Connected: An Internet Encyclopedia
2.3.6 Signers Other Than The Zone
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 2065
Up:
2. Overview of the DNS Extensions
Up:
2.3 Data Origin Authentication and Integrity
Prev: 2.3.5 Special Considerations with CNAME RRs
Next: 2.4 DNS Transaction and Request Authentication
2.3.6 Signers Other Than The Zone
2.3.6 Signers Other Than The Zone
There are two cases where a SIG resource record is signed by other
than the zone private key. One is for support of dynamic update
where an entity is permitted to authenticate/update its own records.
The public key of the entity must be present in the DNS and be
appropriately signed but the other RR(s) may be signed with the
entity's key. The other is for support of transaction and request
authentication as described in Section 2.4 immediately below.
Next: 2.4 DNS Transaction and Request Authentication
Connected: An Internet Encyclopedia
2.3.6 Signers Other Than The Zone