Hi, Please find an update of our draft on requirements for DNSSEC resolver.
DNS resolvers hardly enable DNSSEC as 1) resolvers are not robust too DNS authoritative operations – like KSK roll over, signing errors…. – and 2) network administrators have little control on these resolvers to recover such situations. The draft describes how invalid DNSSEC related RRsets may be considered by the resolver. The listed requirements aim at designing mechanisms as well as interactions with network managers can easily solve/avoid these situations. Such mechanisms are expected to encourage DNSSEC deployment on resolvers. Yours, Daniel -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, March 27, 2017 9:13 AM To: Edward Lewis <[email protected]>; Daniel Migault <[email protected]>; Dan York <[email protected]>; [email protected] <[email protected]> Subject: New Version Notification for draft-mglt-dnsop-dnssec-validator-requirements-04.txt A new version of I-D, draft-mglt-dnsop-dnssec-validator-requirements-04.txt has been successfully submitted by Daniel Migault and posted to the IETF repository. Name: draft-mglt-dnsop-dnssec-validator-requirements Revision: 04 Title: DNSSEC Validators Requirements Document date: 2017-03-27 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-mglt-dnsop-dnssec-validator-requirements-04.txt Status: https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/ Htmlized: https://tools.ietf.org/html/draft-mglt-dnsop-dnssec-validator-requirements-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-mglt-dnsop-dnssec-validator-requirements-04 Diff: https://www.ietf.org/rfcdiff?url2=draft-mglt-dnsop-dnssec-validator-requirements-04 Abstract: DNSSEC provides data integrity and authentication for DNSSEC validators. However, without valid trust anchor(s) and an acceptable value for the current time, DNSSEC validation cannot be performed. This document lists the requirements to be addressed so resolvers can have DNSSEC validation can be always-on. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
