Preventing Child Neglect in DNSSECbis Using Lookaside Validation (DLV)

Paul VIXIE   

Publication
IEICE TRANSACTIONS on Communications   Vol.E88-B   No.4   pp.1326-1330
Publication Date: 2005/04/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on Internet Technology V)
Category: INVITED
Keyword: 
DNS ,  domain name system ,  DNS security ,  DNSSEC ,  secure DNS ,  Internet ,  

Full Text: PDF(98KB)
>>Buy this Article


Summary: 
The DNSSECbis data model has key introduction follow the delegation chain, thus requiring a zone's parent to become secure before a zone itself can be secured. Ultimately this leads to non-deployability since the root zone will probably not be secured any time soon. We describe an early deployment aid for DNSSECbis whereby key introduction can be done via cooperating third parties.