Protocol Action: 'Secret Key Transaction Authentication for DNS (TSIG)' to Internet Standard (draft-ietf-dnsop-rfc2845bis-09.txt)
The IESG <iesg-secretary@ietf.org> Fri, 10 July 2020 19:49 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC293A0966; Fri, 10 Jul 2020 12:49:26 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Secret Key Transaction Authentication for DNS (TSIG)' to Internet Standard (draft-ietf-dnsop-rfc2845bis-09.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 7.7.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: draft-ietf-dnsop-rfc2845bis@ietf.org, dnsop@ietf.org, warren@kumari.net, rfc-editor@rfc-editor.org, benno@NLnetLabs.nl, The IESG <iesg@ietf.org>, dnsop-chairs@ietf.org, Benno Overeinder <benno@NLnetLabs.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <159441056674.19370.4683157794333256678@ietfa.amsl.com>
Date: Fri, 10 Jul 2020 12:49:26 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/4KUVAgvqrsLQeKjnqWrnhdYFR74>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 19:49:30 -0000
The IESG has approved the following document: - 'Secret Key Transaction Authentication for DNS (TSIG)' (draft-ietf-dnsop-rfc2845bis-09.txt) as Internet Standard This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc2845bis/ Technical Summary This document describes a protocol for DNS for transaction level authentication using shared secrets and one way hashing. It can be used to authenticate dynamic DNS updates as coming from an approved client, or to authenticate responses as coming from an approved DNS name server. No recommendation is made here for distributing the shared secrets: it is expected that a network administrator will statically configure name servers and clients using some out of band mechanism. The draft obsoletes RFC2845 and RFC4635. Working Group Summary The draft updates RFC2845, because due to some ambiguity in the wording of the document, different implementations made decisions that caused operational problems, see also Section 1.3. The draft was swiftly adopted to become a DNSOP WG document. After WG adoption, the authors of the original RFC2845 have also been added to the author list. The WG stated that the document was not just an errata, but a bis, so the document could improve the readability and wording of the protocol specification. Document Quality A recent implementation of RFC2845 used the rfc2845bis draft to implement TSIG. The new draft document is much clearer and offers better implementation guidance than the original. RFC2845 is implemented by all known open source DNS name servers and, as far as the shepherd knows, all commercial DNS name servers (not knowing for proprietary name servers). The implementer (Martin Hoffmann, NLnet Labs) has provided good feedback to improve the text of the rfc2845bis draft and to reorganize some sections. Other feedback from the working group has also been processed. Personnel Document Shepherd: Benno Overeinder Responsible Area Director: Warren Kumari