DNS Certification Authority Authorization (CAA) Resource Record
draft-ietf-lamps-rfc6844bis-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2019-09-20
|
07 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2019-08-12
|
07 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2019-08-06
|
07 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2019-07-18
|
07 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK |
2019-07-08
|
07 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2019-07-05
|
07 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2019-07-05
|
07 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2019-06-14
|
07 | (System) | RFC Editor state changed to EDIT |
2019-06-14
|
07 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2019-06-14
|
07 | (System) | Announcement was received by RFC Editor |
2019-06-14
|
07 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2019-06-13
|
07 | (System) | IANA Action state changed to In Progress |
2019-06-13
|
07 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2019-06-13
|
07 | Cindy Morgan | IESG has approved the document |
2019-06-13
|
07 | Cindy Morgan | Closed "Approve" ballot |
2019-06-13
|
07 | Cindy Morgan | Ballot approval text was generated |
2019-06-13
|
07 | Roman Danyliw | Comments have been addressed per -07 |
2019-06-13
|
07 | Roman Danyliw | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup |
2019-05-30
|
07 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-05-30
|
07 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-07.txt |
2019-05-30
|
07 | (System) | New version approved |
2019-05-30
|
07 | (System) | Request for posting confirmation emailed to previous authors: Phillip Hallam-Baker , Jacob Hoffman-Andrews , Rob Stradling |
2019-05-30
|
07 | Jacob Hoffman-Andrews | Uploaded new revision |
2019-05-30
|
06 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2019-05-30
|
06 | Cindy Morgan | [Ballot Position Update] New position, No Objection, has been recorded for Warren "Ace" Kumari by Cindy Morgan |
2019-05-29
|
06 | Stefan Santesson | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Stefan Santesson. Sent review to list. |
2019-05-29
|
06 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2019-05-29
|
06 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2019-05-28
|
06 | Alissa Cooper | [Ballot comment] Please respond to the Gen-ART review. |
2019-05-28
|
06 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2019-05-28
|
06 | Barry Leiba | [Ballot comment] — Section 4.1 — Tag Length: A single octet containing an unsigned integer specifying the tag length in octets. The tag … [Ballot comment] — Section 4.1 — Tag Length: A single octet containing an unsigned integer specifying the tag length in octets. The tag length MUST be at least 1 and SHOULD be no more than 15. What happens if it’s more than 15? What’s the interoperability issue, and how would an implementor decide what to do with this requirement? Tags MAY contain US-ASCII characters 'a' through 'z', 'A' through 'Z', and the numbers 0 through 9. Tags SHOULD NOT contain any other characters. Matching of tags is case insensitive. Why “SHOULD NOT”, rather than “MUST NOT”? Why might my implementation need to use other characters, and what are the interoperability consequences of doing so? — Section 4.1.1 — Tag: Is a non-zero sequence of US-ASCII letters and numbers in lower case. Make it “non-zero-length”. -- Section 4.4 — The iodef Property Tag takes a URL as its Property Value. The URL scheme type determines the method used for reporting: I presume that *only* the specified schemes (mailto, http, https) are allowed; it would help to be explicit about that, lest someone get ideas to use sip or some such. — Section 5.6 — In practice, such an attack would be of minimal effect since any competent competitor that found itself unable to issue certificates due to lack of support for a Property marked critical SHOULD investigate the cause and report the reason to the customer. The customer will thus discover that they had been deceived. This doesn’t strike me as a BCP 14 “SHOULD”, but a normal English “should”. |
2019-05-28
|
06 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2019-05-27
|
06 | Benjamin Kaduk | [Ballot comment] [updating to note that some of the content from Section 5.7 of draft-ietf-acme-caa may be worth mentioning in the security considerations of this … [Ballot comment] [updating to note that some of the content from Section 5.7 of draft-ietf-acme-caa may be worth mentioning in the security considerations of this document] Thanks for this helpful update! Section 2.2 I'm not entirely sure why we're going "backwards" from referencing STD13 to referencing RFCs 1034 and 1035 individually (in the definition of "Domain Name System"). Section 3 RelevantCAASet(domain): for domain is not ".": if CAA(domain) is not Empty: return CAA(domain) domain = Parent(domain) return Empty It would be nice to get an explicit note about whether this is intended to be pseudocode, Python code, etc.. Specifically, the "for domain is not '.'" syntax seems like it might be a more natural fit for a "while" construct. Section 4.3 issuewild properties MUST be ignored when processing a request for a Domain Name (that is, not a Wildcard Domain Name). I don't wish to revisit well-trodden ground (as I suspect this is), but note that the provided defitinions in Section 2.2 don't seem to exclude Wildcard Domain Names from being Domain Names, so that "that is" in the quoted text is not accurate. (In particular, note that the Wildcard Domain Name definition says that it is "a Domain Name consisting of [...]".) Section 4.5 The critical flag is intended to permit future versions of CAA to introduce new semantics that MUST be understood for correct processing of the record, preventing conforming CAs that do not recognize the new semantics from issuing certificates for the indicated Domain Names. It's not clear to me that the normative "MUST" is best, here. (Is anyone's behavior being constrained by this statement?) Section 5.1 An Issuer MUST NOT issue certificates if doing so would conflict with the Relevant RRSet, irrespective of whether the corresponding DNS records are signed. I recognize that this is already the security considerations section, but this requirement introduces its own security considerations, namely that in cases where CAA responses received by the Issuer can be spoofed, there is an opportunity for denial of service. Section 5.4 does not seem to address this additional consideration relating to spoofing. Section 5.5 perhaps touches on it, but merely talks about "introduction" of a CAA RR, which may or may not imply the possibility of spoofing to an arbitrary reader. Use of DNSSEC allows an Issuer to acquire and archive a proof that they were authorized to issue certificates for the Domain Name. Verification of such archives MAY be an audit requirement to verify CAA record processing compliance. Publication of such archives MAY be a transparency requirement to verify CAA record processing compliance. Neither of these "MAY"s seem to be constraining the parties involved in this specification, which makes me wonder if they are more appropriate as ordinary "may"s. Section 5.4 Data cached by third parties MUST NOT be relied on but MAY be used to support additional anti-spoofing or anti-suppression controls. Is "relied on" meant to imply "relied on as the sole source of DNS CAA information"? Section 8 Should the registration of the 'CAA' RRtype also be updated to refer to [this document]? |
2019-05-27
|
06 | Benjamin Kaduk | Ballot comment text updated for Benjamin Kaduk |
2019-05-27
|
06 | Ignas Bagdonas | [Ballot Position Update] New position, No Objection, has been recorded for Ignas Bagdonas |
2019-05-27
|
06 | Benjamin Kaduk | [Ballot comment] Thanks for this helpful update! Section 2.2 I'm not entirely sure why we're going "backwards" from referencing STD13 to referencing RFCs 1034 and … [Ballot comment] Thanks for this helpful update! Section 2.2 I'm not entirely sure why we're going "backwards" from referencing STD13 to referencing RFCs 1034 and 1035 individually (in the definition of "Domain Name System"). Section 3 RelevantCAASet(domain): for domain is not ".": if CAA(domain) is not Empty: return CAA(domain) domain = Parent(domain) return Empty It would be nice to get an explicit note about whether this is intended to be pseudocode, Python code, etc.. Specifically, the "for domain is not '.'" syntax seems like it might be a more natural fit for a "while" construct. Section 4.3 issuewild properties MUST be ignored when processing a request for a Domain Name (that is, not a Wildcard Domain Name). I don't wish to revisit well-trodden ground (as I suspect this is), but note that the provided defitinions in Section 2.2 don't seem to exclude Wildcard Domain Names from being Domain Names, so that "that is" in the quoted text is not accurate. (In particular, note that the Wildcard Domain Name definition says that it is "a Domain Name consisting of [...]".) Section 4.5 The critical flag is intended to permit future versions of CAA to introduce new semantics that MUST be understood for correct processing of the record, preventing conforming CAs that do not recognize the new semantics from issuing certificates for the indicated Domain Names. It's not clear to me that the normative "MUST" is best, here. (Is anyone's behavior being constrained by this statement?) Section 5.1 An Issuer MUST NOT issue certificates if doing so would conflict with the Relevant RRSet, irrespective of whether the corresponding DNS records are signed. I recognize that this is already the security considerations section, but this requirement introduces its own security considerations, namely that in cases where CAA responses received by the Issuer can be spoofed, there is an opportunity for denial of service. Section 5.4 does not seem to address this additional consideration relating to spoofing. Section 5.5 perhaps touches on it, but merely talks about "introduction" of a CAA RR, which may or may not imply the possibility of spoofing to an arbitrary reader. Use of DNSSEC allows an Issuer to acquire and archive a proof that they were authorized to issue certificates for the Domain Name. Verification of such archives MAY be an audit requirement to verify CAA record processing compliance. Publication of such archives MAY be a transparency requirement to verify CAA record processing compliance. Neither of these "MAY"s seem to be constraining the parties involved in this specification, which makes me wonder if they are more appropriate as ordinary "may"s. Section 5.4 Data cached by third parties MUST NOT be relied on but MAY be used to support additional anti-spoofing or anti-suppression controls. Is "relied on" meant to imply "relied on as the sole source of DNS CAA information"? Section 8 Should the registration of the 'CAA' RRtype also be updated to refer to [this document]? |
2019-05-27
|
06 | Benjamin Kaduk | [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk |
2019-05-27
|
06 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2019-05-27
|
06 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2019-05-24
|
06 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2019-05-22
|
06 | Qin Wu | Request for Telechat review by OPSDIR Completed: Ready. Reviewer: Qin Wu. Sent review to list. |
2019-05-21
|
06 | Roman Danyliw | IESG state changed to IESG Evaluation from Waiting for Writeup |
2019-05-21
|
06 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund |
2019-05-20
|
06 | Éric Vyncke | [Ballot comment] Thank you all for the work put into this document. I appreciate the section 7 about the differences with RFC 6844. == … [Ballot comment] Thank you all for the work put into this document. I appreciate the section 7 about the differences with RFC 6844. == COMMENTS == -- Section 2.2 -- "Domain Name: The label assigned to a node in the Domain Name System." AFAIK RFC 1034 defines it differently "The domain name of a node is the list of the labels on the path from the node to the root of the tree" Or are we talking about different "domain names" ? "Wildcard domain name": it would be interesting to define not only the syntax but also the semantic do those wildcard domain names. -- Section 3 -- While I am not a security expert, a TLD could add a CAA forcing all its FQDN to either use the CA defined in the TLD CAA RRset or add a per FQDN CAA (which may raise the bar for small not-so-managed domains which otherwise could have used a cheap and easy CA such as letsencrypt). Is it really good to climb the DNS tree up to the TLD? Just curious. == NITS == -- Section 3 -- I would have preferred a recursive definition rather than an interative algorithm but this is a matter of taste ;-) |
2019-05-20
|
06 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2019-05-20
|
06 | (System) | IANA Review state changed to IANA - Not OK from Version Changed - Review Needed |
2019-05-20
|
06 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Qin Wu |
2019-05-20
|
06 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Qin Wu |
2019-05-17
|
06 | Amy Vezza | Placed on agenda for telechat - 2019-05-30 |
2019-05-17
|
06 | Roman Danyliw | Ballot has been issued |
2019-05-17
|
06 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2019-05-17
|
06 | Roman Danyliw | Created "Approve" ballot |
2019-05-17
|
06 | Roman Danyliw | Ballot writeup was changed |
2019-05-15
|
06 | Peter Yee | Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Peter Yee. Sent review to list. |
2019-05-09
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2019-05-09
|
06 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-06.txt |
2019-05-09
|
06 | (System) | New version approved |
2019-05-09
|
06 | (System) | Request for posting confirmation emailed to previous authors: Phillip Hallam-Baker , Jacob Hoffman-Andrews , Rob Stradling |
2019-05-09
|
06 | Jacob Hoffman-Andrews | Uploaded new revision |
2019-05-08
|
05 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2019-05-06
|
05 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2019-05-06
|
05 | Michelle Cotton | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-lamps-rfc6844bis-05. If any part of this review is inaccurate, please let … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-lamps-rfc6844bis-05. If any part of this review is inaccurate, please let us know. The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document. The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete. In the Certification Authority Restrictions Flags registry and the Certification Authority Restriction Properties both located at: https://www.iana.org/assignments/pkix-parameters/ [ RFC-to-be ] will be added as the reference for the registries. IANA Question --> Should the other references to RFC 6844 at https://www.iana.org/assignments/dns-parameters and https://www.iana.org/assignments/pkix-parameters also be changed to [ RFC-to-be ]? The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Michelle Cotton IANA Services |
2019-04-25
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Stefan Santesson |
2019-04-25
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Stefan Santesson |
2019-04-24
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2019-04-24
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2019-04-24
|
05 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2019-04-24
|
05 | Cindy Morgan | The following Last Call announcement was sent out (ends 2019-05-08): From: The IESG To: IETF-Announce CC: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley , housley@vigilsec.com, … The following Last Call announcement was sent out (ends 2019-05-08): From: The IESG To: IETF-Announce CC: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley , housley@vigilsec.com, spasm@ietf.org, draft-ietf-lamps-rfc6844bis@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (DNS Certification Authority Authorization (CAA) Resource Record) to Proposed Standard The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'DNS Certification Authority Authorization (CAA) Resource Record' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-05-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. This document obsoletes RFC 6844. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/ballot/ No IPR declarations have been submitted directly on this I-D. |
2019-04-24
|
05 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2019-04-24
|
05 | Roman Danyliw | Last call was requested |
2019-04-24
|
05 | Roman Danyliw | Last call announcement was generated |
2019-04-24
|
05 | Roman Danyliw | Ballot approval text was generated |
2019-04-24
|
05 | Roman Danyliw | Ballot writeup was generated |
2019-04-24
|
05 | Roman Danyliw | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2019-03-27
|
05 | Cindy Morgan | Shepherding AD changed to Roman Danyliw |
2019-03-24
|
05 | Russ Housley | Added to session: IETF-104: lamps Tue-1120 |
2019-02-04
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2019-02-04
|
05 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-05.txt |
2019-02-04
|
05 | (System) | New version approved |
2019-02-04
|
05 | (System) | Request for posting confirmation emailed to previous authors: lamps-chairs@ietf.org, Jacob Hoffman-Andrews , Phillip Hallam-Baker , Rob Stradling |
2019-02-04
|
05 | Jacob Hoffman-Andrews | Uploaded new revision |
2018-12-24
|
04 | Eric Rescorla | https://mozphab-ietf.devsvcdev.mozaws.net/D5745 |
2018-12-24
|
04 | Eric Rescorla | IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested |
2018-12-03
|
04 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-04.txt |
2018-12-03
|
04 | (System) | New version approved |
2018-12-03
|
04 | (System) | Request for posting confirmation emailed to previous authors: Jacob Hoffman-Andrews , Phillip Hallam-Baker , Rob Stradling |
2018-12-03
|
04 | Jacob Hoffman-Andrews | Uploaded new revision |
2018-11-06
|
03 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-03.txt |
2018-11-06
|
03 | (System) | New version approved |
2018-11-06
|
03 | (System) | Request for posting confirmation emailed to previous authors: lamps-chairs@ietf.org, Jacob Hoffman-Andrews , Phillip Hallam-Baker , Rob Stradling |
2018-11-06
|
03 | Jacob Hoffman-Andrews | Uploaded new revision |
2018-11-04
|
02 | Russ Housley | Shepherd Write-up for draft-ietf-lamps-rfc6844bis-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-rfc6844bis-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the header call for Standards Track. This new RFC will obsolete RFC 6844, which is a Proposed Standard. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: S/MIME has wide support, and several implementers have said that they will implement this specification. The CA/Browser Forum has been very vocal that they are planning to require CAs to implement it, so that community has reviewed it carefully. Personnel: Russ Housley is the document shepherd. Eric Rescorla is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd did a thorough review of the document during WG Last Call. All issues raised have been resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review needed. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The authors have explicitly stated that they are unaware of any IPR related to this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted against RFC 6844 or this Internet-Draft. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. This document, once it is approved, will obsolete RFC 6844. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. None needed. (13) Have all references within this document been identified as either normative or informative? Yes, the references are divided into normative and informative. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are already published. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This new RFC will obsolete RFC 6844. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). No IANA updates or additions are needed. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. ABNF is used. It was checked with Bill's ABNF Parser (BAP). |
2018-11-04
|
02 | Russ Housley | Responsible AD changed to Eric Rescorla |
2018-11-04
|
02 | Russ Housley | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2018-11-04
|
02 | Russ Housley | IESG state changed to Publication Requested |
2018-11-04
|
02 | Russ Housley | IESG process started in state Publication Requested |
2018-11-04
|
02 | Russ Housley | Intended Status changed to Proposed Standard from None |
2018-11-04
|
02 | Russ Housley | Changed document writeup |
2018-11-04
|
02 | Russ Housley | IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document |
2018-11-04
|
02 | Russ Housley | Changed consensus to Yes from Unknown |
2018-11-04
|
02 | Russ Housley | Notification list changed to Russ Housley <housley@vigilsec.com> |
2018-11-04
|
02 | Russ Housley | Document shepherd changed to Russ Housley |
2018-11-04
|
02 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-02.txt |
2018-11-04
|
02 | (System) | New version approved |
2018-11-04
|
02 | (System) | Request for posting confirmation emailed to previous authors: Jacob Hoffman-Andrews , Phillip Hallam-Baker , Rob Stradling |
2018-11-04
|
02 | Jacob Hoffman-Andrews | Uploaded new revision |
2018-10-10
|
01 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-01.txt |
2018-10-10
|
01 | (System) | New version approved |
2018-10-10
|
01 | (System) | Request for posting confirmation emailed to previous authors: Jacob Hoffman-Andrews , Phillip Hallam-Baker , Rob Stradling |
2018-10-10
|
01 | Jacob Hoffman-Andrews | Uploaded new revision |
2018-08-20
|
00 | Cindy Morgan | This document now replaces draft-hoffman-andrews-caa-simplification instead of None |
2018-07-15
|
00 | Russ Housley | Added to session: IETF-102: lamps Thu-1550 |
2018-05-31
|
00 | Jacob Hoffman-Andrews | New version available: draft-ietf-lamps-rfc6844bis-00.txt |
2018-05-31
|
00 | (System) | WG -00 approved |
2018-05-30
|
00 | Jacob Hoffman-Andrews | Set submitter to "Jacob Hoffman-Andrews ", replaces to (none) and sent approval email to group chairs: lamps-chairs@ietf.org |
2018-05-30
|
00 | Jacob Hoffman-Andrews | Uploaded new revision |