On Sun, Dec 10, 2017 at 8:21 PM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : A Sentinel for Detecting Trusted Keys in DNSSEC > Authors : Geoff Huston > Joao Silva Damas > Warren Kumari > Filename : draft-ietf-dnsop-kskroll-sentinel-00.txt > Pages : 8 > Date : 2017-12-10 > > Abstract: > The DNS Security Extensions (DNSSEC) were developed to provide origin > authentication and integrity protection for DNS data by using digital > signatures. These digital signatures can be verified by building a > chain of trust starting from a trust anchor and proceeding down to a > particular node in the DNS. This document specifies a mechanism that > will allow an end user to determine the trusted key state of the > resolvers that handle the user's DNS queries. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-00 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-00 > > > Looks good to me. One minor typo:
4. Sentinel Test Result Considerations paragraph 6 "If the resolver is non-validating, and it has a single forwarder clause, then the resolver will presumably mirror the capabilities of the forwarder target resolver. If this non-validating resolver it has multiple forwarders, then the above considerations will apply." "it" at end of the third line should be deleted. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
