10. DNS Security Document Family
The DNSSEC document set can be partitioned into several main groups, under the larger umbrella of the DNS base protocol documents.
The "DNSSEC protocol document set" refers to the three documents that form the core of the DNS security extensions:
-
DNS Security Introduction and Requirements (this document)
-
Resource Records for DNS Security Extensions
[RFC4034] -
Protocol Modifications for the DNS Security Extensions
[RFC4035]
Additionally, any document that would add to or change the core DNS Security extensions would fall into this category. This includes any future work on the communication between security-aware stub resolvers and upstream security-aware recursive name servers.
The "Digital Signature Algorithm Specification" document set refers to the group of documents that describe how specific digital signature algorithms should be implemented to fit the DNSSEC resource record format. Each document in this set deals with a specific digital signature algorithm. Please see the appendix on "DNSSEC Algorithm and Digest Types" in [RFC4034] for a list of the algorithms that were defined when this core specification was written.
The "Transaction Authentication Protocol" document set refers to the group of documents that deal with DNS message authentication, including secret key establishment and verification. Although not strictly part of the DNSSEC specification as defined in this set of documents, this group is noted because of its relationship to DNSSEC.
The final document set, "New Security Uses", refers to documents that seek to use proposed DNS Security extensions for other security related purposes. DNSSEC does not provide any direct security for these new uses but may be used to support them. Documents that fall in this category include those describing the use of DNS in the storage and distribution of certificates ([RFC2538]).