On Mon, Nov 13, 2017 at 9:26 PM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : A Sentinel for Detecting Trusted Keys in DNSSEC > Authors : Geoff Huston > Joao Silva Damas > Warren Kumari > Filename : draft-huston-kskroll-sentinel-04.txt > Pages : 8 > Date : 2017-11-13 > > Abstract: > The DNS Security Extensions (DNSSEC) were developed to provide origin > authentication and integrity protection for DNS data by using digital > signatures. These digital signatures can be verified by building a > chain of trust starting from a trust anchor and proceeding down to a > particular node in the DNS. This document specifies a mechanism that > will allow an end user to determine the trusted key state of the > resolvers that handle the user's DNS queries. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-huston-kskroll-sentinel/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-huston-kskroll-sentinel-04 > https://datatracker.ietf.org/doc/html/draft-huston-kskroll-sentinel-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-huston-kskroll-sentinel-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Looks like you clarified that "_is-ta-<tag-index>." and "_not-ta-<tag-index>." are the left-most labels. Thanks, that's an improvement.
I like the draft. If I have to add those entries to each zone, I worry that the automated DNS appliance that I use might not be able to create the broken records required. But I am not using DNSSEC yet, so that is a future issue for me. Still waiting for more automation (CDSKEY etc) and 'time' to work on it. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop