===== RFC5011 - Automated Updates of DNS Security (DNSSEC) Trust Anchors =====
[[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]]

<table>
<caption>Data sheet for RFC5011 Automated Updates of DNS Security (DNSSEC) Trust Anchors (AAAA)</caption>
| Title                      | Automated Updates of DNS Security Trust Anchors |
| Acronym                    | DNSSEC |
| Version                    | 2007 |
| Document Number            | RFC5011 |
| Release Date               | September 2007  |
| Reference                  | [[https://tools.ietf.org/html/rfc5011]] |
</table>

  : **Note**: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.

==== Abstract ====
  : //This document describes a means for automated, authenticated, and
   authorized updating of DNSSEC "trust anchors".  The method provides
   protection against N-1 key compromises of N keys in the trust point
   key set.  Based on the trust established by the presence of a current
   anchor, other anchors may be added at the same place in the
   hierarchy, and, ultimately, supplant the existing anchor(s).//

  : //This mechanism will require changes to resolver management behavior
   (but not resolver resolution behavior), and the addition of a single
   flag bit to the DNSKEY record.//

/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says 
  ~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~