Protocol Action: 'DNSSEC Experiments' to Proposed Standard

The IESG <iesg-secretary@ietf.org> Sun, 08 April 2007 00:33 UTC

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, dnsext mailing list <namedroppers@ops.ietf.org>, dnsext chair <dnsext-chairs@tools.ietf.org>
Subject: Protocol Action: 'DNSSEC Experiments' to Proposed Standard
Message-Id: <E1HaLEO-0007QJ-QN@stiedprstage1.ietf.org>
Date: Sat, 07 Apr 2007 20:26:08 -0400
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk

The IESG has approved the following document:

- 'DNSSEC Experiments '
   <draft-ietf-dnsext-dnssec-experiments-04.txt> as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Mark Townsley and Jari Arkko.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-experiments-04.txt

   Technical Summary

This document describes how algorithm identifiers can be used to
perform experiments within a DNSSECbis environment without that the
published data is marked as "bogus" by validating resolvers that do
not partake in the experiments.

The document explains why this methodology works and describes how
experiments are to be defined.

Besides, it suggests that algorithm identifiers can be used to
introduce non-backward compatible DNSSEC features into the
protocol.

The technology relies on the fact that DNSSECbis validators should
treat RRSets that are signed  (exclusively) with key-algorithms that
are not implemented by the validator, should treat the RRset as
not being signed at al.

The first application of this methodology will be an experiment with
"opt-in" [draft-ietf-dnsext-dnssec-opt-in]. It is possible that the
methodology will be used for the introduction of current DNSSEC
extensions currently under development in DNSEXT, the NSEC3 work.


   Working Group Summary

There is a solid consensus behind this working group document.
It has had a few review cycles and it is seen as relevant

   Document Quality

This document has been reviewed (among others) by these key members,
most of them recognized  DNS and or DNSSEC specialist.

Sam Weiler

(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00576.html)

Ed Lewis
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00440.html)

Andrew Sullivan
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00330.html)

Mark Kosters
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00309.html)

Thierry Moreau
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00305.html)

Scott Rose
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00316.html)

RodneyJoffe
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00335.html)

Thomas Nartan (thread starting at:
http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00308.html).


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Protocol Action: 'DNSSEC Experiments' to Proposed… The IESG