[DNSSEC-Bootstrapping] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt
Peter Thomassen <peter@desec.io> Tue, 26 October 2021 11:14 UTC
Return-Path: <peter@desec.io>
X-Original-To: dnssec-bootstrapping@ietfa.amsl.com
Delivered-To: dnssec-bootstrapping@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC5563A0F4A; Tue, 26 Oct 2021 04:14:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZDNchMmjeYJ; Tue, 26 Oct 2021 04:14:29 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 196643A0F3A; Tue, 26 Oct 2021 04:14:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:Subject:From:To:References:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=P0dl1mOZINMlj2I1gf5kgaplMG3HMmX9ffS6AntMCWU=; b=Z+EP05zkCVFX0mWZCmJEneQI++ GME9Nl/N5szDKaBxPy8XR8S28dS+Gh0VzQU/kdcPpxY1cLeitqrh8dkXRKuCdghEsHldSxj7ErEhi qWc1DiEYLJ6JxE0wZPpiEIurrkemHDkNGWJiQJGtxFgkeiWbZ8KOkyXnHgScorjZWwM5QF5BG6jsP qdZRgOpvnWwhP+7wjHuJS2xPWsvOaKxiTEv10+iYZyKAfo/WRFdcsbNeul9561v9UtXWoVpharR3V j0NLj6P+QrQVsnuvMFPKnaj4nGSuqnBqc8IWIaKuxZv94gmOVV01OIzm0Z3qAcDPacdVuw+U4c/Vx rswWAIAg==;
Received: from [213.61.118.178] (helo=[192.168.188.94]) by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <peter@desec.io>) id 1mfKPS-0001nI-Ii; Tue, 26 Oct 2021 13:14:26 +0200
References: <163520620129.17275.16274772439094875607@ietfa.amsl.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>, dnssec-bootstrapping@ietf.org
From: Peter Thomassen <peter@desec.io>
X-Forwarded-Message-Id: <163520620129.17275.16274772439094875607@ietfa.amsl.com>
Message-ID: <91154628-0ca3-15d8-c6bd-b71232b2e64b@desec.io>
Date: Tue, 26 Oct 2021 13:14:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <163520620129.17275.16274772439094875607@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssec-bootstrapping/ZZuVfD9ifHMrTLI3kR-ddaEPOlE>
Subject: [DNSSEC-Bootstrapping] Fwd: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt
X-BeenThere: dnssec-bootstrapping@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Authenticated Bootstrapping of DNSSEC Delegations <dnssec-bootstrapping.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssec-bootstrapping>, <mailto:dnssec-bootstrapping-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssec-bootstrapping/>
List-Post: <mailto:dnssec-bootstrapping@ietf.org>
List-Help: <mailto:dnssec-bootstrapping-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssec-bootstrapping>, <mailto:dnssec-bootstrapping-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 11:14:34 -0000
Dear DNSOP and DNSSEC bootstrapping aficionados, This draft introduces automatic bootstrapping of DNSSEC delegations. It uses an in-band method for DNS operators to publish information about the zones they host, per-zone and with authentication. With this protocol, DS provisioning can happen securely and without delay. We requested a slot at IETF 112 to present the draft, and it would be great to have some discussions about it then. We'd also like to work towards adoption in the WG if there is interest. There are no technical changes from the previous version -01. Updates are exclusively on clarity, framing (as an RFC 8078 authentication method instead of a separate protocol), and otherwise editorial. Thanks, Peter -------- Forwarded Message -------- Subject: New Version Notification for draft-thomassen-dnsop-dnssec-bootstrapping-02.txt Date: Mon, 25 Oct 2021 16:56:41 -0700 From: internet-drafts@ietf.org To: Nils Wisiol <nils@desec.io>, Peter Thomassen <peter@desec.io> A new version of I-D, draft-thomassen-dnsop-dnssec-bootstrapping-02.txt has been successfully submitted by Peter Thomassen and posted to the IETF repository. Name: draft-thomassen-dnsop-dnssec-bootstrapping Revision: 02 Title: Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator Document date: 2021-10-25 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/archive/id/draft-thomassen-dnsop-dnssec-bootstrapping-02.txt Status: https://datatracker.ietf.org/doc/draft-thomassen-dnsop-dnssec-bootstrapping/ Html: https://www.ietf.org/archive/id/draft-thomassen-dnsop-dnssec-bootstrapping-02.html Htmlized: https://datatracker.ietf.org/doc/html/draft-thomassen-dnsop-dnssec-bootstrapping Diff: https://www.ietf.org/rfcdiff?url2=draft-thomassen-dnsop-dnssec-bootstrapping-02 Abstract: This document introduces an in-band method for DNS operators to publish arbitrary information about the zones they are authoritative for, in an authenticated fashion and on a per-zone basis. The mechanism allows managed DNS operators to securely announce DNSSEC key parameters for zones under their management, including for zones that are not currently securely delegated. Whenever DS records are absent for a zone's delegation, this signal enables the parent's registry or registrar to cryptographically validate the CDS/CDNSKEY records found at the child's apex. The parent can then provision DS records for the delegation without resorting to out-of-band validation or weaker types of cross-checks such as "Accept after Delay" ([RFC8078]). [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication. This document is being collaborated on at https://github.com/desec-io/draft-thomassen- dnsop-dnssec-bootstrapping/ (https://github.com/desec-io/draft- thomassen-dnsop-dnssec-bootstrapping/). The most recent version of the document, open issues, etc. should all be available there. The authors gratefully accept pull requests. ] The IETF Secretariat
- [DNSSEC-Bootstrapping] Fwd: New Version Notificat… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Nils Wisiol
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Paul Wouters
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Christian Elmerot
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Peter Thomassen
- Re: [DNSSEC-Bootstrapping] [DNSOP] Fwd: New Versi… Bob Harold