[DNSOP] Protocol Action: 'A Root Key Trust Anchor Sentinel for DNSSEC' to Proposed Standard (draft-ietf-dnsop-kskroll-sentinel-17.txt)
The IESG <iesg-secretary@ietf.org> Mon, 05 November 2018 07:01 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 89E58130DEB; Sun, 4 Nov 2018 23:01:26 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.87.3
Auto-Submitted: auto-generated
Precedence: bulk
Cc: tjw.ietf@gmail.com, The IESG <iesg@ietf.org>, rfc-editor@rfc-editor.org, dnsop-chairs@ietf.org, Benno Overeinder <benno@NLnetLabs.nl>, dnsop@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, terry.manderson@icann.org, draft-ietf-dnsop-kskroll-sentinel@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <154140128654.26498.9807232139343438586.idtracker@ietfa.amsl.com>
Date: Sun, 04 Nov 2018 23:01:26 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4Y28lAP8Rx2JkGe-gqfAXjeJlKg>
Subject: [DNSOP] Protocol Action: 'A Root Key Trust Anchor Sentinel for DNSSEC' to Proposed Standard (draft-ietf-dnsop-kskroll-sentinel-17.txt)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 07:01:29 -0000
The IESG has approved the following document: - 'A Root Key Trust Anchor Sentinel for DNSSEC' (draft-ietf-dnsop-kskroll-sentinel-17.txt) as Proposed Standard This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari, Ignas Bagdonas and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ Technical Summary The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key. Working Group Summary This document has had a short history, and came about while working with ICANN on the KSK rollover process, as a way to assist tracking the addition and removal of DNSSEC keys. Document Quality There are two different implementations of the design. Personnel Document Shepherd: Tim Wicinski Responsible Area Director: Terry Manderson