[DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt
internet-drafts@ietf.org Fri, 17 June 2022 10:06 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EED0C15AAF6; Fri, 17 Jun 2022 03:06:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dnsop@ietf.org
Message-ID: <165546037411.59869.5581408796512743719@ietfa.amsl.com>
Date: Fri, 17 Jun 2022 03:06:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FJK71K4kTLIFl7RCrmA0OX0vCp8>
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2022 10:06:14 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator
Authors : Peter Thomassen
Nils Wisiol
Filename : draft-ietf-dnsop-dnssec-bootstrapping-01.txt
Pages : 14
Date : 2022-06-17
Abstract:
This document introduces an in-band method for DNS operators to
publish arbitrary information about the zones they are authoritative
for, in an authenticated fashion and on a per-zone basis. The
mechanism allows managed DNS operators to securely announce DNSSEC
key parameters for zones under their management, including for zones
that are not currently securely delegated.
Whenever DS records are absent for a zone's delegation, this signal
enables the parent's registry or registrar to cryptographically
validate the CDS/CDNSKEY records found at the child's apex. The
parent can then provision DS records for the delegation without
resorting to out-of-band validation or weaker types of cross-checks
such as "Accept after Delay" ([RFC8078]).
This document updates [RFC8078] and replaces its Section 3 with
Section 3.2 of this document.
[ Ed note: This document is being collaborated on at
https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/
(https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/).
The authors gratefully accept pull requests. ]
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-01.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dnssec-bootstrapping-01
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-boots… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… libor.peltan
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… John Levine
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-b… Peter Thomassen
- Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-dn… Paul Hoffman