DNS Security Opt-In
RFC 4956, “DNS Security Opt-In”, is an Experimental document published in July 2007 by R. Arends, M. Kosters, D. Blacka. The canonical text is published by the RFC Editor.
Abstract
In the DNS security (DNSSEC) extensions, delegations to unsigned subzones are cryptographically secured. Maintaining this cryptography is not always practical or necessary. This document describes an experimental "Opt-In" model that allows administrators to omit this cryptography and manage the cost of adopting DNSSEC with large zones. This memo defines an Experimental Protocol for the Internet community.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 4956 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4955 DNS Security Experiments
- RFC 4957 Link-Layer Event Notifications for Detecting Network Attachments
- RFC 4954 SMTP Service Extension for Authentication
- RFC 4958 A Framework for Supporting Emergency Telecommunications Services within a Single Administrative Domain
- RFC 4953 Defending TCP Against Spoofing Attacks
- RFC 4959 IMAP Extension for Simple Authentication and Security Layer Initial Client Response
- RFC 4952 Overview and Framework for Internationalized Email
- RFC 4960 Stream Control Transmission Protocol