec-17
Document File: 11 page(s) / 21K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Massey: AUTHOR [+2]

Abstract

This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC). The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys. Storing both DNSSEC and application keys with the same record type is a mistake. This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data. As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined. Three existing application key sub- types are changed to reserved, but the format of the KEY record is not changed. This document updates RFC 2535.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 14% of the total text.

Network Working Group                                          D. Massey

Request for Comments: 3445                                       USC/ISI

Updates: 2535                                                    S. Rose

Category: Standards Track                                           NIST

                                                           December 2002

           Limiting the Scope of the KEY Resource Record (RR)

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document limits the Domain Name System (DNS) KEY Resource Record

   (RR) to only keys used by the Domain Name System Security Extensions

   (DNSSEC).  The original KEY RR used sub-typing to store both DNSSEC

   keys and arbitrary application keys.  Storing both DNSSEC and

   application keys with the same record type is a mistake.  This

   document removes application keys from the KEY record by redefining

   the Protocol Octet field in the KEY RR Data.  As a result of removing

   application keys, all but one of the flags in the KEY record become

   unnecessary and are redefined.  Three existing application key sub-

   types are changed to reserved, but the format of the KEY record is

   not changed.  This document updates RFC 2535.

1. Introduction

   This document limits the scope of the KEY Resource Record (RR).  The

   KEY RR was defined in [3] and used resource record sub-typing to hold

   arbitrary public keys such as Email, IPSEC, DNSSEC, and TLS keys.

   This document eliminates the existing Email, IPSEC, and TLS sub-types

   and prohibits the introduction of new sub-types.  DNSSEC will be the

   only allowable sub-type for the KEY RR (hence sub-typing is

   essentially eliminated) and all but one of the KEY RR flags are also

   eliminated.

Massey & Rose               Standards Track                     [Page 1]

RFC 3445         Limiting the KEY Resource Record (RR)     December 2002

   Section 2 presents the motivation for restricting the KEY record and

   Section 3 defines the revised KEY RR.  Sections 4 and 5 summarize the

   changes from RFC 2535 and discuss backwards compatibility.  It is

   important to note that this document restricts the use of the KEY RR

   and simplifies the flags, but does not change the definition or use

   of DNSSEC ke...