Dear DPRIVE and DNSOP, Here is one of the drafts referenced in my presentation(s) on Thursday. Brian
---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Sun, Sep 19, 2021 at 2:42 PM Subject: New Version Notification for draft-dickson-dnsop-ds-hack-02.txt To: Brian Dickson <brian.peter.dick...@gmail.com> A new version of I-D, draft-dickson-dnsop-ds-hack-02.txt has been successfully submitted by Brian Dickson and posted to the IETF repository. Name: draft-dickson-dnsop-ds-hack Revision: 02 Title: DS Algorithms for Securing NS and Glue Document date: 2021-09-19 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-dickson-dnsop-ds-hack-02.txt Status: https://datatracker.ietf.org/doc/draft-dickson-dnsop-ds-hack/ Html: https://www.ietf.org/archive/id/draft-dickson-dnsop-ds-hack-02.html Htmlized: https://datatracker.ietf.org/doc/html/draft-dickson-dnsop-ds-hack Diff: https://www.ietf.org/rfcdiff?url2=draft-dickson-dnsop-ds-hack-02 Abstract: This Internet Draft proposes a mechanism to encode relevant data for NS records on the parental side of a zone cut by encoding them in DS records based on a new DNSKEY algorithm. Since DS records are signed by the parent, this creates a method for validation of the otherwise unsigned delegation records. Notably, support for updating DS records in a parent zone is already present (by necessity) in the Registry-Registrar-Registrant (RRR) provisioning system, EPP. Thus, no changes to the EPP protocol are needed, and no changes to registry database or publication systems upstream of the DNS zones published by top level domains (TLDs). This NS validation mechanism is beneficial if the name server _names_ need to be validated prior to use. The IETF Secretariat
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
