The document describes a means for automatically updating public
keys that are configured in DNSSEC aware resolvers. New
trust-anchors are configured when signatures over them can be
validated using the previous trust-anchors. By introducing explicit
revocation and a delay mechanism the chances of an attacker
introducing a mala fide trust-anchor after a key compromise are
mitigated, albeit not solved.
Working Group Summary
There is a broad consensus that this solution provides a workable
key-rollover. The working group is aware of IPR issues. There
have been a number of well-documented reviews and comment on
this document, please see the PROTO statement for a detailed
There are no implementations yet. The chairs are aware of at least
1 and maybe 2 independent organizations that plan on
implementing. At least one implementer has done in-depth review
during last call.
The chairs are of the opinion that after implementations are
written there is probably millage in documenting operational
Note to RFC Editor
Please append the following to the Security Considerations section:
"Security considerations for trust anchor rollover not specific to
this protocol are discussed in [ID.ietf-dnsext-rollover-requirements]"
and add this to the informative references:
Eland, H., Mundy R., Crocker, S., and S. Krishnaswamy,
"Requirements related to DNSSEC Trust Anchor Rollover",
(work in progress), November 2006.