freebsd-dev/contrib/bind/doc/html/trusted-keys.html
Peter Wemm 6b6ac9438f Import bind v8.2.2.p5, minus the crypto for the time being. The bind
package does have BXA export approval, but the licensing strings on the
dnssafe code are a bit unpleasant.  The crypto is easy to restore and bind
will run without it - just without full dnssec support.

Obtained from:	The Internet Software Consortium (www.isc.org)
1999-11-30 02:43:11 +00:00

59 lines
1.9 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>BIND trusted-keys Statement</TITLE>
</HEAD>
<BODY>
<H2>BIND Configuration File Guide--<CODE>trusted-keys</CODE> Statement</H2>
<HR>
<A NAME="Syntax"><H3>Syntax</H3></A>
<PRE>
trusted-keys {
[ <VAR><A HREF="docdef.html">domain_name</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
};
</PRE>
<HR>
<A NAME="Usage"><H3>Definition and Usage</H3></A>
The <CODE>trusted-keys</CODE>
statement is for use with DNSSEC-style security, originally specified
in RFC 2065. DNSSEC is meant to
provide three distinct services: key distribution, data origin
authentication, and transaction and request authentication. A
complete description of DNSSEC and its use is beyond the scope of this
document, and readers interested in more information should start with
<A HREF="http://info.internet.isi.edu/in-notes/rfc/files/rfc2065.txt">
RFC 2065</A> and then continue with the
<A HREF="http://www.ietf.org/ids.by.wg/dnssec.html">
Internet Drafts</A>.</P>
<P>Each trusted key is associated with a domain name. Its attributes are
the non-negative integral <VAR>flags</VAR>, <VAR>protocol</VAR>, and
<VAR>algorithm</VAR>, as well as a base-64 encoded string representing
the key.</P>
A trusted key is added when a public key for a non-authoritative zone is
known, but cannot be securely obtained through DNS. This occurs when
a signed zone is a child of an unsigned zone. Adding the trusted
key here allows data signed by that zone to be considered secure.</P>
<HR>
<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
<HR>
<ADDRESS>
Last Updated: $Id: trusted-keys.html,v 1.4 1999/09/15 20:28:02 cyarnell Exp $
</ADDRESS>
</BODY>
</HTML>