Connected: An Internet Encyclopedia
4.2 Update Data Signatures

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2137
Up: 4. Update Signatures
Prev: 4.1 Update Request Signatures
Next: 5. Security Considerations

4.2 Update Data Signatures

4.2 Update Data Signatures

Mode A dynamic secure zones require that the update requester provide SIG RRs that will authenticate the after update state of all RR sets that are changed by the update and are non-empty after the update. These SIG RRs appear in the request as RRs to be added and the request must delete any previous data SIG RRs that are invalidated by the request.

In Mode B dynamic secure zones, all zone data is authenticated by zone key SIG RRs. In this case, data signatures need not be included with the update. A resolver can determine which mode an updatable secure zone is using by examining the signatory field bits of the zone KEY RR (see section 3.2).


Next: 5. Security Considerations

Connected: An Internet Encyclopedia
4.2 Update Data Signatures