Protocol Action: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 10 October 2000 19:11 UTC
Received: from loki.ietf.org (loki [10.27.2.29]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11105; Tue, 10 Oct 2000 15:11:10 -0400 (EDT)
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id PAA00707 for ietf-123-outbound.10@ietf.org; Tue, 10 Oct 2000 15:05:01 -0400 (EDT)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id OAA00636 for <all-ietf@loki.ietf.org>; Tue, 10 Oct 2000 14:51:50 -0400 (EDT)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10587; Tue, 10 Oct 2000 14:51:48 -0400 (EDT)
Message-Id: <200010101851.OAA10587@ietf.org>
To: IETF-Announce:;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: namedroppers@ops.ietf.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard
Date: Tue, 10 Oct 2000 14:51:48 -0400
Sender: scoya@cnri.reston.va.us
The IESG has approved the following Internet-Drafts as Proposed Standards: Simple Secure Domain Name System (DNS) Dynamic Update <draft-ietf-dnsext-simple-secure-update-02.txt>, obsoleting RFC2137. Domain Name System Security (DNSSEC) Signing Authority <draft-ietf-dnsext-signing-auth-02.txt>, updating RFC2535. These documents are the product of the DNS Extensions Working Group. The IESG contact persons are Erik Nordmark and Thomas Narten. Technical Summary The first document specifies a method for performing secure Domain Name System (DNS) dynamic updates. The method described is intended to be flexible and useful while requiring as few changes to the protocol as possible. The authentication of the dynamic update message is separate from later DNSSEC validation of the data. Secure communication based on authenticated requests and transactions is used to provide authorization. The second document specifies a revised model of Domain Name System Security (DNSSEC) Signing Authority. The revised model is designed to clarify earlier documents and add additional restrictions to simplify the secure resolution process. Specifically, this affects the authorization of keys to sign sets of records. Working Group Summary There was WG consensus to advance these documents. Protocol Quality The specifications have been reviewed for the IESG by Erik Nordmark.