Document Action: 'DNSSEC Opt-In' to Experimental RFC
The IESG <iesg-secretary@ietf.org> Sun, 08 April 2007 00:32 UTC
Return-path: <owner-namedroppers@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HaLKx-0000Vn-8E; Sat, 07 Apr 2007 20:32:55 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HaLKv-0001wK-Tl; Sat, 07 Apr 2007 20:32:55 -0400
Received: from majordom by psg.com with local (Exim 4.63 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1HaLFk-000NWQ-Du for namedroppers-data@psg.com; Sun, 08 Apr 2007 00:27:32 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.7
Received: from [156.154.24.139] (helo=ns4.neustar.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from <ietf@ietf.org>) id 1HaLFi-000NW3-AT for namedroppers@ops.ietf.org; Sun, 08 Apr 2007 00:27:31 +0000
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 620472AC97; Sun, 8 Apr 2007 00:27:27 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1HaLFf-0007Sl-5c; Sat, 07 Apr 2007 20:27:27 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, dnsext mailing list <namedroppers@ops.ietf.org>, dnsext chair <dnsext-chairs@tools.ietf.org>
Subject: Document Action: 'DNSSEC Opt-In' to Experimental RFC
Message-Id: <E1HaLFf-0007Sl-5c@stiedprstage1.ietf.org>
Date: Sat, 07 Apr 2007 20:27:27 -0400
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-id: DNSEXT discussion <namedroppers.ops.ietf.org>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
The IESG has approved the following document: - 'DNSSEC Opt-In ' <draft-ietf-dnsext-dnssec-opt-in-09.txt> as an Experimental RFC This document is the product of the DNS Extensions Working Group. The IESG contact persons are Mark Townsley and Jari Arkko. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-opt-in-09.txt Technical Summary opt-in is a method to disable the authenticated denial of existence for a range of domain names in a zone. It has been developed to generate a sparse set of NSEC RRs in a zone that contains mostly delegations i.e. to opt-in the secure delegations. The span of delegations for which authenticated denial is not available is still indicated using an NSEC resource record. 'NSEC-bit' in the type bitmap of the NSEC RDATA is used to signal the different semantic of the opt-in type NSEC RR. opt-in is a methodology that is backwards incompatible with DNSSEC; in order to perform a trial the methodology described in draft-ietf-dnsext-dnssec-experiments is applied. Working Group Summary A couple of years ago this document had thourough technical review around 2002. This version of the document has been slightly updated to reflect changes to DNSSEC since 2002 and to turn it into an experiment of the form described in draft-ietf-dnsext-dnssec-experiments. During the development of the OPT-IN spec before and in 2002 there has been in depth review and feedback by several core members of the working group. At that time the consensus was that the document was technologically solid but there was no consent the mechanism. This time around the views of many folk have changed and they do not have any problems with the OPT-IN technology going forward as an experiment. The same functionality is introduced work currently in DNSEXT NSEC3. Document Quality The document has been reviewed by Scott Rose (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00316.html) Mark Kosters (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00309.html, he is one of the initial editors) Rodney Joffe (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00335.html) and dnsext chair Olaf Kolkman. There has been some discussion after we advanced the document in which it became clear that Ed Lewis also reviewed the document and supported experimental status. (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00902.html) -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>