{"draft":"draft-ietf-dnsop-rfc2845bis-09","doc_id":"RFC8945","title":"Secret Key Transaction Authentication for DNS (TSIG)","authors":["F. Dupont","S. Morris","P. Vixie","D. Eastlake 3rd","O. Gudmundsson","B. Wellington"],"format":["HTML","TEXT","PDF","XML"],"page_count":"22","pub_status":"INTERNET STANDARD","status":"INTERNET STANDARD","source":"Domain Name System Operations","abstract":"This document describes a protocol for transaction-level\r\nauthentication using shared secrets and one-way hashing.  It can be\r\nused to authenticate dynamic updates to a DNS zone as coming from an\r\napproved client or to authenticate responses as coming from an\r\napproved name server.\r\n\r\nNo recommendation is made here for distributing the shared secrets;\r\nit is expected that a network administrator will statically configure\r\nname servers and clients using some out-of-band mechanism.\r\n\r\nThis document obsoletes RFCs 2845 and 4635.","pub_date":"November 2020","keywords":[],"obsoletes":["RFC2845","RFC4635"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":["STD0093"],"doi":"10.17487\/RFC8945","errata_url":null}