Domain Name Assertions
BBN Technologies
Many Internet applications allow service delegation via the DNS. However, in the absence of DNSSEC, these delegations are unauthenticated, so clients have to authenticate the delegate as if he were the original service. This situation causes several operational problems. This document describes a mechanism for clients to discover and validate information that authenticates DNS- based service delegations, without relying on the global deployment of DNSSEC.