===== RFC5011 - Automated Updates of DNS Security (DNSSEC) Trust Anchors =====
[[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]]
Data sheet for RFC5011 Automated Updates of DNS Security (DNSSEC) Trust Anchors (AAAA)
| Title | Automated Updates of DNS Security Trust Anchors |
| Acronym | DNSSEC |
| Version | 2007 |
| Document Number | RFC5011 |
| Release Date | September 2007 |
| Reference | [[https://tools.ietf.org/html/rfc5011]] |
: **Note**: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.
==== Abstract ====
: //This document describes a means for automated, authenticated, and
authorized updating of DNSSEC "trust anchors". The method provides
protection against N-1 key compromises of N keys in the trust point
key set. Based on the trust established by the presence of a current
anchor, other anchors may be added at the same place in the
hierarchy, and, ultimately, supplant the existing anchor(s).//
: //This mechanism will require changes to resolver management behavior
(but not resolver resolution behavior), and the addition of a single
flag bit to the DNSKEY record.//
/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says
~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~