Note: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.
Abstract
This document describes a means for automated, authenticated, and
authorized updating of DNSSEC “trust anchors”. The method provides
protection against N-1 key compromises of N keys in the trust point
key set. Based on the trust established by the presence of a current
anchor, other anchors may be added at the same place in the
hierarchy, and, ultimately, supplant the existing anchor(s).
This mechanism will require changes to resolver management behavior
(but not resolver resolution behavior), and the addition of a single
flag bit to the DNSKEY record.
dido/public/ra/xapend/xapend.b_stds/tech/ietf/5011.txt · Last modified: 2021/09/27 21:51 by 66.249.69.248