@techreport{dickson-dnsop-ds-hack-02,
    number =    {draft-dickson-dnsop-ds-hack-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-dickson-dnsop-ds-hack/02/},
    author =    {Brian Dickson},
    title =     {{DS Algorithms for Securing NS and Glue}},
    pagetotal = 6,
    year =      2021,
    month =     sep,
    day =       19,
    abstract =  {This Internet Draft proposes a mechanism to encode relevant data for NS records on the parental side of a zone cut by encoding them in DS records based on a new DNSKEY algorithm. Since DS records are signed by the parent, this creates a method for validation of the otherwise unsigned delegation records. Notably, support for updating DS records in a parent zone is already present (by necessity) in the Registry-Registrar-Registrant (RRR) provisioning system, EPP. Thus, no changes to the EPP protocol are needed, and no changes to registry database or publication systems upstream of the DNS zones published by top level domains (TLDs). This NS validation mechanism is beneficial if the name server \_names\_ need to be validated prior to use.},
}