RFC 2930 (rfc2930) - Page 1 of 16

Secret Key Establishment for DNS (TKEY RR)

Network Working Group                                   D. Eastlake, 3rd
Request for Comments: 2930                                      Motorola
Category: Standards Track                                 September 2000


               Secret Key Establishment for DNS (TKEY RR)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   [RFC 2845] provides a means of authenticating Domain Name System
   (DNS) queries and responses using shared secret keys via the
   Transaction Signature (TSIG) resource record (RR).  However, it
   provides no mechanism for setting up such keys other than manual
   exchange. This document describes a Transaction Key (TKEY) RR that
   can be used in a number of different modes to establish shared secret
   keys between a DNS resolver and server.

Acknowledgments

   The comments and ideas of the following persons (listed in alphabetic
   order) have been incorporated herein and are gratefully acknowledged:

         Olafur Gudmundsson (TIS)

         Stuart Kwan (Microsoft)

         Ed Lewis (TIS)

         Erik Nordmark (SUN)

         Brian Wellington (Nominum)








Eastlake                    Standards Track