On Sun, Oct 21, 2018 at 3:24 PM <[email protected]> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : A Root Key Trust Anchor Sentinel for DNSSEC > Authors : Geoff Huston > Joao Silva Damas > Warren Kumari > Filename : draft-ietf-dnsop-kskroll-sentinel-17.txt > Pages : 23 > Date : 2018-10-21 > > Abstract: > The DNS Security Extensions (DNSSEC) were developed to provide origin > authentication and integrity protection for DNS data by using digital > signatures. These digital signatures can be verified by building a > chain of trust starting from a trust anchor and proceeding down to a > particular node in the DNS. This document specifies a mechanism that > will allow an end user and third parties to determine the trusted key > state for the root key of the resolvers that handle that user's DNS > queries. Note that this method is only applicable for determining > which keys are in the trust store for the root key. > > [ This document is being collaborated on in Github at: > https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most > recent version of the document, open issues, etc should all be > available here. The authors (gratefully) accept pull requests. RFC > Editor, please remove text in square brackets before publication. ] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel-17 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-17
2 <https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-17#section-2>. Sentinel Mechanism in Resolvers As one example, underscore prefixed names were rejected because some browsers and operating systems would not fetch them because they domain names but not valid hostnames (see [RFC7719] for these definitions). s/ they domain names / they are domain names / -- Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
