I-D Action: draft-haikuo-ckds-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Compromised-key Digest Signature (CKDS) Introduction and Requirement
	Author(s)       : Haikuo Zhang
                          Likun Zhang
	Filename        : draft-haikuo-ckds-01.txt
	Pages           : 14
	Date            : 2012-06-05

   DNS Security Extensions (DNSSEC) is widely deployed at TLD and other
   important domain names currently.  DNSSEC is an effective method to
   provide security protection for end users in the network.  DNSSEC
   needs a lot of operations to maintain the chain of trust, like DNSKEY
   rollover operations periodically.  But the chain of trust could be
   broken if the operator of domain replaces the old key immediately in
   a emergency rollover operation when the key is compromised.  The
   break will make the domain and his sub-domains invisible in a short
   time if the data in the cache of resolver is right, on the contrary,
   the fake RR in the cache of resolver may be "valid" if the resolver
   is under the attack from hackers.  This document introduces the
   compromised-key digest signature (CKDS) resource record to mitigate
   the impact of invalidation which is due to emergency rollover from
   the authoritative name server.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-haikuo-ckds-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-haikuo-ckds-01.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-haikuo-ckds/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux