blank.gif (43 bytes)

Church Of The
Swimming Elephant

3.3 Wildcard Key Punch Through Connected: An Internet Encyclopedia
3.3 Wildcard Key Punch Through

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2137
Up: 3. Keys
Prev: 3.2 Zone Keys and Update Modes
Next: 4. Update Signatures

3.3 Wildcard Key Punch Through

3.3 Wildcard Key Punch Through

Just as a zone key is valid throughout the entire zone, update keys with wildcard names are valid throughout their extended scope, within the zone. That is, they remain valid for any name that would match them, even existing specific names within their apparent scope.

If this were not so, then whenever a name within a wildcard scope was created by dynamic update, it would be necessary to first create a copy of the KEY RR with this name, because otherwise the existence of the more specific name would hide the authorizing KEY RR and would make later updates impossible. An updater could create such a KEY RR but could not zone sign it with their authorizing signer. They would have to sign it with the same key using the wildcard name as signer. Thus in creating, for example, one hundred type A RRs authorized by a * KEY RR, without key punch through 100 As, 100 KEYs, and 200 SIGs would have to be created as opposed to merely 100 As and 100 SIGs with key punch through.

Next: 4. Update Signatures

Connected: An Internet Encyclopedia
3.3 Wildcard Key Punch Through


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609