[DNSOP] draft-fanf-dnsop-trust-anchor-witnesses-00.txt
Tony Finch <dot@dotat.at> Thu, 13 February 2014 20:56 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D079B1A045B for <dnsop@ietfa.amsl.com>; Thu, 13 Feb 2014 12:56:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OliSga2yMUQ for <dnsop@ietfa.amsl.com>; Thu, 13 Feb 2014 12:56:45 -0800 (PST)
Received: from ppsw-32.csi.cam.ac.uk (ppsw-32.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f32]) by ietfa.amsl.com (Postfix) with ESMTP id 935601A04CC for <dnsop@ietf.org>; Thu, 13 Feb 2014 12:56:27 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:59709) by ppsw-32.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:25) with esmtpa (EXTERNAL:fanf2) id 1WE3Kb-0000Hq-1h (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 13 Feb 2014 20:56:25 +0000
Received: from fanf2 by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1WE3Kb-0005mT-Fd (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 13 Feb 2014 20:56:25 +0000
Date: Thu, 13 Feb 2014 20:56:25 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: dnsop@ietf.org
Message-ID: <alpine.LSU.2.00.1402132050440.18502@hermes-1.csi.cam.ac.uk>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/EXspj6PJyE8DllvhO9fc-U1uttk
Cc: Tony Finch <dot@dotat.at>
Subject: [DNSOP] draft-fanf-dnsop-trust-anchor-witnesses-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 20:56:49 -0000
There was some discussion last month about dispersing trust in the root. http://www.ietf.org/mail-archive/web/dnsop/current/msg10977.html This inspired me to write up a concrete proposal for the quorum-of-witnesses idea that I have vaguely suggested several times over the last few years. All thoughts / suggestions / criticisms welcomed. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. ---------- Forwarded message ---------- Date: Thu, 13 Feb 2014 12:50:35 -0800 From: internet-drafts@ietf.org To: Tony Finch <dot@dotat.at>, Tony Finch <dot@dotat.at> Subject: New Version Notification for draft-fanf-dnsop-trust-anchor-witnesses-00.txt A new version of I-D, draft-fanf-dnsop-trust-anchor-witnesses-00.txt has been successfully submitted by Tony Finch and posted to the IETF repository. Name: draft-fanf-dnsop-trust-anchor-witnesses Revision: 00 Title: The WS resource record: dispersing trust in the DNSSEC root keys Document date: 2014-02-13 Group: Individual Submission Pages: 11 URL: http://www.ietf.org/internet-drafts/draft-fanf-dnsop-trust-anchor-witnesses-00.txt Status: https://datatracker.ietf.org/doc/draft-fanf-dnsop-trust-anchor-witnesses/ Htmlized: http://tools.ietf.org/html/draft-fanf-dnsop-trust-anchor-witnesses-00 Abstract: At the moment the root DNSSEC key is a single point of trust and a single point of failure for the whole system. This memo describes a mechanism for dispersing trust in the root key. Witnesses vouch for the root trust anchor by publishing WS records in the DNS. Validators only update their root trust anchors if multiple witnesses agree. The root-witnesses.arpa zone enables a validator to bootstrap trust when it has no working trust anchors other than its witnesses. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Tony Finch
- [DNSOP] draft-fanf-dnsop-trust-anchor-witnesses-0… Tony Finch
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Matthäus Wander
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Joe Abley
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Joe Abley
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Tony Finch
- Re: [DNSOP] draft-fanf-dnsop-trust-anchor-witness… Tony Finch