[New-wg-docs] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-00.txt
internet-drafts@ietf.org Fri, 22 April 2022 04:29 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: new-wg-docs@ietf.org
Delivered-To: new-wg-docs@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 78ABF3A135A for <new-wg-docs@ietf.org>; Thu, 21 Apr 2022 21:29:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: new-wg-docs@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.0.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <165060179945.9371.9406680234500983955@ietfa.amsl.com>
Date: Thu, 21 Apr 2022 21:29:59 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-wg-docs/ntOx4xfANmWN-cSjmsZjBIXXFv4>
Subject: [New-wg-docs] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-00.txt
X-BeenThere: new-wg-docs@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "New \(-00\) Working Group Documents" <new-wg-docs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/new-wg-docs>, <mailto:new-wg-docs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/new-wg-docs/>
List-Post: <mailto:new-wg-docs@ietf.org>
List-Help: <mailto:new-wg-docs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/new-wg-docs>, <mailto:new-wg-docs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 04:30:00 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator
Authors : Peter Thomassen
Nils Wisiol
Filename : draft-ietf-dnsop-dnssec-bootstrapping-00.txt
Pages : 14
Date : 2022-04-21
Abstract:
This document introduces an in-band method for DNS operators to
publish arbitrary information about the zones they are authoritative
for, in an authenticated fashion and on a per-zone basis. The
mechanism allows managed DNS operators to securely announce DNSSEC
key parameters for zones under their management, including for zones
that are not currently securely delegated.
Whenever DS records are absent for a zone's delegation, this signal
enables the parent's registry or registrar to cryptographically
validate the CDS/CDNSKEY records found at the child's apex. The
parent can then provision DS records for the delegation without
resorting to out-of-band validation or weaker types of cross-checks
such as "Accept after Delay" ([RFC8078]).
This document updates [RFC8078] and replaces its Section 3 with
Section 3.2 of this document.
[ Ed note: Text inside square brackets ([]) is additional background
information, answers to frequently asked questions, general musings,
etc. They will be removed before publication. This document is
being collaborated on at https://github.com/desec-io/draft-thomassen-
dnsop-dnssec-bootstrapping/ (https://github.com/desec-io/draft-
thomassen-dnsop-dnssec-bootstrapping/). The authors gratefully
accept pull requests. ]
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-00.html
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- [New-wg-docs] I-D Action: draft-ietf-dnsop-dnssec… internet-drafts