Protocol Action: 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 06 March 2006 20:40 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FGMVQ-0001ef-D9 for dnsext-archive@lists.ietf.org; Mon, 06 Mar 2006 15:40:36 -0500
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FGMVQ-0000ox-3k for dnsext-archive@lists.ietf.org; Mon, 06 Mar 2006 15:40:36 -0500
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1FGMRD-000Dnx-Uu for namedroppers-data@psg.com; Mon, 06 Mar 2006 20:36:15 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO autolearn=ham version=3.1.0
Received: from [209.173.57.70] (helo=pine.neustar.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.60 (FreeBSD)) (envelope-from <ietf@ietf.org>) id 1FGMRD-000Dnl-3B for namedroppers@ops.ietf.org; Mon, 06 Mar 2006 20:36:15 +0000
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k26KZxvP010314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 6 Mar 2006 20:35:59 GMT
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FGMQx-0003FS-MA; Mon, 06 Mar 2006 15:35:59 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, dnsext mailing list <namedroppers@ops.ietf.org>, dnsext chair <ogud@ogud.com>, dnsext chair <olaf@nlnetlabs.nl>
Subject: Protocol Action: 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)' to Proposed Standard
Message-Id: <E1FGMQx-0003FS-MA@stiedprstage1.ietf.org>
Date: Mon, 06 Mar 2006 15:35:59 -0500
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
The IESG has approved the following document: - 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) ' <draft-ietf-dnsext-ds-sha256-05.txt> as a Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact persons are Margaret Wasserman and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ds-sha256-05.txt Technical Summary Given the crumbling confidence in SHA-1, DNSEXT with the urging of Russ Housley,decided to address the weakest part of the DNSSEC chain, the long lived digest in the DS record. DS is used to transfer trust from a parent zone to a DNSKEY atchild. The DS record stores a digest of the public part of the key that child uses to sign its own DNSKEY set. The change to SHA-256 is considered significant improvement in resilience, the Working group is aware that this might be a temporary measure until new generation of standardized Digest algorithms becomes available This document also contains some guidance on how implementations treat DS sets where there are multiple digest algorithms used. This part of the document has seen most discussion and clarifications of text. There is a strong consensus behind this document. Working Group Summary This document is a work item of the DNSEXT WG. The WG has consensus to publish this document as a Proposed Standard. Protocol Quality This document was reviewed for the IESG by Margaret Wasserman. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>