Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, dnsext mailing list <firstname.lastname@example.org>, dnsext chair <email@example.com> Subject: Document Action: 'Requirements related to DNSSEC Trust Anchor Rollover' to Informational RFC The IESG has approved the following document: - 'Requirements related to DNSSEC Trust Anchor Rollover ' <draft-ietf-dnsext-rollover-requirements-05.txt> as an Informational RFC This document is the product of the DNS Extensions Working Group. The IESG contact persons are Mark Townsley and Jari Arkko. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-rollover-requirements-05.txt
Technical Summary This document provides a number or "requirements" for key-rollover in a DNSSEC operational environment. DNSSEC has been designed in such a way that zone operators can roll their key-signin key, when those key-signing keys are configured as trust anchors in remote resolvers those resolvers should automatically adapt to these changes. This document sets out the requirements that must be met by a DNS trust-anchor rollover solution for DNSSEC aware resolvers. As described in section 1 and 2, this document is intended to capture the various requirements and use those in making a trade-off between the various proposals that were available to the group. These requirements acted as "goals". With the selection of draft-ietf-dnsext-trustupdate-timers this document has no further relevance. It is requested to be published as informational. Working Group Summary Please see the PROTO statement for significant issues raised by one member of the WG. Protocol Quality The PROTO statement lists a number of specific reviewers for this document.