[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Evaluation: draft-ietf-dnsext-dnssec-2535typecode-change - Legacy Resolver Compatibility for Delegation Signer

To: Internet Engineering Steering Group <iesg@ietf.org>
Subject: Evaluation: draft-ietf-dnsext-dnssec-2535typecode-change - Legacy Resolver Compatibility for Delegation Signer
From: IESG Secretary <iesg-secretary@ietf.org>
Date: Tue, 19 Aug 2003 16:50:23 -0400

Last Call to expire on: 2003-07-30

        Please return the full line with your position.

                      Yes  No-Objection  Discuss  Abstain
Harald Alvestrand    [   ]     [   ]     [   ]     [   ]
Steve Bellovin       [   ]     [   ]     [   ]     [   ]
Randy Bush           [   ]     [   ]     [   ]     [   ]
Bill Fenner          [   ]     [   ]     [   ]     [   ]
Ned Freed            [   ]     [   ]     [   ]     [   ]
Ted Hardie           [   ]     [   ]     [   ]     [   ]
Russ Housley         [   ]     [   ]     [   ]     [   ]
Allison Mankin       [   ]     [   ]     [   ]     [   ]
Thomas Narten        [ X ]     [   ]     [   ]     [   ]
Jon Peterson         [   ]     [   ]     [   ]     [   ]
Margaret Wasserman   [   ]     [   ]     [   ]     [   ]
Bert Wijnen          [   ]     [   ]     [   ]     [   ]
Alex Zinin           [   ]     [   ]     [   ]     [   ]

2/3 (9) Yes or No-Objection opinions needed to pass.

DISCUSSES AND COMMENTS:
======================



^L 
---- following is a DRAFT of message to be sent AFTER approval ---
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce:;
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, <namedroppers@ops.ietf.org>
Subject: Protocol Action: 'Legacy Resolver Compatibility for 
         Delegation Signer' to Proposed Standard 

The IESG has approved the Internet-Draft 'Legacy Resolver Compatibility for 
Delegation Signer' <draft-ietf-dnsext-dnssec-2535typecode-change-04.txt> as 
a Proposed Standard. This document is the product of the DNS Extensions 
Working Group. 
The IESG contact persons are Thomas Narten and Margaret Wasserman.


Technical Summary
 
As the DNS Security (DNSSEC) specifications have evolved, the syntax
and semantics of the DNSSEC resource records (RRs) have changed. Many
deployed nameservers understand variants of these semantics.
Dangerous interactions can occur when a resolver that understands an
earlier version of these semantics queries an authoritative server
that understands the newer Delegation Signer RR semantics, including
at least one failure scenario that will cause an unsecured zone to be
unresolvable. This document changes the type codes and mnemonics of
the DNSSEC RRs (SIG, KEY, and NXT) for the newest version of these RRs
to avoid those interactions. Using new type codes ensures that older
and newer resolvers can easily distinguish which variant of these RRs
have been implemented and how they should be interpreted.
 
Working Group Summary
 
There was consensus in the WG for this option. Note that this document
is part of the overall DNSEXT plan of issuing individual updates to
the DNSSEC RFCs; when all the changes have been completed, a revised
version of 2535 will be issued tht incorportes all the changes.
 
Protocol Quality
 
This document has been reviewed for the IESG by Thomas Narten and Erik
Nordmark.

Follow-Ups:
- Re: Evaluation: draft-ietf-dnsext-dnssec-2535typecode-change - Legacy Resolver Compatibility for Delegation Signer
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: Evaluation: draft-ietf-dnsext-delegation-signer - Delegation Signer Resource Record
Next by Date: Agenda: draft-zeilenga-ldap-authzid-08.txt
Previous by thread: Re: Evaluation: draft-ietf-dnsext-delegation-signer - Delegation Signer Resource Record
Next by thread: Re: Evaluation: draft-ietf-dnsext-dnssec-2535typecode-change - Legacy Resolver Compatibility for Delegation Signer
Index(es):
- Date
- Thread