IETF Logo Mail Archive

[rfc-dist] RFC 8901 on Multi-Signer DNSSEC Models

rfc-editor@rfc-editor.org Thu, 24 September 2020 21:43 UTC

Return-Path: <rfc-dist-bounces@rfc-editor.org>
X-Original-To: ietfarch-rfc-dist-archive@ietfa.amsl.com
Delivered-To: ietfarch-rfc-dist-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A6A3A12E7 for <ietfarch-rfc-dist-archive@ietfa.amsl.com>; Thu, 24 Sep 2020 14:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.92
X-Spam-Level:
X-Spam-Status: No, score=-2.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPqR1FbEgP1X for <ietfarch-rfc-dist-archive@ietfa.amsl.com>; Thu, 24 Sep 2020 14:43:11 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66F73A12F1 for <rfc-dist-archive-yuw6Xa6hiena@ietf.org>; Thu, 24 Sep 2020 14:43:11 -0700 (PDT)
Received: from rfcpa.amsl.com (localhost [IPv6:::1]) by rfc-editor.org (Postfix) with ESMTP id A9929F4077E; Thu, 24 Sep 2020 14:43:01 -0700 (PDT)
X-Original-To: rfc-dist@rfc-editor.org
Delivered-To: rfc-dist@rfc-editor.org
Received: by rfc-editor.org (Postfix, from userid 30) id 2106AF4077D; Thu, 24 Sep 2020 14:43:00 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
X-PHP-Originating-Script: 1005:ams_util_lib.php
From: rfc-editor@rfc-editor.org
Message-Id: <20200924214300.2106AF4077D@rfc-editor.org>
Date: Thu, 24 Sep 2020 14:43:00 -0700
Subject: [rfc-dist] RFC 8901 on Multi-Signer DNSSEC Models
X-BeenThere: rfc-dist@rfc-editor.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RFC Announcements <rfc-dist.rfc-editor.org>
List-Unsubscribe: <https://www.rfc-editor.org/mailman/options/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <http://www.rfc-editor.org/pipermail/rfc-dist/>
List-Post: <mailto:rfc-dist@rfc-editor.org>
List-Help: <mailto:rfc-dist-request@rfc-editor.org?subject=help>
List-Subscribe: <https://www.rfc-editor.org/mailman/listinfo/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=subscribe>
Cc: drafts-update-ref@iana.org, dnsop@ietf.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: rfc-dist-bounces@rfc-editor.org
Sender: rfc-dist <rfc-dist-bounces@rfc-editor.org>

A new Request for Comments is now available in online RFC libraries.

        
        RFC 8901

        Title:      Multi-Signer DNSSEC Models 
        Author:     S. Huque, 
                    P. Aras,
                    J. Dickinson,
                    J. Vcelak,
                    D. Blacka
        Status:     Informational
        Stream:     IETF
        Date:       September 2020
        Mailbox:    shuque@gmail.com, 
                    paras@salesforce.com, 
                    jad@sinodun.com,
                    jvcelak@ns1.com, 
                    davidb@verisign.com
        Pages:      13
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-dnsop-multi-provider-dnssec-05.txt

        URL:        https://www.rfc-editor.org/info/rfc8901

        DOI:        10.17487/RFC8901

Many enterprises today employ the service of multiple DNS providers
to distribute their authoritative DNS service. Deploying DNSSEC in
such an environment may present some challenges, depending on the
configuration and feature set in use. In particular, when each DNS
provider independently signs zone data with their own keys,
additional key-management mechanisms are necessary. This document
presents deployment models that accommodate this scenario and
describes these key-management requirements. These models do not
require any changes to the behavior of validating resolvers, nor do
they impose the new key-management requirements on authoritative
servers not involved in multi-signer configurations.

This document is a product of the Domain Name System Operations Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


_______________________________________________
rfc-dist mailing list
rfc-dist@rfc-editor.org
https://www.rfc-editor.org/mailman/listinfo/rfc-dist
http://www.rfc-editor.org

v2.23.0 | Report a Bug | By Email