Browse Prior Art Database

Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag (RFC3757)

IP.com Disclosure Number: IPCOM000028682D
Original Publication Date: 2004-May-01
Included in the Prior Art Database: 2004-May-27
Document File: 9 page(s) / 17K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

O. Kolkman: AUTHOR [+3]

Abstract

With the Delegation Signer (DS) resource record (RR), the concept of a public key acting as a secure entry point (SEP) has been introduced. During exchanges of public keys with the parent there is a need to differentiate SEP keys from other public keys in the Domain Name System KEY (DNSKEY) resource record set. A flag bit in the DNSKEY RR is defined to indicate that DNSKEY is to be used as a SEP. The flag bit is intended to assist in operational procedures to correctly generate DS resource records, or to indicate what DNSKEYs are intended for static configuration. The flag bit is not to be used in the DNS verification protocol. This document updates RFC 2535 and RFC 3755.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 16% of the total text.

Network Working Group                                         O. Kolkman

Request for Comments: 3757                                      RIPE NCC

Updates: 3755, 2535                                          J. Schlyter

Category: Standards Track                                         NIC-SE

                                                                E. Lewis

                                                                    ARIN

                                                              April 2004

         Domain Name System KEY (DNSKEY) Resource Record (RR)

                     Secure Entry Point (SEP) Flag

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   With the Delegation Signer (DS) resource record (RR), the concept of

   a public key acting as a secure entry point (SEP) has been

   introduced.  During exchanges of public keys with the parent there is

   a need to differentiate SEP keys from other public keys in the Domain

   Name System KEY (DNSKEY) resource record set.  A flag bit in the

   DNSKEY RR is defined to indicate that DNSKEY is to be used as a SEP.

   The flag bit is intended to assist in operational procedures to

   correctly generate DS resource records, or to indicate what DNSKEYs

   are intended for static configuration.  The flag bit is not to be

   used in the DNS verification protocol.  This document updates RFC

   2535 and RFC 3755.

Kolkman, et al.              Standard Track                     [Page 1]

RFC 3757                   DNSKEY RR SEP Flag                 April 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2

   2.  The Secure Entry Point (SEP) Flag. . . . . . . . . . . . . . .  4

   3.  DNSSEC Protocol Changes. . . . . . . . . . . . . . . . . . . .  4

   4.  Operational Guidelines . . . . . . . . . . . . . . . . . . . .  4

   5.  Security Considerations. . . . . . . . . . . . . . . . . . . .  5

   6.  IANA Considerations. . . . . . . . . . . . . . . . . . . . . .  6

   7.  Internationalization Considerations. . . . . . . . . . . . . .  6...