The IESG has approved the following document: - 'Multi Signer DNSSEC models' (draft-ietf-dnsop-multi-provider-dnssec-05.txt) as Informational RFC
This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-multi-provider-dnssec/ Technical Summary The draft documents operational models for deploying DNSSEC signed zones across multiple DNS providers to distribute their authoritative DNS service. It presents challenges depending on the configuration and feature set in use, and presents several deployment models that may be suitable. Working Group Summary The document has been reviewed and discussed on the DNSOP mailing list and during DNSOP workgroup meetings. Contributions were done by a relative small number of interested folks, feedback by the WG was promptly integrated in the document. No points of difficulty or controversy appeared and consensus was quick. There has been good consensus during the WGLC period. External parties (DNS zone owners and DNS providers) have architected the DNSSEC multi-provider model in their operations and use it in their daily job (e.g., see DNSOP mailing list, email thread “[DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec”.) Document Quality The document is of good quality, and describes a real issue and (real world) operational advice on how to deal with this. The security section mentions the need for strong authentication to protect DNSSEC key material, but although the usefulness of the warning, this is beyond the scope of the document. The document shepherd has no specific concerns or issues with the document or with the WG process. The shepherd stands behind the document and thinks the document is ready for publication. Personnel Document Shepherd: Benno Overeinder Area Director: Warren Kumari _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop