[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Protocol Action: Limiting the Scope of the KEY Resource Record to Proposed Standard
The IESG has approved the Internet-Draft 'Limiting the Scope of the
KEY Resource Record' <draft-ietf-dnsext-restrict-key-for-dnssec-04.txt>
as a Proposed Standard. This document is the product of the DNS
Extensions Working Group. The IESG contact persons are Erik Nordmark
and Thomas Narten.
Technical Summary
This document limits the Domain Name System KEY resource record to
only keys used by the Domain Name System Security Extensions
(DNSSEC). The original KEY resource record used sub-typing to
store both DNSSEC keys and arbitrary application keys. Storing both
DNSSEC and application keys in one record was a mistake. This
document removes application keys from the KEY record by redefining
the Protocol Octet field in the KEY Resource Record Data. As a
result of removing application keys, all but one of the flags in
the KEY record become unnecessary and are removed. Three existing
application key sub-types are changed to reserved, but the format
of the KEY record is not changed. This document updates RFC 2535.
Working Group Summary
There was WG rough concensus to advance this document; people
agree that restricting KEY RR to the DNS keys is the right thing
to do.
However, some folks see a need to provide a replacement for the
application key use of the KEY RR (whether it be APPKEY or
something). Since there isn't agreement (see SIKED BoF) what
problem something like APPKEY would solve, there isn't a ready
replacement for this functionality at this point in time. Thus the
WG rough concensus is to restrict-key now and defer the
application key discussion.
Protocol Quality
This specification has been reviewed for the IESG by Erik Nordmark.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>