[DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-13.txt
internet-drafts@ietf.org Fri, 09 October 2020 21:12 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A25A3A0D25; Fri, 9 Oct 2020 14:12:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.19.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: dnsop@ietf.org
Message-ID: <160227796406.11130.1760689518335456003@ietfa.amsl.com>
Date: Fri, 09 Oct 2020 14:12:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hGO8_2vGSYVOURYFjBDK3Zeiq6Y>
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-13.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2020 21:12:44 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Message Digest for DNS Zones
Authors : Duane Wessels
Piet Barber
Matt Weinberg
Warren Kumari
Wes Hardaker
Filename : draft-ietf-dnsop-dns-zone-digest-13.txt
Pages : 38
Date : 2020-10-09
Abstract:
This document describes a protocol and new DNS Resource Record that
provides a cryptographic message digest over DNS zone data at rest.
The ZONEMD Resource Record conveys the digest data in the zone
itself. When used in combination with DNSSEC, ZONEMD allows
recipients to verify the zone contents for data integrity and origin
authenticity. This provides assurance that received zone data
matches published data, regardless of how the zone data has been
transmitted and received. When used without DNSSEC, ZONEMD functions
as a checksum, guarding only against unintentional changes.
ZONEMD does not replace DNSSEC. Whereas DNSSEC protects individual
RRSets (DNS data with fine granularity), ZONEMD protects a zone's
data as a whole, whether consumed by authoritative name servers,
recursive name servers, or any other applications.
As specified herein, ZONEMD is impractical for large, dynamic zones
due to the time and resources required for digest calculation.
However, The ZONEMD record is extensible so that new digest schemes
may be added in the future to support large, dynamic zones.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-13
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-zone-digest-13
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-zone-digest-13
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-dig… internet-drafts