From: The IESG <firstname.lastname@example.org>
To: IETF-Announce <email@example.com>
Cc: Internet Architecture Board <firstname.lastname@example.org>,
RFC Editor <email@example.com>,
dnsext mailing list <firstname.lastname@example.org>,
dnsext chair <email@example.com>
Subject: Document Action: 'Derivation of DNS Name Predecessor
and Successor' to Experimental RFC
The IESG has approved the following document:
- 'Derivation of DNS Name Predecessor and Successor '
<draft-ietf-dnsext-dns-name-p-s-02.txt> as an Experimental RFC
This document is the product of the DNS Extensions Working Group.
The IESG contact persons are Mark Townsley and Jari Arkko.
A URL of this Internet-Draft is:
The first draft, draft-ietf-dnsext-dnssec-online-signing
describes how to construct DNSSEC NSEC resource records
that cover a smaller range of names than called for by RFC4034. By
generating and signing these records on demand, authoritative name
servers can effectively stop the disclosure of zone contents
otherwise made possible by walking the chain of NSEC records in a
The other draft, draft-ietf-dnsext-dns-name-p-s describes two
methods for deriving the canonically-ordered predecessor and
successor of a DNS name. These methods may be used for dynamic
NSEC resource record synthesis, enabling security-aware name
servers to provide authenticated denial of existence without
disclosing other owner names in a DNSSEC-secured zone.
Working Group Summary
There was consensus in the DNSEXT WG to publisg the online-signing
draft as Proposed Standards. During IETF Last Call, some people
suggested that this draft would be better published as an
Experimental RFC. However, the WG had discussed the publication
status of both of these drafts explicitly, and the number people who
raised this issue in IETF LC was not sufficient to question the
earlier WG consensus.
These documents were reviewed for the IESG by Margaret Wasserman.