[DNSOP] Last Call: <draft-ietf-dnsop-dnssec-bootstrapping-08.txt> (Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Fri, 12 April 2024 17:51 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E9E5C151069; Fri, 12 Apr 2024 10:51:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.10.0
Auto-Submitted: auto-generated
Precedence: bulk
CC: dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-dnssec-bootstrapping@ietf.org, tjw.ietf@gmail.com, warren@kumari.net
Reply-To: last-call@ietf.org
Sender: iesg-secretary@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <171294431604.62566.16430469439059230295@ietfa.amsl.com>
Date: Fri, 12 Apr 2024 10:51:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8Ck0Slm3toPOuU1rqSPhQJY9wsI>
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-dnssec-bootstrapping-08.txt> (Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 17:51:56 -0000
The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator' <draft-ietf-dnsop-dnssec-bootstrapping-08.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-04-26. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document introduces an in-band method for DNS operators to publish arbitrary information about the zones they are authoritative for, in an authenticated fashion and on a per-zone basis. The mechanism allows managed DNS operators to securely announce DNSSEC key parameters for zones under their management, including for zones that are not currently securely delegated. Whenever DS records are absent for a zone's delegation, this signal enables the parent's registry or registrar to cryptographically validate the CDS/CDNSKEY records found at the child's apex. The parent can then provision DS records for the delegation without resorting to out-of-band validation or weaker types of cross-checks such as "Accept after Delay". This document deprecates the DS enrollment methods described in Section 3 of RFC 8078 in favor of Section 4 of this document, and also updates RFC 7344. [ Ed note: This document is being collaborated on at https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/ (https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/). The authors gratefully accept pull requests. ] The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/ No IPR declarations have been submitted directly on this I-D.