DNSSEC Signature and Data Verification Semantics
draft-lewis-dnssig-authorization-00

Document Type Expired Internet-Draft (individual)
Authors Ólafur Guðmundsson  , Edward Lewis 
Last updated 1997-12-04
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-lewis-dnssig-authorization-00.txt

Abstract

This draft discusses authorization models for DNSSEC that can be used to determine the relationship of a KEY RR and a DNS RRset in the validation process. Is this key trusted to sign for this data? Is this data trusted because it was signed by this key? This draft defines a number of different policies that can be used and what the signing authority of keys are in each. This draft also addresses what steps are recommended in the secure DNS resolution process and how the authorization policy is put to use. The ideas and definitions expressed here are based on the authors experience in implementing a reference secure resolver.

Authors

Ólafur Guðmundsson (ogud@ogud.com)
Edward Lewis (Ed.Lewis@neustar.biz)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)