{"draft":"draft-ietf-dnsext-restrict-key-for-dnssec-04","doc_id":"RFC3445","title":" Limiting the Scope of the KEY Resource Record (RR) ","authors":["D. Massey","S. Rose"],"format":["ASCII","HTML"],"page_count":"10","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"DNS Extensions","abstract":" This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC).  The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys.  Storing both DNSSEC and application keys with the same record type is a mistake.  This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data.  As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined.  Three existing application key sub-types are changed to reserved, but the format of the KEY record is not changed.  This document updates RFC 2535.  [STANDARDS-TRACK]","pub_date":"November 2002","keywords":["DNS-SECEXT","dns","authentication"],"obsoletes":[],"obsoleted_by":["RFC4033","RFC4034","RFC4035"],"updates":["RFC2535"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC3445","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc3445"}