The DNSSEC document set can be partitioned into several main groups,
under the larger umbrella of the DNS base protocol documents.
The "DNSSEC protocol document set" refers to the three documents that
form the core of the DNS security extensions:
1. DNS Security Introduction and Requirements (this document)
2. Resource Records for DNS Security Extensions [RFC4034]
3. Protocol Modifications for the DNS Security Extensions [RFC4035]
Additionally, any document that would add to or change the core DNS
Security extensions would fall into this category. This includes any
future work on the communication between security-aware stub
resolvers and upstream security-aware recursive name servers.
The "Digital Signature Algorithm Specification" document set refers
to the group of documents that describe how specific digital
signature algorithms should be implemented to fit the DNSSEC resource
record format. Each document in this set deals with a specific
digital signature algorithm. Please see the appendix on "DNSSEC
Algorithm and Digest Types" in [RFC4034] for a list of the algorithms
that were defined when this core specification was written.
The "Transaction Authentication Protocol" document set refers to the
group of documents that deal with DNS message authentication,
including secret key establishment and verification. Although not
strictly part of the DNSSEC specification as defined in this set of
documents, this group is noted because of its relationship to DNSSEC.
The final document set, "New Security Uses", refers to documents that
seek to use proposed DNS Security extensions for other security
related purposes. DNSSEC does not provide any direct security for
these new uses but may be used to support them. Documents that fall
in this category include those describing the use of DNS in the
storage and distribution of certificates ([RFC2538]).
