[DNSOP] Last Call: <draft-ietf-dnsop-nsec-aggressiveuse-08.txt> (Aggressive use of DNSSEC-validated Cache) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Mon, 13 March 2017 15:52 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <148942036413.16927.5267467492945818526.idtracker@ietfa.amsl.com>
Date: Mon, 13 Mar 2017 08:52:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JCFbuObGzo2whFHY1xU4lYzHTy0>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, joelja@gmail.com, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-nsec-aggressiveuse@ietf.org
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-nsec-aggressiveuse-08.txt> (Aggressive use of DNSSEC-validated Cache) to Proposed Standard
Reply-To: ietf@ietf.org

The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document:
- 'Aggressive use of DNSSEC-validated Cache'
<draft-ietf-dnsop-nsec-aggressiveuse-08.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-03-27. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract

The DNS relies upon caching to scale; however, the cache lookup
generally requires an exact match. This document specifies the use
of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers
to generate negative answers within a range, and positive answers
from wildcards. This increases performance / decreases latency,
decreases resource utilization on both authoritative and recursive
servers, and also increases privacy. It may also help increase
resilience to certain DoS attacks in some circumstances.

This document updates RFC4035 by allowing validating resolvers to
generate negative answers based upon NSEC/NSEC3 records (and positive
answers in the presence of wildcards).

[ Ed note: Text inside square brackets ([]) is additional background
information, answers to frequently asked questions, general musings,
etc. They will be removed before publication.This document is being
collaborated on in Github at: https://github.com/wkumari/draft-ietf-
dnsop-nsec-aggressiveuse. The most recent version of the document,
open issues, etc should all be available here. The authors
(gratefully) accept pull requests.]

The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ballot/

No IPR declarations have been submitted directly on this I-D.

The document contains these normative downward references.
See RFC 3967 for additional information:
rfc6982: Improving Awareness of Running Code: The Implementation Status Section (Experimental - IETF stream)
draft-fujiwara-dnsop-nsec-aggressiveuse: Aggressive use of NSEC/NSEC3 (None - IETF stream)
rfc7129: Authenticated Denial of Existence in the DNS (Informational - Independent Submission Editor stream)
rfc7719: DNS Terminology (Informational - IETF stream)
Note that some of these references may already be listed in the acceptable Downref Registry.

[DNSOP] Last Call: <draft-ietf-dnsop-nsec-aggress… The IESG