Skip to main content

Managing DS Records from the Parent via CDS/CDNSKEY

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: "IETF-Announce" <>
Cc:,,,, "The IESG" <>, "Tim Wicinski" <>,,
Subject: Protocol Action: 'Managing DS records from parent via CDS/CDNSKEY' to Proposed Standard (draft-ietf-dnsop-maintain-ds-04.txt)

The IESG has approved the following document:
- 'Managing DS records from parent via CDS/CDNSKEY'
  (draft-ietf-dnsop-maintain-ds-04.txt) as Proposed Standard

This document is the product of the Domain Name System Operations Working

The IESG contact persons are Benoit Claise and Joel Jaeggli.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

This document describes an in-band method for introducing and removing the Initial DNSSEC trust anchor between a parent and a child domain.  This is done by using the CDS/CDNSKEY DNS RR Types introduced in RFC7344. The document also attempts to produce reasonable initial acceptance policy.

This work is extending the work done in RFC7344, which was published as an Information document.  Time and experience has given the working group insight that the use and deployment of the CDS/CDNSKEY are useful in DNSSEC adoption.  Therefore, with the publication of this document, the previous document should be elevated to Standards Track.

Working Group Summary

This working group was very supportive of this document, and discussion was centered around assisting the adoption of DNSSEC, but also the management of the DS Records. There was many constructive comments on the draft that have all been addressed.  The consensus was broad across the working group and the authors addressed all issues raised.

Document Quality

To be addressed in the interregnum, from the Genart review. 

This document intends to move RFC7344 from Informational to PS in place
(without republishing RFC7344. The intent to do so is buried at the end
of the document (the abstract doesn't mention it). The Last Call for the
document does not make it clear that _this_ document is elevating RFC7344.
(It at least mentions it, which is good, but the writeup about the elevation
can be read to say "we're considering this elevation somewhere else, keep it
in mind while evaluating this document").

There is no hint from the subject line that this is a call to bring RFC7344
onto the standards track. Unless there is some other communication effort
that I've missed on a quick search, I think it is very likely that most
of the IETF community outside the dnsop working group missed this intent.
I strongly encourge a last call focusing _specifically_ on moving RFC7344
to the standards track without republication.

My personal feedback on elevating RFC7344 without republishing is that it's
not the right thing to do. At the very least "Category: Informational"
appears in the document itself, and that will not change. If the IESG
decides to proceed with this as currently formulated, count me in the
deep rough. 


Document Shepherd:   Tim Wicinski
Area Director:       Joel Jaggeli

RFC Editor Note