[DNSOP] Document Action: 'Multi Signer DNSSEC models' to Informational RFC (draft-ietf-dnsop-multi-provider-dnssec-05.txt)
The IESG <iesg-secretary@ietf.org> Mon, 20 April 2020 17:59 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 882E63A0C6F; Mon, 20 Apr 2020 10:59:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.127.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: warren@kumari.net, dnsop@ietf.org, dnsop-chairs@ietf.org, benno@NLnetLabs.nl, rfc-editor@rfc-editor.org, Benno Overeinder <benno@NLnetLabs.nl>, draft-ietf-dnsop-multi-provider-dnssec@ietf.org, The IESG <iesg@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <158740555153.19877.14005156677988148209@ietfa.amsl.com>
Date: Mon, 20 Apr 2020 10:59:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/00Lg8nOol51sz-ewqW10Wcr8RQI>
Subject: [DNSOP] Document Action: 'Multi Signer DNSSEC models' to Informational RFC (draft-ietf-dnsop-multi-provider-dnssec-05.txt)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 17:59:12 -0000
The IESG has approved the following document: - 'Multi Signer DNSSEC models' (draft-ietf-dnsop-multi-provider-dnssec-05.txt) as Informational RFC This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-multi-provider-dnssec/ Technical Summary The draft documents operational models for deploying DNSSEC signed zones across multiple DNS providers to distribute their authoritative DNS service. It presents challenges depending on the configuration and feature set in use, and presents several deployment models that may be suitable. Working Group Summary The document has been reviewed and discussed on the DNSOP mailing list and during DNSOP workgroup meetings. Contributions were done by a relative small number of interested folks, feedback by the WG was promptly integrated in the document. No points of difficulty or controversy appeared and consensus was quick. There has been good consensus during the WGLC period. External parties (DNS zone owners and DNS providers) have architected the DNSSEC multi-provider model in their operations and use it in their daily job (e.g., see DNSOP mailing list, email thread “[DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec”.) Document Quality The document is of good quality, and describes a real issue and (real world) operational advice on how to deal with this. The security section mentions the need for strong authentication to protect DNSSEC key material, but although the usefulness of the warning, this is beyond the scope of the document. The document shepherd has no specific concerns or issues with the document or with the WG process. The shepherd stands behind the document and thinks the document is ready for publication. Personnel Document Shepherd: Benno Overeinder Area Director: Warren Kumari