This is a proposed update the CDS/CDNSKEY processing to address the omission in RFC7344.
Comment please, Olafur Ps: I'm using a new markup tool to write the ID thus any errors in format are my fault. https://github.com/miekg/mmark ---------- Forwarded message ---------- From: <internet-dra...@ietf.org> Date: Tue, Aug 25, 2015 at 5:48 PM Subject: New Version Notification for draft-ogud-dnsop-ds-remove-00.txt To: Olafur Gudmundsson <olafur+i...@cloudflare.com> A new version of I-D, draft-ogud-dnsop-ds-remove-00.txt has been successfully submitted by Olafur Gudmundsson and posted to the IETF repository. Name: draft-ogud-dnsop-ds-remove Revision: 00 Title: Removing DS records from parent via CDS/CDNSKEY Document date: 2015-08-25 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-ogud-dnsop-ds-remove-00.txt Status: https://datatracker.ietf.org/doc/draft-ogud-dnsop-ds-remove/ Htmlized: https://tools.ietf.org/html/draft-ogud-dnsop-ds-remove-00 Abstract: RFC7344 specifies how trust can be maintained in-band between parent and child. There are two features missing in that specification: initial trust setup and removal of trust anchor. This document addresses the second omission. There are many reasons why a domain may want to go unsigned. Some of them are related to DNS operator changes, others are related to DNSSEC signing system changes. The inability to turn off DNSSEC via in-band signalling is seen as a liability in some circles. This document addresses the issue in a sane way. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
