{"draft":"draft-ietf-dnsext-trustupdate-timers-06","doc_id":"RFC5011","title":"Automated Updates of DNS Security (DNSSEC) Trust Anchors","authors":["M. StJohns"],"format":["ASCII","HTML"],"page_count":"14","pub_status":"PROPOSED STANDARD","status":"INTERNET STANDARD","source":"DNS Extensions","abstract":"This document describes a means for automated, authenticated, and\r\nauthorized updating of DNSSEC \"trust anchors\".  The method provides\r\nprotection against N-1 key compromises of N keys in the trust point\r\nkey set.  Based on the trust established by the presence of a current\r\nanchor, other anchors may be added at the same place in the\r\nhierarchy, and, ultimately, supplant the existing anchor(s).\r\n\r\nThis mechanism will require changes to resolver management behavior\r\n(but not resolver resolution behavior), and the addition of a single\r\nflag bit to the DNSKEY record.  [STANDARDS-TRACK]","pub_date":"September 2007","keywords":["[--------|s]","n-1 key","n keys"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":["STD0074"],"doi":"10.17487\/RFC5011","errata_url":null}