[DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt

internet-drafts@ietf.org Fri, 17 June 2022 10:06 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EED0C15AAF6; Fri, 17 Jun 2022 03:06:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dnsop@ietf.org
Message-ID: <165546037411.59869.5581408796512743719@ietfa.amsl.com>
Date: Fri, 17 Jun 2022 03:06:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FJK71K4kTLIFl7RCrmA0OX0vCp8>
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2022 10:06:14 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.

        Title           : Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator
        Authors         : Peter Thomassen
                          Nils Wisiol
	Filename        : draft-ietf-dnsop-dnssec-bootstrapping-01.txt
	Pages           : 14
	Date            : 2022-06-17

Abstract:
   This document introduces an in-band method for DNS operators to
   publish arbitrary information about the zones they are authoritative
   for, in an authenticated fashion and on a per-zone basis.  The
   mechanism allows managed DNS operators to securely announce DNSSEC
   key parameters for zones under their management, including for zones
   that are not currently securely delegated.

   Whenever DS records are absent for a zone's delegation, this signal
   enables the parent's registry or registrar to cryptographically
   validate the CDS/CDNSKEY records found at the child's apex.  The
   parent can then provision DS records for the delegation without
   resorting to out-of-band validation or weaker types of cross-checks
   such as "Accept after Delay" ([RFC8078]).

   This document updates [RFC8078] and replaces its Section 3 with
   Section 3.2 of this document.

   [ Ed note: This document is being collaborated on at
   https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/
   (https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/).
   The authors gratefully accept pull requests. ]


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-01.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dnssec-bootstrapping-01


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts