A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Compromised-key Digest Signature (CKDS) Introduction and Requirement
Author(s) : Haikuo Zhang
Likun Zhang
Filename : draft-haikuo-ckds-01.txt
Pages : 14
Date : 2012-06-05
DNS Security Extensions (DNSSEC) is widely deployed at TLD and other
important domain names currently. DNSSEC is an effective method to
provide security protection for end users in the network. DNSSEC
needs a lot of operations to maintain the chain of trust, like DNSKEY
rollover operations periodically. But the chain of trust could be
broken if the operator of domain replaces the old key immediately in
a emergency rollover operation when the key is compromised. The
break will make the domain and his sub-domains invisible in a short
time if the data in the cache of resolver is right, on the contrary,
the fake RR in the cache of resolver may be "valid" if the resolver
is under the attack from hackers. This document introduces the
compromised-key digest signature (CKDS) resource record to mitigate
the impact of invalidation which is due to emergency rollover from
the authoritative name server.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-haikuo-ckds-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-haikuo-ckds-01.txt
The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-haikuo-ckds/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
