Dear DNSOP, The primary change between -00 and -01 is the simplification of the verification protocol when multiple ZONEMD RRs are present, per the on-list discussions.
Additionally Shane Kerr kindly updated his implementation and confirmed that his and the author's implementations produce and validate the same digests. With this version the authors feel that it is ready for working group last call. DW > On Sep 5, 2019, at 4:31 PM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Message Digest for DNS Zones > Authors : Duane Wessels > Piet Barber > Matt Weinberg > Warren Kumari > Wes Hardaker > Filename : draft-ietf-dnsop-dns-zone-digest-01.txt > Pages : 29 > Date : 2019-09-05 > > Abstract: > This document describes an experimental protocol and new DNS Resource > Record that can be used to provide a message digest over DNS zone > data. The ZONEMD Resource Record conveys the message digest data in > the zone itself. When a zone publisher includes an ZONEMD record, > recipients can verify the zone contents for accuracy and > completeness. This provides assurance that received zone data > matches published data, regardless of how the zone data has been > transmitted and received. > > ZONEMD is not designed to replace DNSSEC. Whereas DNSSEC protects > individual RRSets (DNS data with fine granularity), ZONEMD protects > protects a zone's data as a whole, whether consumed by authoritative > name servers, recursive name servers, or any other applications. > > As specified at this time, ZONEMD is not designed for use in large, > dynamic zones due to the time and resources required for digest > calculation. The ZONEMD record described in this document includes > fields reserved for future work to support large, dynamic zones. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-01 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-zone-digest-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-zone-digest-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
