As DNS Security Extensions (DNSSEC) is being widely deployed, tools and processes are not fully mature. Creating a temporary object called Negative Trust Anchor to temporarily disable DNSSEC validation for misconfigured domains; thereby allowing DNS resolution to continue working.
Working Group Summary
The working group spent time reviewing the document, and several points were raised about the deployment of these trust anchors. However, all points raised involved clarification text which made the final document more robust. There were no decisions that were particularly rough.
There were several editorial passes done during the timeframe, all of which cleared up the text. The document has a section on managing these Negative Trust Anchors, and laid out in a manner that operators of DNS zones will be able to use. Additionally, there are examples from existing DNS tools in Appendix A.
The document shepherd is Tim Wicinski.
Responsible Area Director is Joel Jaeggli.