RFC 3757

Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag, April 2004

File formats:
icon for text file icon for PDF icon for HTML
Status:
PROPOSED STANDARD
Obsoleted by:
RFC 4033, RFC 4034, RFC 4035
Updates:
RFC 3755, RFC 2535
Authors:
O. Kolkman
J. Schlyter
E. Lewis
Stream:
IETF
Source:
dnsext (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC3757

Discuss this RFC: Send questions or comments to the mailing list dnsext@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 3757


Abstract

With the Delegation Signer (DS) resource record (RR), the concept of a public key acting as a secure entry point (SEP) has been introduced. During exchanges of public keys with the parent there is a need to differentiate SEP keys from other public keys in the Domain Name System KEY (DNSKEY) resource record set. A flag bit in the DNSKEY RR is defined to indicate that DNSKEY is to be used as a SEP. The flag bit is intended to assist in operational procedures to correctly generate DS resource records, or to indicate what DNSKEYs are intended for static configuration. The flag bit is not to be used in the DNS verification protocol. This document updates RFC 2535 and RFC 3755. [STANDARDS-TRACK]


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search