On Apr 13, 2022, at 11:49 AM, Paul Wouters <[email protected]> wrote: > If we do it as both a reference of DNSSEC and a BCP, then I think we should > add: > > RFC 8901 Multi-Signer DNSSEC Models > RFC 8027 a.k.a. BCP 207 DNSSEC Roadblock Avoidance > RFC 7583 DNSSEC Key Rollover Timing Considerations > RFC 7129 Authenticated Denial of Existence in the DNS > RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing > > I would not include these that you included: > > RFC 9157 Revised IANA Considerations for DNSSEC [It's IETF administrivia] > RFC 6014 Cryptographic Algorithm Identifier Allocation for DNSSEC [It's > IETF administrivia] > RFC 5933 Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource > Records for DNSSEC [Algo is dead] > > Otherwise, I agree with you.
I agree with PaulW's list of inclusions. I would say that RFC 9157 and RFC 6014 should still be in draft-ietf-dnsop-dnssec-bcp, but in a separate section for those readers who care about the IANA registries. RFC 5933 is not yet dead, but will be before draft-ietf-dnsop-dnssec-bcp is published. I would add the following that are listed as blank in Tim's chart: RFC 6975 Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) Relevant RFC 6725 DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates For the IANA-ish section I do not understand why the following and are listed as "No", given that they relate to the DNSSEC trust anchors, and thus are relevant to implementors. I would say they all should be listed: RFC 8509 A Root Key Trust Anchor Sentinel for DNSSEC RFC 8145 Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) RFC 7958 DNSSEC Trust Anchor Publication for the Root Zone RFC 7646 Definition and Use of DNSSEC Negative Trust Anchors (I agree that RFC 4986 does not need to be in the draft because it is just requirements.) Because we are talking about this in light of adding a section to draft-ietf-dnsop-dnssec-bcp, the following can be excluded because they are already in the draft: RFC 9077 RFC 8624 RFC 8198 RFC 8078 RFC 7344 RFC 6840 RFC 6781 RFC 5702 RFC 5155 RFC 5011 RFC 4509 RFC 4035 RFC 4034 RFC 4033 --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
