Preventing Child Neglect in DNSSECbis Using Lookaside Validation (DLV)

Paul VIXIE  

IEICE TRANSACTIONS on Communications   Vol.E88-B   No.4   pp.1326-1330
Publication Date: 2005/04/01
Online ISSN: 
DOI: 10.1093/ietcom/e88-b.4.1326
Print ISSN: 0916-8516
Type of Manuscript: INVITED PAPER (Special Section on Internet Technology V)
DNS,  domain name system,  DNS security,  DNSSEC,  secure DNS,  Internet,  

Full Text: PDF(98.1KB)>>
Buy this Article

The DNSSECbis data model has key introduction follow the delegation chain, thus requiring a zone's parent to become secure before a zone itself can be secured. Ultimately this leads to non-deployability since the root zone will probably not be secured any time soon. We describe an early deployment aid for DNSSECbis whereby key introduction can be done via cooperating third parties.