All The chairs have been coming to the consensus that this document is very close/ready for working group last call. if there are any thoughts, reviews, etc anyone has, please share.
thanks tim On Mon, May 1, 2023 at 5:40 AM Peter Thomassen <pe...@desec.io> wrote: > Dear DNSOP, > > The news for this revision are: > > - editorial stuff (moved a section, fixed a ref) > - added a paragraph to Section 4.1 to emphasize that bootstrapping may not > be done without the zone owner's consent > > Thanks, > Peter > > > On 5/1/23 11:35, internet-dra...@ietf.org wrote: > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. This Internet-Draft is a work item of the Domain Name System > > Operations (DNSOP) WG of the IETF. > > > > Title : Automatic DNSSEC Bootstrapping using Authenticated > Signals from the Zone's Operator > > Authors : Peter Thomassen > > Nils Wisiol > > Filename : draft-ietf-dnsop-dnssec-bootstrapping-04.txt > > Pages : 16 > > Date : 2023-05-01 > > > > Abstract: > > This document introduces an in-band method for DNS operators to > > publish arbitrary information about the zones they are authoritative > > for, in an authenticated fashion and on a per-zone basis. The > > mechanism allows managed DNS operators to securely announce DNSSEC > > key parameters for zones under their management, including for zones > > that are not currently securely delegated. > > > > Whenever DS records are absent for a zone's delegation, this signal > > enables the parent's registry or registrar to cryptographically > > validate the CDS/CDNSKEY records found at the child's apex. The > > parent can then provision DS records for the delegation without > > resorting to out-of-band validation or weaker types of cross-checks > > such as "Accept after Delay" ([RFC8078]). > > > > This document deprecates the DS enrollment methods described in > > Section 3 of [RFC8078] in favor of Section 3 of this document. > > > > [ Ed note: This document is being collaborated on at > > https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/ > > (https://github.com/desec-io/draft-ietf-dnsop-dnssec-bootstrapping/ > ). > > The authors gratefully accept pull requests. ] > > > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/ > > > > There is also an HTML version available at: > > > https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-04.html > > > > A diff from the previous version is available at: > > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-dnssec-bootstrapping-04 > > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > -- > Like our community service? 💛 > Please consider donating at > > https://desec.io/ > > deSEC e.V. > Kyffhäuserstr. 5 > 10781 Berlin > Germany > > Vorstandsvorsitz: Nils Wisiol > Registergericht: AG Berlin (Charlottenburg) VR 37525 > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
