Protocol Action: 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 06 March 2006 20:48 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FGMd4-0008GY-IH; Mon, 06 Mar 2006 15:48:30 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FGMd2-0008GI-MO; Mon, 06 Mar 2006 15:48:28 -0500
Received: from [156.154.16.129] (helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FGMd2-00017T-Kg; Mon, 06 Mar 2006 15:48:28 -0500
Received: from pine.neustar.com ([209.173.57.70]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FGMQz-0002jN-2o; Mon, 06 Mar 2006 15:36:02 -0500
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k26KZxvP010314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 6 Mar 2006 20:35:59 GMT
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FGMQx-0003FS-MA; Mon, 06 Mar 2006 15:35:59 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1FGMQx-0003FS-MA@stiedprstage1.ietf.org>
Date: Mon, 06 Mar 2006 15:35:59 -0500
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: dnsext chair <olaf@nlnetlabs.nl>, dnsext mailing list <namedroppers@ops.ietf.org>, Internet Architecture Board <iab@iab.org>, dnsext chair <ogud@ogud.com>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) ' <draft-ietf-dnsext-ds-sha256-05.txt> as a Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact persons are Margaret Wasserman and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ds-sha256-05.txt Technical Summary Given the crumbling confidence in SHA-1, DNSEXT with the urging of Russ Housley,decided to address the weakest part of the DNSSEC chain, the long lived digest in the DS record. DS is used to transfer trust from a parent zone to a DNSKEY atchild. The DS record stores a digest of the public part of the key that child uses to sign its own DNSKEY set. The change to SHA-256 is considered significant improvement in resilience, the Working group is aware that this might be a temporary measure until new generation of standardized Digest algorithms becomes available This document also contains some guidance on how implementations treat DS sets where there are multiple digest algorithms used. This part of the document has seen most discussion and clarifications of text. There is a strong consensus behind this document. Working Group Summary This document is a work item of the DNSEXT WG. The WG has consensus to publish this document as a Proposed Standard. Protocol Quality This document was reviewed for the IESG by Margaret Wasserman. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce