Establishing an Appropriate Root Zone DNSSEC Trust Anchor at Startup
2018
Domain Name System Security Extensions (DNSSEC) allow cryptographic
signatures to be used to validate responses received from the Domain
Name System (DNS). A DNS client which validates such signatures is
known as a validator. The choice of appropriate root zone trust
anchor for a validator is expected to vary over time as the
corresponding cryptographic keys used in DNSSEC are changed. This
document provides guidance on how validators might determine an
appropriate trust anchor for the root zone to use at start-up, or when
other mechanisms intended to allow key rollover to be tolerated
gracefully are not available.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
0
Citations
NaN
KQI