Weak Trust Anchor Introduction
draft-weak-trust-anchor-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | XiaoDong Lee , Haikuo Zhang , Nan Wang , Peng Zuo, Xiali Yan, Ce Luo, Hongtao Li | ||
Last updated | 2014-11-30 (Latest revision 2014-05-29) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
DNS Security Extensions (DNSSEC) is an effective method to provide security protection for resolvers and end users in the DNS protocols. But the DNSSEC is too aggressive for the DNS service in the poor network infrastructure, because the domain name will be invisible when large DNSSEC messages were dropped by some other network equipments, like the routers which have MTU problem or the old firewalls which do not support ENDS0. This document defines a new concept weak trust anchor which can be used on a security-aware resolver to get rid of the above problem.
Authors
XiaoDong Lee
Haikuo Zhang
Nan Wang
Peng Zuo
Xiali Yan
Ce Luo
Hongtao Li
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)