Dear DNSOP, This version of the draft includes just a couple of notable changes from the previous
- As suggested by Mike StJohns, All apex ZONEMD RRs are now excluded from the digest calculation. They are now all independent from each other. - The verification procedure was clarified by describing a loop over all ZONEMD RRs, whereas previously it was essentially written assuming a single ZONEMD. DW > On Apr 8, 2020, at 11:34 AM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Message Digest for DNS Zones > Authors : Duane Wessels > Piet Barber > Matt Weinberg > Warren Kumari > Wes Hardaker > Filename : draft-ietf-dnsop-dns-zone-digest-06.txt > Pages : 32 > Date : 2020-04-08 > > Abstract: > This document describes a protocol and new DNS Resource Record that > can be used to provide a cryptographic message digest over DNS zone > data. The ZONEMD Resource Record conveys the digest data in the zone > itself. When a zone publisher includes an ZONEMD record, recipients > can verify the zone contents for accuracy and completeness. This > provides assurance that received zone data matches published data, > regardless of how the zone data has been transmitted and received. > > ZONEMD is not designed to replace DNSSEC. Whereas DNSSEC protects > individual RRSets (DNS data with fine granularity), ZONEMD protects a > zone's data as a whole, whether consumed by authoritative name > servers, recursive name servers, or any other applications. > > As specified at this time, ZONEMD is not designed for use in large, > dynamic zones due to the time and resources required for digest > calculation. The ZONEMD record described in this document is > designed so that new digest schemes may be developed in the future to > support large, dynamic zones. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-06 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-zone-digest-06 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-zone-digest-06 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
