RFC - 3008
Domain Name System Security (DNSSEC) Signing Authority
| Obsoleted by: |
| RFC-4035prop |
Protocol Modifications for the DNS Security Extensions (Updated by RFC-4470prop)
|
| RFC-4034prop |
Resource Records for the DNS Security Extensions (Updated by RFC-4470prop)
|
| RFC-4033prop |
DNS Security Introduction and Requirements |
| Updates: |
| RFC-2535 |
Domain Name System Security Extensions (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3755, RFC-3757, RFC-3226prop, RFC-3658, RFC-3655, RFC-3007prop, RFC-3008, RFC-3845, RFC-3597prop, RFC-3445, RFC-3090, RFC-2931prop)
|
| Referred by: |
12 RFC |
| Refers to: |
7 RFC |
Status
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document proposes a revised model of Domain Name System Security
(DNSSEC) Signing Authority. The revised model is designed to clarify
earlier documents and add additional restrictions to simplify the
secure resolution process. Specifically, this affects the
authorization of keys to sign sets of records.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
