Secret Key Transaction Authentication for DNS (TSIG), as specified in [RFC2845], provides extensible transaction level authentication for DNS. The Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG), as specified in [RFC3645], identifies one possible extension to TSIG based on the Generic Security Service Application Program Interface (GSS-API), as specified in [RFC2743].
This document specifies an extension to GSS-TSIG.
Section 2 of this specification is normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Section 1.6 is also normative but cannot contain those terms. All other sections and examples in this specification are informative.