[DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-04.txt
internet-drafts@ietf.org Mon, 01 May 2023 09:35 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB5EC1527A0; Mon, 1 May 2023 02:35:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dnsop@ietf.org
Message-ID: <168293374496.49318.4062392230933549370@ietfa.amsl.com>
Date: Mon, 01 May 2023 02:35:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EeopG7H6raEhw8dZHMPzon3C9Mg>
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 09:35:45 -0000
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Domain Name System
Operations (DNSOP) WG of the IETF.
Title : Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator
Authors : Peter Thomassen
Nils Wisiol
Filename : draft-ietf-dnsop-dnssec-bootstrapping-04.txt
Pages : 16
Date : 2023-05-01
Abstract:
This document introduces an in-band method for DNS operators to
publish arbitrary information about the zones they are authoritative
for, in an authenticated fashion and on a per-zone basis. The
mechanism allows managed DNS operators to securely announce DNSSEC
key parameters for zones under their management, including for zones
that are not currently securely delegated.
Whenever DS records are absent for a zone's delegation, this signal
enables the parent's registry or registrar to cryptographically
validate the CDS/CDNSKEY records found at the child's apex. The
parent can then provision DS records for the delegation without
resorting to out-of-band validation or weaker types of cross-checks
such as "Accept after Delay" ([RFC8078]).
This document deprecates the DS enrollment methods described in
Section 3 of [RFC8078] in favor of Section 3 of this document.
[ Ed note: This document is being collaborated on at
https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/
(https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/)
The authors gratefully accept pull requests. ]
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-04.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-dnssec-bootstrapping-04
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-boots… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Tim Wicinski