DNSSEC Validators Requirements
draft-mglt-dnsop-dnssec-validator-requirements-06

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2018-05-03 (latest revision 2017-10-30)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Additional URLs
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
On Agenda dnsop at IETF-106
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-mglt-dnsop-dnssec-validator-requirements-06.txt

Abstract

DNSSEC provides data integrity and source authentication to a basic DNS RReet. Given a RRset, a public key and a signature, a DNSSEC validator checks the signature, time constraints, and other, local, policies. In case of mismatch the RRSet is considered illegitimate and is rejected. Accuracy in DNSSEC validation, that is, avoiding false positives and catching true negatives, requires that both the signing process and validation process adhere to the protocol, which begins with external configuration parameters. This document describes requirements for a validator to be able to perform accurate validation.

Authors

Daniel Migault (daniel.migault@ericsson.com)
Dan York (york@isoc.org)
Edward Lewis (edward.lewis@icann.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)