errata logo graphic

Found 1 record.

Status: Reported (1)

RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)", February 2013

Source of RFC: dnsext (int)

Errata ID: 4191

Status: Reported
Type: Editorial

Reported By: Edward Lewis
Date Reported: 2014-12-02

Section 5.11 says:

...

A signed zone MUST include a DNSKEY for each algorithm present in
      the zone's DS RRset and expected trust anchors for the zone.  The
      zone MUST also be signed with each algorithm (though not each key)
      present in the DNSKEY RRset.  

It should say:

A signed zone MUST include a DNSKEY for each algorithm present in
      the zone's DS RRset and expected trust anchors for the zone.  Each
      authoritative RRset in the zone MUST be signed with each 
      algorithm (though not each key) present in the DNSKEY RRset.  

Notes:

Zones aren't signed (per se), the data sets within them are. But not cut point (NS) and glue.


Report New Errata