The DNS Security Extensions (DNSSEC) were developed to provide origin
authentication and integrity protection for DNS data by using digital
signatures. These digital signatures can be verified by building a
chain of trust starting from a trust anchor and proceeding down to a
particular node in the DNS. This document specifies a mechanism that
will allow an end user and third parties to determine the trusted key
state for the root key of the resolvers that handle that user's DNS
queries. Note that this method is only applicable for determining
which keys are in the trust store for the root key.
Working Group Summary
This document has had a short history, and came about while working with ICANN on
the KSK rollover process, as a way to assist tracking the addition and removal of DNSSEC
There are two different implementations of the design.
Document Shepherd: Tim Wicinski
Responsible Area Director: Terry Manderson