DNSSEC Opt-in for Large Zones
draft-kosters-dnsext-dnssec-opt-in-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Mark Kosters | ||
Last updated | 2001-03-06 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
In order for DNSSEC to be deployed operationally with large zones and little operational impact, there needs to be included a mechanism that allows for the separation of secure versus unsecure views of zones. This needs to be done in a transparent fashion that allows DNSSEC to be deployed in an incremental manner. This document proposes the use of an extended RCODE to signify that a DNSSEC-aware requestor may have to re-query for the information, if and only if, the delegation is not yet secure. Thus, one can maintain two views of the zone and expand the DNSSEC zone as demand warrants.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)