IETF Logo Mail Archive

[DNSOP] RFC 8901 on Multi-Signer DNSSEC Models

rfc-editor@rfc-editor.org Thu, 24 September 2020 21:43 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7B73A12F2; Thu, 24 Sep 2020 14:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MS450IPPp7UA; Thu, 24 Sep 2020 14:43:09 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2E5C3A12E7; Thu, 24 Sep 2020 14:43:09 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 2106AF4077D; Thu, 24 Sep 2020 14:43:00 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
X-PHP-Originating-Script: 1005:ams_util_lib.php
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, dnsop@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20200924214300.2106AF4077D@rfc-editor.org>
Date: Thu, 24 Sep 2020 14:43:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VtXONGnwUe8mH4fFgQTl6GPTaPE>
Subject: [DNSOP] RFC 8901 on Multi-Signer DNSSEC Models
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2020 21:43:12 -0000

A new Request for Comments is now available in online RFC libraries.

        
        RFC 8901

        Title:      Multi-Signer DNSSEC Models 
        Author:     S. Huque, 
                    P. Aras,
                    J. Dickinson,
                    J. Vcelak,
                    D. Blacka
        Status:     Informational
        Stream:     IETF
        Date:       September 2020
        Mailbox:    shuque@gmail.com, 
                    paras@salesforce.com, 
                    jad@sinodun.com,
                    jvcelak@ns1.com, 
                    davidb@verisign.com
        Pages:      13
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-dnsop-multi-provider-dnssec-05.txt

        URL:        https://www.rfc-editor.org/info/rfc8901

        DOI:        10.17487/RFC8901

Many enterprises today employ the service of multiple DNS providers
to distribute their authoritative DNS service. Deploying DNSSEC in
such an environment may present some challenges, depending on the
configuration and feature set in use. In particular, when each DNS
provider independently signs zone data with their own keys,
additional key-management mechanisms are necessary. This document
presents deployment models that accommodate this scenario and
describes these key-management requirements. These models do not
require any changes to the behavior of validating resolvers, nor do
they impose the new key-management requirements on authoritative
servers not involved in multi-signer configurations.

This document is a product of the Domain Name System Operations Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

v2.23.0 | Report a Bug | By Email