%% You should probably cite rfc8509 instead of this I-D. @techreport{ietf-dnsop-kskroll-sentinel-01, number = {draft-ietf-dnsop-kskroll-sentinel-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/01/}, author = {Geoff Huston and Joao da Silva Damas and Warren "Ace" Kumari}, title = {{A Sentinel for Detecting Trusted Keys in DNSSEC}}, pagetotal = 12, year = 2018, month = feb, day = 12, abstract = {The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user to determine the trusted key state of the resolvers that handle that user's DNS queries. There is an example / toy implementation of this at http://www.ksk- test.net . {[} This document is being collaborated on in Github at: https://github.com/APNIC-Labs/draft-kskroll-sentinel.. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. Text in square brackets will be removed before publication. {]} {[} NOTE: This version uses the labels "kskroll-sentinel-is-ta-\textless{}tag- index\textgreater{}", "kskroll-sentinel-not-ta-\textless{}tag-index\textgreater{}"; older versions of this document used "\_is-ta-\textless{}tag-index\textgreater{}", "\_not-ta-\textless{}tag-index\textgreater{}". {]}}, }