RFC 3445 (rfc3445) - Page 1 of 10


Limiting the Scope of the KEY Resource Record (RR)



Alternative Format: Original Text Document



Network Working Group                                          D. Massey
Request for Comments: 3445                                       USC/ISI
Updates: 2535                                                    S. Rose
Category: Standards Track                                           NIST
                                                           December 2002


           Limiting the Scope of the KEY Resource Record (RR)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document limits the Domain Name System (DNS) KEY Resource Record
   (RR) to only keys used by the Domain Name System Security Extensions
   (DNSSEC).  The original KEY RR used sub-typing to store both DNSSEC
   keys and arbitrary application keys.  Storing both DNSSEC and
   application keys with the same record type is a mistake.  This
   document removes application keys from the KEY record by redefining
   the Protocol Octet field in the KEY RR Data.  As a result of removing
   application keys, all but one of the flags in the KEY record become
   unnecessary and are redefined.  Three existing application key sub-
   types are changed to reserved, but the format of the KEY record is
   not changed.  This document updates RFC 2535.

1. Introduction

   This document limits the scope of the KEY Resource Record (RR).  The
   KEY RR was defined in [3] and used resource record sub-typing to hold
   arbitrary public keys such as Email, IPSEC, DNSSEC, and TLS keys.
   This document eliminates the existing Email, IPSEC, and TLS sub-types
   and prohibits the introduction of new sub-types.  DNSSEC will be the
   only allowable sub-type for the KEY RR (hence sub-typing is
   essentially eliminated) and all but one of the KEY RR flags are also
   eliminated.






Massey & Rose               Standards Track