Hi folks,
We've posted a new draft on algorithm negotiation which we're hoping to
discuss at IETF99 (and on list of course). I've discussed this topic with
several folks at DNS-OARC recently.
https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Algorithm Negotiation in DNSSEC
Authors : Shumon Huque
Haya Shulman
Filename : draft-huque-dnssec-alg-nego-00.txt
Pages : 9
Date : 2017-07-03
Abstract:
This document specifies a DNS extension that allows a DNS client to
specify a list of DNSSEC algorithms, in preference order, that the
client desires to use. A DNS server upon receipt of this extension
can choose to selectively respond with DNSSEC signatures using the
most preferred algorithm they support. This mechanism may make it
easier for DNS zone operators to support signing zone data
simultaneously with multiple DNSSEC algorithms, without significantly
increasing the size of DNS responses. It will also allow an easier
way to transition to new algorithms while still retaining support for
older DNS validators that do not yet support the new algorithms.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-huque-dnssec-alg-nego/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00
https://datatracker.ietf.org/doc/html/draft-huque-dnssec-alg-nego-00
--
Shumon Huque
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
