Request for Comments RFC8509

A Root Key Trust Anchor Sentinel for DNSSEC  Dec 1, 2018

The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key.

Parties

Authors
Countries
US
Keywords
DNS DNSSEC KSK RFC5011 rollover root key root-key-sentinel-is-ta- root-key-sentinel-not-ta- security

JSON preview

Similar records

Title

Source:  IETF Last updated:  May 30, 2019

From RFC Editor, a database of the Internet Engineering Task Force. This record may not reflect the most current and accurate data available from the IETF.