{
  "draft": "draft-ietf-dnsext-restrict-key-for-dnssec-04",
  "doc_id": "RFC3445",
  "title": "Limiting the Scope of the KEY Resource Record (RR)",
  "authors": [
    "D. Massey",
    "S. Rose"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "10",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "DNS Extensions",
  "abstract": "This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC).  The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys.  Storing both DNSSEC and application keys with the same record type is a mistake.  This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data.  As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined.  Three existing application key sub-types are changed to reserved, but the format of the KEY record is not changed.  This document updates RFC 2535. [STANDARDS-TRACK]",
  "pub_date": "December 2002",
  "keywords": [
    "DNS-SECEXT",
    "dns",
    "authentication"
  ],
  "obsoletes": [],
  "obsoleted_by": [
    "RFC4033",
    "RFC4034",
    "RFC4035"
  ],
  "updates": [
    "RFC2535"
  ],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC3445",
  "errata_url": "https://www.rfc-editor.org/errata/rfc3445"
}