The IESG has approved the following Internet-Drafts as Proposed Standards: Simple Secure Domain Name System (DNS) Dynamic Update <draft-ietf-dnsext-simple-secure-update-02.txt>, obsoleting RFC2137. Domain Name System Security (DNSSEC) Signing Authority <draft-ietf-dnsext-signing-auth-02.txt>, updating RFC2535. These documents are the product of the DNS Extensions Working Group. The IESG contact persons are Erik Nordmark and Thomas Narten. Technical Summary The first document specifies a method for performing secure Domain Name System (DNS) dynamic updates. The method described is intended to be flexible and useful while requiring as few changes to the protocol as possible. The authentication of the dynamic update message is separate from later DNSSEC validation of the data. Secure communication based on authenticated requests and transactions is used to provide authorization. The second document specifies a revised model of Domain Name System Security (DNSSEC) Signing Authority. The revised model is designed to clarify earlier documents and add additional restrictions to simplify the secure resolution process. Specifically, this affects the authorization of keys to sign sets of records. Working Group Summary There was WG consensus to advance these documents. Protocol Quality The specifications have been reviewed for the IESG by Erik Nordmark.
