Skip to main content

Weak Trust Anchor Introduction
draft-zhang-dnsop-weak-trust-anchor-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors XiaoDong Lee , Haikuo Zhang , Nan Wang , Peng Zuo, Xiali Yan, Ce Luo, Hongtao Li
Last updated 2014-11-30 (Latest revision 2014-05-29)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

DNS Security Extensions (DNSSEC) is an effective method to provide security protection for resolvers and end users in the DNS protocols. But the DNSSEC is too aggressive for the DNS service in the poor network infrastructure, because the domain name will be invisible when large DNSSEC messages were dropped by some other network equipments, like the routers which have MTU problem or the old firewalls which do not support ENDS0. This document defines a new concept weak trust anchor which can be used on a security-aware resolver to get rid of the above problem.

Authors

XiaoDong Lee
Haikuo Zhang
Nan Wang
Peng Zuo
Xiali Yan
Ce Luo
Hongtao Li

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)