Hi, Please find an update of our draft on DNSSEC Validator Requirements [xml - txt].
DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too DNS authoritative operations - like KSK roll over, signing errors.... - and 2) network administrators have little control on these resolvers to recover such situations. The draft describes how invalid DNSSEC related RRsets may be considered by the resolver. The listed requirements aim at designing mechanisms as well as interactions with network managers can easily solve/avoid these situations. Such mechanisms are expected to encourage DNSSEC deployment on resolvers. Comments are welcome! Yours, Daniel [txt] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements-05.txt [xml] https://github.com/mglt/draft-mglt-dnsop-dnssec-validator-requirements/blob/master/draft-mglt-dnsop-dnssec-validator-requirements-05.xml [Ericsson]<http://www.ericsson.com/> DANIEL MIGAULT Researcher Research Ericsson 8500 Boulevard Decarie H4P 2N2 Montreal, Canada Phone +1 514 345 7900 46628 Mobile +1 514 452 2160 daniel.miga...@ericsson.com www.ericsson.com [http://www.ericsson.com/current_campaign]<http://www.ericsson.com/current_campaign> Legal entity: Ericsson Canada Inc., registered office in Montreal. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer>
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
