[DNSOP]Protocol Action: 'Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator' to Proposed Standard (draft-ietf-dnsop-dnssec-bootstrapping-11.txt)
The IESG <iesg-secretary@ietf.org> Tue, 28 May 2024 21:09 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 64ABBC1E0D97; Tue, 28 May 2024 14:09:29 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.13.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <171693056940.11067.17439045597661500673@ietfa.amsl.com>
Date: Tue, 28 May 2024 14:09:29 -0700
Message-ID-Hash: OBRKREIMS6VVU2HROMWJ6UUEWJKJQQ2H
X-Message-ID-Hash: OBRKREIMS6VVU2HROMWJ6UUEWJKJQQ2H
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-dnssec-bootstrapping@ietf.org, rfc-editor@rfc-editor.org, tjw.ietf@gmail.com
X-Mailman-Version: 3.3.9rc4
Subject: [DNSOP]Protocol Action: 'Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator' to Proposed Standard (draft-ietf-dnsop-dnssec-bootstrapping-11.txt)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HkxRWYaScb9EOgkBPm0p0hujc5U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
The IESG has approved the following document: - 'Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator' (draft-ietf-dnsop-dnssec-bootstrapping-11.txt) as Proposed Standard This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari and Mahesh Jethanandani. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/ Technical Summary This document introduces an in-band method for DNS operators to publish arbitrary information about the zones they are authoritative for, in an authenticated fashion and on a per-zone basis. The mechanism allows managed DNS operators to securely announce DNSSEC key parameters for zones under their management, including for zones that are not currently securely delegated. Whenever DS records are absent for a zone's delegation, this signal enables the parent's registry or registrar to cryptographically validate the CDS/CDNSKEY records found at the child's apex. The parent can then provision DS records for the delegation without resorting to out-of-band validation or weaker types of cross-checks such as "Accept after Delay". This document deprecates the DS enrollment methods described in Section 3 of RFC 8078 in favor of Section 4 of this document, and also updates RFC 7344. Working Group Summary The working group consensus was strong, and work was done to improve the examples and the implementation section. Document Quality Document quality is good - implementations exist and are documented, and testing has been done to confirm interoperability. Personnel Tim Wicinski is DS. Warren "Ace" Kumari is RAD!!!!!!!1!!11!