Skip to main content

The Zone Referral Key

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors John IETF Gilmore , Edward P. Lewis
Last updated 1998-05-28
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


A new type of key is defined to address the problems of performance in large delegeted zones and issues of liability of registrars with regards to the storing of public keys belonging to zone cuts. This new key type also brings DNSSEC more in line with the DNS treatment of zone cuts and speeds recovery in handling key exposure. The new type of key is a referral record that is stored, signed, at the parent zone's place for the delegation point. A resolver receiving this record is being informed that there are genuine public keys at the child's authoritative name servers. The parent no longer needs to store the child's public keys locally.


John IETF Gilmore
Edward P. Lewis

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)