datatracker.ietf.org
Sign In
Version 4.45, 2013-05-14
Report a bug

Redefinition of DNS Authenticated Data (AD) bit
draft-ietf-dnsext-ad-is-secure-06

RFC
Document Stream: IETF
Last updated: 2002-06-28
Intended RFC status: Proposed Standard
Other versions: (expired, archived): plain text, pdf, html
Document shepherd:(None)
Shepherd writeup
Consensus:Unknown
IESG State: RFC 3655
Responsible AD: Erik Nordmark
IESG Note: published as RFC 3655
Send notices to: <ogud@ogud.com>, <okolkman@ripe.net>

This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-dnsext-ad-is-secure.

Abstract:
This document alters the specification defined in RFC 2535. Based on implementation experience, the Authenticated Data (AD) bit in the DNS header is not useful. This document redefines the AD bit such that it is only set if all answers or records proving that no answers exist in the response has been cryptographically verified or otherwise meets the server's local security policy.

Authors:
Brian Wellington <brian.wellington@nominum.com>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)