TKEY Secret Key Renewal Mode
draft-ietf-dnsext-tkey-renewal-mode-05
| Document | Type |
Expired Internet-Draft
(dnsext WG)
Expired & archived
|
|
|---|---|---|---|
| Author | Dr. Masaya Nakayama | ||
| Last updated | 2004-10-15 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines a new mode in TKEY and proposes an atomic method for changing secret keys used for TSIG periodically. Originally, TKEY provides methods of setting up shared secrets other than manual exchange, but it cannot control timing of key renewal very well though it can add or delete shared keys separately. This proposal is a systematical key renewal procedure intended for preventing signing DNS messages with old and non-safe keys permanently.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)