[DNSOP] Last Call: <draft-ietf-dnsop-rfc2845bis-06.txt> (Secret Key Transaction Authentication for DNS (TSIG)) to Internet Standard

The IESG <iesg-secretary@ietf.org> Tue, 07 January 2020 22:21 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 265C8120025; Tue, 7 Jan 2020 14:21:01 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.115.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
CC: dnsop-chairs@ietf.org, warren@kumari.net, dnsop@ietf.org, benno@NLnetLabs.nl, Benno Overeinder <benno@NLnetLabs.nl>, draft-ietf-dnsop-rfc2845bis@ietf.org
Content-Transfer-Encoding: 7bit
Reply-To: last-call@ietf.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157843566112.20859.13522851612546893374.idtracker@ietfa.amsl.com>
Date: Tue, 07 Jan 2020 14:21:01 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eXA7pVL2B6zgKJAjoPQUttvDwGA>
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-rfc2845bis-06.txt> (Secret Key Transaction Authentication for DNS (TSIG)) to Internet Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 22:21:01 -0000

[ Note to readers: Section 10.1 ("Issue Fixed in this Document") is useful to understand the reason for this document. I'm asking the authors to please put a pointer (or similar) to this in the abstract. ]

The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document: - 'Secret Key Transaction
Authentication for DNS (TSIG)'
  <draft-ietf-dnsop-rfc2845bis-06.txt> as Internet Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-01-21. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.


   This document describes a protocol for transaction level
   authentication using shared secrets and one way hashing.  It can be
   used to authenticate dynamic updates as coming from an approved
   client, or to authenticate responses as coming from an approved name

   No recommendation is made here for distributing the shared secrets:
   it is expected that a network administrator will statically configure
   name servers and clients using some out of band mechanism.

   This document obsoletes RFC2845 and RFC4635.

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.

The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc4635: HMAC SHA (Hashed Message Authentication Code, Secure Hash Algorithm) TSIG Algorithm Identifiers (Proposed Standard - IETF stream)
    rfc2845: Secret Key Transaction Authentication for DNS (TSIG) (Proposed Standard - IETF stream)
    rfc3597: Handling of Unknown DNS Resource Record (RR) Types (Proposed Standard - IETF stream)