{"draft":"draft-ietf-dnsext-rollover-requirements-04","doc_id":"RFC4986","title":"Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover","authors":["H. Eland","R. Mundy","S. Crocker","S. Krishnaswamy"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"DNS Extensions","abstract":"Every DNS security-aware resolver must have at least one Trust Anchor\r\nto use as the basis for validating responses from DNS signed zones.\r\nFor various reasons, most DNS security-aware resolvers are expected\r\nto have several Trust Anchors.  For some operations, manual\r\nmonitoring and updating of Trust Anchors may be feasible, but many\r\noperations will require automated methods for updating Trust Anchors\r\nin their security-aware resolvers.  This document identifies the\r\nrequirements that must be met by an automated DNS Trust Anchor\r\nrollover solution for security-aware DNS resolvers.  This memo provides information for the Internet community.","pub_date":"August 2007","keywords":["dns signed zone"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC4986","errata_url":null}