Limiting the Scope of the KEY Resource Record (RR), December 2002
- File formats:
- PROPOSED STANDARD
- Obsoleted by:
- RFC 4033, RFC 4034, RFC 4035
- RFC 2535
- D. Massey
- dnsext (int)
Discuss this RFC: Send questions or comments to the mailing list firstname.lastname@example.org
This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC). The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys. Storing both DNSSEC and application keys with the same record type is a mistake. This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data. As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined. Three existing application key sub-types are changed to reserved, but the format of the KEY record is not changed. This document updates RFC 2535. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.