[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Protocol Action: 'Minimally Covering NSEC Records and DNSSEC On-line Signing' to Proposed Standard

To: IETF-Announce <ietf-announce at ietf.org>
Subject: Protocol Action: 'Minimally Covering NSEC Records and DNSSEC On-line Signing' to Proposed Standard
From: The IESG <iesg-secretary at ietf.org>
Date: Tue, 31 Jan 2006 13:14:22 -0500
Cc: dnsext chair <olaf at nlnetlabs.nl>, dnsext mailing list <namedroppers at ops.ietf.org>, Internet Architecture Board <iab at iab.org>, dnsext chair <ogud at ogud.com>, RFC Editor <rfc-editor at rfc-editor.org>
List-help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-id: ietf-announce.ietf.org
List-post: <mailto:ietf-announce@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
Sender: ietf-announce-bounces at ietf.org

The IESG has approved the following documents:

- 'Minimally Covering NSEC Records and DNSSEC On-line Signing '
   <draft-ietf-dnsext-dnssec-online-signing-02.txt> as a Proposed Standard
- 'Derivation of DNS Name Predecessor and Successor '
   <draft-ietf-dnsext-dns-name-p-s-01.txt> as an Experimental RFC

These documents are products of the DNS Extensions Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-online-signing-02.txt

Technical Summary
 
   The first draft, draft-ietf-dnsext-dnssec-online-signing
   describes how to construct DNSSEC NSEC resource records
   that cover a smaller range of names than called for by RFC4034.  By
   generating and signing these records on demand, authoritative name
   servers can effectively stop the disclosure of zone contents
   otherwise made possible by walking the chain of NSEC records in a
   signed zone.
 
   The other draft, draft-ietf-dnsext-dns-name-p-s describes two 
   methods for deriving the canonically-ordered predecessor and 
   successor of a DNS name.  These methods may be used for dynamic   
   NSEC resource record synthesis, enabling security-aware name 
   servers to provide authenticated denial of existence without 
   disclosing other owner names in a DNSSEC-secured zone.

Working Group Summary

   There was consensus in the DNSEXT WG to publisg the online-signing
   draft as Proposed Standards.  During IETF Last Call, some people
   suggested that this draft would be better published as an
   Experimental RFC.  However, the WG had discussed the publication
   status of both of these drafts explicitly, and the number people who 
   raised this issue in IETF LC was not sufficient to question the 
   earlier WG consensus.
 
Protocol Quality
 
   These documents were reviewed for the IESG by Margaret Wasserman.


_______________________________________________
IETF-Announce mailing list
IETF-Announce at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

Prev by Date: Protocol Action: 'ATM over L2TPv3' to Proposed Standard
Next by Date: Protocol Action: 'Securing Mobile IPv6 Route Optimization Using a Static Shared Key' to Proposed Standard
Previous by thread: Protocol Action: 'ATM over L2TPv3' to Proposed Standard
Next by thread: Protocol Action: 'Securing Mobile IPv6 Route Optimization Using a Static Shared Key' to Proposed Standard
Index(es):
- Date
- Thread