On Fri, Apr 22, 2022 at 12:30 AM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : Automatic DNSSEC Bootstrapping using > Authenticated Signals from the Zone's Operator > Authors : Peter Thomassen > Nils Wisiol > Filename : draft-ietf-dnsop-dnssec-bootstrapping-00.txt > Pages : 14 > Date : 2022-04-21 > > Abstract: > This document introduces an in-band method for DNS operators to > publish arbitrary information about the zones they are authoritative > for, in an authenticated fashion and on a per-zone basis. The > mechanism allows managed DNS operators to securely announce DNSSEC > key parameters for zones under their management, including for zones > that are not currently securely delegated. > > Whenever DS records are absent for a zone's delegation, this signal > enables the parent's registry or registrar to cryptographically > validate the CDS/CDNSKEY records found at the child's apex. The > parent can then provision DS records for the delegation without > resorting to out-of-band validation or weaker types of cross-checks > such as "Accept after Delay" ([RFC8078]). > > This document updates [RFC8078] and replaces its Section 3 with > Section 3.2 of this document. > > [ Ed note: Text inside square brackets ([]) is additional background > information, answers to frequently asked questions, general musings, > etc. They will be removed before publication. This document is > being collaborated on at https://github.com/desec-io/draft-thomassen- > dnsop-dnssec-bootstrapping/ (https://github.com/desec-io/draft- > thomassen-dnsop-dnssec-bootstrapping/). The authors gratefully > accept pull requests. ] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-dnsop-dnssec-bootstrapping-00.html > > Interesting idea.
Minor edit: In "1. Introduction", third paragraph, first sentence: " these dependencies result often result " the first "result" should be removed. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop