Technical Summary
This document specifies two different ways for validating DNS resolvers
to signal to a server which DNSSEC keys are referenced in their chain-of-
trust. The data from such signaling allow zone administrators to
monitor the progress of rollovers in a DNSSEC-signed zone. This
document describes two independent methods for validating resolvers
to publish their referenced keys: an EDNS option and a different
DNS query.
Working Group Summary
The working group was in strong consensus behind this document. One thing
which did emerge was that there was a division over two methods for
publishihng the keys (EDNS option vs a DNS query). It turned out that each
method had its positives and its negatives. The consensus from the working
group was to offer both alternatives, documents the flaws in each.
Document Quality
The document shepherd did a deep dive on the document for technical
correctness, as well as an editorial pass for grammar and diction.
The shepherd feels this document is ready for publication.
(4)
Personnel
Tim Wickinski is the document shpeherd, Joel Jaeggli is the Area Director