FYI, I submitted a new version of this draft that added some text in the section about "Resolvers" that mentions the case Mikael Abrahamsson brought to us about how they had to disable DNSSEC validation in the CPE they deployed to their customers because the resolver software was not following RFC 4035 and was not ignoring signatures with unknown algorithms.
Comments are of course welcome. For those who are interested in writing I-D's with markdown, I also transitioned the source of this version of the document to the flavor of markdown that works with Miek Gieben's 'mmark' processor. Paul Jones nicely packaged mmark and xml2rfc into a Docker container that works extremely well. This document and other links can be found in my Github repo at: https://github.com/danyork/draft-deploying-dnssec-crypto-algs Dan Begin forwarded message: From: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> Subject: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt Date: October 30, 2016 at 11:37:13 PM EDT To: Ondrej Sury <ondrej.s...@nic.cz<mailto:ondrej.s...@nic.cz>>, Olafur Gudmundsson <olafur+i...@cloudflare.com<mailto:olafur+i...@cloudflare.com>>, Dan York <y...@isoc.org<mailto:y...@isoc.org>>, " y...@isoc.org<mailto:y...@isoc.org>" <y...@isoc.org<mailto:y...@isoc.org>>, Paul Wouters <pwout...@redhat.com<mailto:pwout...@redhat.com>> A new version of I-D, draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt has been successfully submitted by Dan York and posted to the IETF repository. Name: draft-york-dnsop-deploying-dnssec-crypto-algs Revision: 02 Title: Observations on Deploying New DNSSEC Cryptographic Algorithms Document date: 2016-10-31 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/internet-drafts/draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt Status: https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/ Htmlized: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-york-dnsop-deploying-dnssec-crypto-algs-02 Abstract: As new cryptographic algorithms are developed for use in DNSSEC signing and validation, this document captures the steps needed for new algorithms to be deployed and enter general usage. The intent is to ensure a common understanding of the typical deployment process and potentially identify opportunities for improvement of operations. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat -- Dan York Senior Content Strategist, Internet Society y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624 Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
