2004
DOI: 10.17487/rfc3757
|View full text |Cite
|
Sign up to set email alerts
|

Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
11
0

Year Published

2005
2005
2011
2011

Publication Types

Select...
2
2
1

Relationship

0
5

Authors

Journals

citations
Cited by 8 publications
(11 citation statements)
references
References 5 publications
0
11
0
Order By: Relevance
“…Designating an authentication key as a key signing key is purely an operational issue: DNSSEC validation does not distinguish between key signing keys and other DNSSEC authentication keys, and it is possible to use a single key as both a key signing key and a zone signing key. Key signing keys are discussed in more detail in [RFC3757]. Also see zone signing key.…”
Section: Definitions Of Important Dnssec Termsmentioning
confidence: 99%
“…Designating an authentication key as a key signing key is purely an operational issue: DNSSEC validation does not distinguish between key signing keys and other DNSSEC authentication keys, and it is possible to use a single key as both a key signing key and a zone signing key. Key signing keys are discussed in more detail in [RFC3757]. Also see zone signing key.…”
Section: Definitions Of Important Dnssec Termsmentioning
confidence: 99%
“…An island of security is a subtree in the DNS hierarchy in which DNSSEC has been deployed. The public key for the root of this subtree is called a trust anchor [14]. Since the trust anchor KSK cannot be verified by its parent zone which has not deployed DNSSEC, other means are needed for resolvers to collect, verify, and maintain the trust anchor KSKs.…”
Section: Incremental Deployabilitymentioning
confidence: 99%
“…This allows to avoid the use of a fake key sent in a message forged by a malicious person. To trust a zone key, DNSSEC uses the DNS-tree model to establish a chain of trust [5] beginning from a secure entry point [6] to the queried zone. To create this chain, a verifiable relation between child zone and parent zone must exist: this is the role of the Delegation Signer resource record (DS RR) [10].…”
Section: Dnssec Chain Of Trustmentioning
confidence: 99%
“…If bit 7 has value 0, then the DNSKEY record holds some other type of DNS public key (such as a public key used by TKEY [11]). Bit 15 of the Flags field is the Secure Entry Point flag, described in [6]. If bit 15 has value 1, then the DNSKEY record holds a key intended for use as a secure entry point.…”
Section: The Trusted Key Rollover Problemmentioning
confidence: 99%
See 1 more Smart Citation