Definition and Use of DNSSEC Negative Trust Anchors
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, dnsop mailing list <firstname.lastname@example.org>, dnsop chair <email@example.com> Subject: Document Action: 'Definition and Use of DNSSEC Negative Trust Anchors' to Informational RFC (draft-ietf-dnsop-negative-trust-anchors-10.txt) The IESG has approved the following document: - 'Definition and Use of DNSSEC Negative Trust Anchors' (draft-ietf-dnsop-negative-trust-anchors-10.txt) as Informational RFC This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Benoit Claise and Joel Jaeggli. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-negative-trust-anchors/
Technical Summary As DNS Security Extensions (DNSSEC) is being widely deployed, tools and processes are not fully mature. Creating a temporary object called Negative Trust Anchor to temporarily disable DNSSEC validation for misconfigured domains; thereby allowing DNS resolution to continue working. Working Group Summary The working group spent time reviewing the document, and several points were raised about the deployment of these trust anchors. However, all points raised involved clarification text which made the final document more robust. There were no decisions that were particularly rough. Document Quality There were several editorial passes done during the timeframe, all of which cleared up the text. The document has a section on managing these Negative Trust Anchors, and laid out in a manner that operators of DNS zones will be able to use. Additionally, there are examples from existing DNS tools in Appendix A. Personnel The document shepherd is Tim Wicinski. Responsible Area Director is Joel Jaeggli.