Changeset 326

Show
Ignore:
Timestamp:
05/09/07 14:35:19
Author:
roy
Message:

Updated the intro part.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • aob/draft-arends-dnsext-dlvptr-xx.xml

    r325 r326  
    5555  </author> 
    5656   
    57   <date day="8" month="May" year="2007"/> 
     57  <date day="9" month="May" year="2007"/> 
    5858 
    5959  <area>Internet</area> 
     
    6767    This document defines the DNSSEC Lookaside Validation Pointer 
    6868    (DLVPTR) Resource Record (RR), for publishing pointers to DNSSEC 
    69     Lookaside Validation (DLV) records publised outside of the DNS 
    70     delegation chain. 
     69    Lookaside Validation (DLV) records. 
    7170   </t> 
    7271  </abstract> 
     
    7877  <section title="Introduction"> 
    7978    
    80    <t>A <xref target="RFC4033">validator</xref>, in absence of a trust 
    81     anchor for either the zone, or higher up in the delegation 
    82     hierarchy, can not do DNSSEC validation.  The DLV method <xref 
    83     target="ISC-TN-2006-1"/><xref target="RFC4431"/><xref 
    84      target="I-D.weiler-dnssec-dlv"/> was meant to address that by 
    85     allowing the validator to have a trust anchor outside of the 
    86     delegation hierarcy. Though the DLV method works in principle, it 
    87     introduces other issues, in that it does not scale properly nor 
    88     gives the validator any freedom to allow multiple trust anchors 
    89     within the same part of the namespace. 
    90    </t> 
    91  
     79   <t>DNSSEC Lookaside Validation (DLV) <xref target="ISC-TN-2006-1"/> 
     80   <xref target="RFC4431"/><xref target="I-D.weiler-dnssec-dlv"/> is a  
     81   method to publish Trust Anchors (TAs) for islands of security in a  
     82   repository independent of the island of security. This, in turn, has  
     83   the potential for efficient TA management on the validator, as the  
     84   validator can configure the TA for the DLV repository, instead of  
     85   TAs for each island of security.  
     86   </t> 
     87   <t> 
     88   Due to the design of DLV it is not efficient to have more than a few  
     89   TAs for DLV repositories. DLV requires the validator to send  
     90   additional requests to each DLV repository for each response, for  
     91   which there is no configured TA. 
     92   </t> 
     93   <t> 
     94   This memo introduces a change to the design of DLV. An island of  
     95   security can publish a pointer (DLVPTR) to the DLV repository of  
     96   choice. When the validator has a configured TA for this DLV,  
     97   additional requests will be send to just this DLV. 
     98   </t> 
    9299   <t> 
    93100    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL