IETF Logo Mail Archive

[DNSOP] DNSSEC as a Best Current Practice

Paul Hoffman <paul.hoffman@icann.org> Sun, 20 March 2022 00:13 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABD273A184D for <dnsop@ietfa.amsl.com>; Sat, 19 Mar 2022 17:13:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wS9mphAkYM4G for <dnsop@ietfa.amsl.com>; Sat, 19 Mar 2022 17:13:37 -0700 (PDT)
Received: from ppa5.dc.icann.org (ppa5.dc.icann.org [192.0.46.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5832E3A184C for <dnsop@ietf.org>; Sat, 19 Mar 2022 17:13:36 -0700 (PDT)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa5.dc.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 22K0DXMU021134 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Sun, 20 Mar 2022 00:13:33 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Sat, 19 Mar 2022 17:13:32 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0986.022; Sat, 19 Mar 2022 17:13:32 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: dnsop WG <dnsop@ietf.org>
Thread-Topic: DNSSEC as a Best Current Practice
Thread-Index: AQHYO+9Vfk7vlIHMgESWa6wcFCo+0Q==
Date: Sun, 20 Mar 2022 00:13:32 +0000
Message-ID: <DB3D832F-EA02-4F6C-ACAD-1A99E60425BF@icann.org>
References: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org>
In-Reply-To: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_60E51323-2AB2-4FD6-8CF9-B34F8C116577"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-19_11:2022-03-15, 2022-03-19 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zAGOUtimZmlO6CpAZxOKaJXgeoM>
Subject: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2022 00:13:43 -0000

As a follow-up to the thread last week, I created a fairly short draft that describes DNSSEC in a single document and calls it a BCP. See:
   https://datatracker.ietf.org/doc/draft-hoffman-dnssec/

Based on the list discussion, I spoke with Warren about the idea of a short-lived separate WG for this effort. He said (quite correctly) that doing so would be a hard sell to the IESG, and thought that I should just propose that it be adopted here in DNSOP when the adoption window opens again.

In the meantime, anyone interested can make suggestions on how to improve the draft so that it is nice and shiny when it come to the WG for adoption. I have listed a GitHub repo in the abstract, and can take issues and pull requests; you can also just send me email. I'll rev the draft often based on what I hear.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email