[DNSOP] Fwd: New Version Notification for draft-thomassen-dnsop-cds-consistency-00.txt

Peter Thomassen <peter@desec.io> Sat, 09 July 2022 11:38 UTC

Return-Path: <peter@desec.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D450C157B50 for <dnsop@ietfa.amsl.com>; Sat, 9 Jul 2022 04:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ku_hxMfUYR6p for <dnsop@ietfa.amsl.com>; Sat, 9 Jul 2022 04:38:53 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01F8FC157B47 for <dnsop@ietf.org>; Sat, 9 Jul 2022 04:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:From:To: References:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=4C7vvJPWAa266diqeBUUcmOo3xNDqmOiV+JGa71SFgQ=; b=HRI+ZZxteBeOdNyTVULMdZtTdl 0usb24RSA/xoRWAMBPakIcMk0riSNSo+cyVMu6bWZ9WRnvrOcWcGTXPqgiWqMNxPOfQBlS7pTZizH DgYCCG0/WZAwq1L8JyPRNULayw2tGkIl2/I3DuVrn3lgniJ8nWFm5ikw/zLoZlRPa/EOHb5LlBZEf Rdw4lvzCPlp3NcvF0msyUozseQGcZzswxeR7cEbxLLoaKmpMvGiLWaA+I3H47PbJ+0iua9rjNFUw2 +0qSHbBQiUGYnHTdKljOUgzS79Wl+jmq8V6uXtEPvJ30h0dzjgIvntlK6eEUJ4pqjotGD/GfmHPW3 g2MoyJGA==;
Received: from ip-109-43-51-155.web.vodafone.de ([109.43.51.155] helo=[192.168.132.245]) by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <peter@desec.io>) id 1oA8nS-00046j-B2 for dnsop@ietf.org; Sat, 09 Jul 2022 13:38:50 +0200
Message-ID: <55dd4f53-e99d-54a8-5c5b-91deb169f420@desec.io>
Date: Sat, 09 Jul 2022 13:38:48 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
References: <165736660688.39096.7309443696804307487@ietfa.amsl.com>
Content-Language: en-US
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <165736660688.39096.7309443696804307487@ietfa.amsl.com>
X-Forwarded-Message-Id: <165736660688.39096.7309443696804307487@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/phanBfU6Ch2OAaZiyvXljMSMz9Q>
Subject: [DNSOP] Fwd: New Version Notification for draft-thomassen-dnsop-cds-consistency-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2022 11:38:57 -0000

Dear DNSOP,

As discussed in https://mailarchive.ietf.org/arch/msg/dnsop/nQQsixIT5cXFukBq4Ky67mCniAk/, I wrote a short I-D to update RFC 7344 such that CDS/CDNSKEY consistency is mandatory across authoritative nameservers. The result is below.

Looking forward to your feedback.

Cheers,
Peter


-------- Forwarded Message --------
Subject: New Version Notification for draft-thomassen-dnsop-cds-consistency-00.txt
Date: Sat, 09 Jul 2022 04:36:46 -0700
From: internet-drafts@ietf.org
To: Peter Thomassen <peter@desec.io>


A new version of I-D, draft-thomassen-dnsop-cds-consistency-00.txt
has been successfully submitted by Peter Thomassen and posted to the
IETF repository.

Name:		draft-thomassen-dnsop-cds-consistency
Revision:	00
Title:		Ensuring CDS/CDNSKEY Consistency is Mandatory
Document date:	2022-07-09
Group:		Individual Submission
Pages:		5
URL:            https://www.ietf.org/archive/id/draft-thomassen-dnsop-cds-consistency-00.txt
Status:         https://datatracker.ietf.org/doc/draft-thomassen-dnsop-cds-consistency/
Html:           https://www.ietf.org/archive/id/draft-thomassen-dnsop-cds-consistency-00.html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-thomassen-dnsop-cds-consistency


Abstract:
    For maintaining DNSSEC Delegation Trust, DS records have to be kept
    up to date.  [RFC7344] automates this by having the child publish CDS
    and/or CDNSKEY records which hold the prospective DS parameters.
    Parent-side entities (e.g.  Registries, Registrars) can use these
    records to update the delegation's DS records.  A common method for
    detecting changes in CDS/CDNSKEY record sets is to query them
    periodically from the child zone ("polling"), as described in
    Section 6.1 of [RFC7344].

    This document specifies that if polling is used, parent-side entities
    MUST ensure that CDS/CDNSKEY record sets are equivalent across all of
    the child's authoritative nameservers, before taking any action based
    on these records.

                                                                                   


The IETF Secretariat