[DNSOP] Re: Call for adoption: draft-yorgos-dnsop-dry-run-dnssec-04 (Ends 2025-12-11)

Thu, 11 Dec 2025 01:03:09 -0800 

I support adoption of dry-run DNSSEC draft.

Libor

On 27. 11. 25 13:19, Peter Thomassen via Datatracker wrote:

Subject: Call for adoption: draft-yorgos-dnsop-dry-run-dnssec-04  (Ends
2025-12-11)

This message starts a 2-week Call for Adoption for this document.

Abstract:
    This document describes a method called "dry-run DNSSEC" that allows
    for testing DNSSEC deployments without affecting the DNS service in
    case of DNSSEC errors.  It accomplishes that by introducing new DS
    Type Digest Algorithms that when used in every record of a DS RRset,
    referred to as dry-run DS, signal to validating resolvers that dry-
    run DNSSEC is used for the zone.  DNSSEC errors are then reported
    with DNS Error Reporting, but any bogus responses to clients are
    withheld.  Instead, validating resolvers fallback from dry-run DNSSEC
    and provide the response that would have been answered without the
    presence of the dry-run DS.  A further EDNS option is presented for
    clients to opt-in for dry-run DNSSEC errors and allow for end-to-end
    DNSSEC testing.

File can be retrieved from:
https://datatracker.ietf.org/doc/draft-yorgos-dnsop-dry-run-dnssec/

Please reply to this message keeping [email protected] in copy by indicating
whether you support or not the adoption of this draft as a WG document.
Comments to motivate your preference are highly appreciated.

Authors, and WG participants in general, are reminded of the Intellectual
Property Rights (IPR) disclosure obligations described in BCP 79 [2].
Appropriate IPR disclosures required for full conformance with the provisions
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
Sanctions available for application to violators of IETF IPR Policy can be
found at [3].

Thank you.
[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/



_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]


_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to