DNSSEC Opt-in for Large Zones
draft-kosters-dnsext-dnssec-opt-in-01

Document Type Expired Internet-Draft (individual)
Last updated 2001-03-06
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-kosters-dnsext-dnssec-opt-in-01.txt

Abstract

In order for DNSSEC to be deployed operationally with large zones and little operational impact, there needs to be included a mechanism that allows for the separation of secure versus unsecure views of zones. This needs to be done in a transparent fashion that allows DNSSEC to be deployed in an incremental manner. This document proposes the use of an extended RCODE to signify that a DNSSEC-aware requestor may have to re-query for the information, if and only if, the delegation is not yet secure. Thus, one can maintain two views of the zone and expand the DNSSEC zone as demand warrants.

Authors

Mark Kosters (markk@netsol.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)