datatracker.ietf.org/doc/html/rfc8078
Preview meta tags from the datatracker.ietf.org website.
Linked Hostnames
5- 23 links todatatracker.ietf.org
- 11 links towww.rfc-editor.org
- 1 link togithub.com
- 1 link tomailarchive.ietf.org
- 1 link totrustee.ietf.org
Thumbnail
Search Engine Appearance
https://datatracker.ietf.org/doc/html/rfc8078
RFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
Managing DS Records from the Parent via CDS/CDNSKEY (RFC 8078, )
Bing
RFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
https://datatracker.ietf.org/doc/html/rfc8078
Managing DS Records from the Parent via CDS/CDNSKEY (RFC 8078, )
DuckDuckGo
https://datatracker.ietf.org/doc/html/rfc8078RFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
Managing DS Records from the Parent via CDS/CDNSKEY (RFC 8078, )
General Meta Tags
10- titleRFC 8078 - Managing DS Records from the Parent via CDS/CDNSKEY
- charsetutf-8
- X-UA-CompatibleIE=edge
- viewportwidth=device-width, initial-scale=1
- descriptionManaging DS Records from the Parent via CDS/CDNSKEY (RFC 8078, )
Open Graph Meta Tags
10- og:titleRFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
- og:urlhttps://datatracker.ietf.org/doc/html/rfc8078
- og:site_nameIETF Datatracker
- og:descriptionRFC 7344 specifies how DNS trust can be maintained across key rollovers in-band between parent and child. This document elevates RFC 7344 from Informational to Standards Track. It also adds a method for initial trust setup and removal of a secure entry point. Changing a domain's DNSSEC status can be a complicated matter involving multiple unrelated parties. Some of these parties, such as the DNS operator, might not even be known by all the organizations involved. The inability to disable DNSSEC via in-band signaling is seen as a problem or liability that prevents some DNSSEC adoption at a large scale. This document adds a method for in-band signaling of these DNSSEC status changes. This document describes reasonable policies to ease deployment of the initial acceptance of new secure entry points (DS records). It is preferable that operators collaborate on the transfer or move of a domain. The best method is to perform a Key Signing Key (KSK) plus Zone Signing Key (ZSK) rollover. If that is not possible, the method using an unsigned intermediate state described in this document can be used to move the domain between two parties. This leaves the domain temporarily unsigned and vulnerable to DNS spoofing, but that is preferred over the alternative of validation failures due to a mismatched DS and DNSKEY record.
- og:typearticle
Twitter Meta Tags
1- twitter:cardsummary_large_image
Link Tags
12- alternate/feed/document-changes/rfc8078/
- apple-touch-iconhttps://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-180.png
- canonicalhttps://datatracker.ietf.org/doc/html/rfc8078
- iconhttps://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-32.png
- iconhttps://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-16.png
Emails
3- ogud%40ogud.com
- paul.wouters%40aiven.io
- [email protected]?subject=rfc8078
Links
37- http://trustee.ietf.org/license-info
- http://www.rfc-editor.org/info/rfc2119
- http://www.rfc-editor.org/info/rfc4034
- http://www.rfc-editor.org/info/rfc4398
- http://www.rfc-editor.org/info/rfc7344