Skip to main content

DNSSEC Trust Anchor Publication for the Root Zone
draft-ietf-dnsop-rfc7958bis-06

Revision differences

Document history

Date Rev. By Action
2024-09-23
06 (System) IANA Action state changed to No IANA Actions from In Progress
2024-09-23
06 (System) RFC Editor state changed to EDIT
2024-09-23
06 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2024-09-23
06 (System) Announcement was received by RFC Editor
2024-09-20
06 (System) IANA Action state changed to In Progress
2024-09-20
06 (System) Removed all action holders (IESG state changed)
2024-09-20
06 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup
2024-09-20
06 Cindy Morgan IESG has approved the document
2024-09-20
06 Cindy Morgan Closed "Approve" ballot
2024-09-20
06 Cindy Morgan Ballot approval text was generated
2024-09-19
06 Jenny Bui IESG state changed to Approved-announcement to be sent::AD Followup from IESG Evaluation
2024-09-19
06 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2024-09-18
06 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2024-09-18
06 Orie Steele [Ballot comment]
Thanks to Scott Hollenbeck for the ART ART review.
2024-09-18
06 Orie Steele [Ballot Position Update] New position, No Objection, has been recorded for Orie Steele
2024-09-18
06 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2024-09-17
06 Amanda Baber IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed
2024-09-17
06 Éric Vyncke [Ballot comment]
Thanks to Petr Špaček for his DNS-dir review at https://datatracker.ietf.org/doc/review-ietf-dnsop-rfc7958bis-06-dnsdir-telechat-spacek-2024-09-06/ (and to the authors for discussing Petr's reviews).
2024-09-17
06 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2024-09-16
06 Roman Danyliw [Ballot comment]
Thank you to Dan Romascanu for the GENART review.
2024-09-16
06 Roman Danyliw [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw
2024-09-13
06 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2024-09-12
06 Klaas Wierenga Request for Telechat review by SECDIR Completed: Ready. Reviewer: Klaas Wierenga. Sent review to list. Submission of review completed at an earlier date.
2024-09-12
06 Klaas Wierenga Request for Telechat review by SECDIR Completed: Ready. Reviewer: Klaas Wierenga.
2024-09-09
06 Gunter Van de Velde [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde
2024-09-07
06 Tero Kivinen Request for Telechat review by SECDIR is assigned to Klaas Wierenga
2024-09-06
06 Petr Špaček Request for Telechat review by DNSDIR Completed: Ready with Nits. Reviewer: Petr Špaček. Sent review to list.
2024-09-05
06 Geoff Huston Request for Telechat review by DNSDIR is assigned to Petr Špaček
2024-09-04
06 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2024-09-04
06 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-06.txt
2024-09-04
06 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-09-04
06 Paul Hoffman Uploaded new revision
2024-09-03
05 Paul Wouters [Ballot Position Update] New position, Yes, has been recorded for Paul Wouters
2024-09-02
05 Petr Špaček Request for Telechat review by DNSDIR Completed: Ready with Issues. Reviewer: Petr Špaček.
2024-08-31
05 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2024-08-30
05 (System) IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed
2024-08-29
05 Geoff Huston Request for Telechat review by DNSDIR is assigned to Petr Špaček
2024-08-29
05 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-05.txt
2024-08-29
05 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-08-29
05 Paul Hoffman Uploaded new revision
2024-08-28
04 Cindy Morgan Telechat date has been changed to 2024-09-19 from 2024-09-05
2024-08-27
04 Petr Špaček Request for Telechat review by DNSDIR Completed: Almost Ready. Reviewer: Petr Špaček. Sent review to list.
2024-08-26
04 Jim Reid Assignment of request for Telechat review by DNSDIR to Florian Obser was rejected
2024-08-26
04 Jim Reid Request for Telechat review by DNSDIR is assigned to Petr Špaček
2024-08-25
04 Jim Reid Request for Telechat review by DNSDIR is assigned to Florian Obser
2024-08-23
04 Cindy Morgan Placed on agenda for telechat - 2024-09-05
2024-08-23
04 Warren Kumari Ballot has been issued
2024-08-23
04 Warren Kumari [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari
2024-08-23
04 Warren Kumari Created "Approve" ballot
2024-08-23
04 (System) Changed action holders to Warren Kumari (IESG state changed)
2024-08-23
04 Warren Kumari IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::Revised I-D Needed
2024-08-13
04 Paul Wouters A revision is needed for:


Correction: Replace "IANA CA" with "ICANN CA."
2024-08-13
04 (System) Changed action holders to Paul Hoffman, Joe Abley, Jakob Schlyter, Guillaume Bailey (IESG state changed)
2024-08-13
04 Paul Wouters IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2024-08-09
04 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-08-09
04 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-04.txt
2024-08-09
04 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-08-09
04 Paul Hoffman Uploaded new revision
2024-08-08
03 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2024-08-06
03 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2024-08-06
03 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-dnsop-rfc7958bis-03. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-dnsop-rfc7958bis-03. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which we must complete.

IANA understands that each time IANA produces a new trust anchor, it will publish that trust anchor using the format described in this document (upon its approval).

IANA may decide to delay the publication of a new trust anchor for operational reasons, for instance having a newly-created key in multiple facilities.

When a trust anchor that was previously published is no longer suitable for use, IANA will update the trust anchor document accordingly by setting a validUntil date for that trust anchor. The validUntil attribute that is added can be a date in the past or in the future, depending on IANA's operational choices.

IANA will continue to ensure that the IANA policies and procedures for how the cryptographic keys for the DNS root zone are managed (also known as "DNSSEC Practice Statements" or "DPSs") will be updated at https://www.iana.org/dnssec/procedures.

We understand that this is the only action required to be completed upon approval of this document.

NOTE: The action requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the action that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2024-08-02
03 Dan Romascanu Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Dan Romascanu. Sent review to list.
2024-08-01
03 Klaas Wierenga Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Klaas Wierenga. Sent review to list.
2024-07-31
03 Petr Špaček Request for Last Call review by DNSDIR Completed: On the Right Track. Reviewer: Petr Špaček. Sent review to list.
2024-07-29
03 Scott Hollenbeck Request for Last Call review by ARTART Completed: Ready with Nits. Reviewer: Scott Hollenbeck. Sent review to list.
2024-07-25
03 Jean Mahoney Request for Last Call review by GENART is assigned to Dan Romascanu
2024-07-23
03 Barry Leiba Request for Last Call review by ARTART is assigned to Scott Hollenbeck
2024-07-23
03 Carlos Pignataro Request for Last Call review by OPSDIR is assigned to Marisol Palmero
2024-07-20
03 Tero Kivinen Request for Last Call review by SECDIR is assigned to Klaas Wierenga
2024-07-19
03 Jim Reid Request for Last Call review by DNSDIR is assigned to Petr Špaček
2024-07-18
03 Cindy Morgan IANA Review state changed to IANA - Review Needed
2024-07-18
03 Cindy Morgan
The following Last Call announcement was sent out (ends 2024-08-08):

From: The IESG
To: IETF-Announce
CC: benno@NLnetLabs.nl, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-rfc7958bis@ietf.org, suzworldwide@gmail.com …
The following Last Call announcement was sent out (ends 2024-08-08):

From: The IESG
To: IETF-Announce
CC: benno@NLnetLabs.nl, dnsop-chairs@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-rfc7958bis@ietf.org, suzworldwide@gmail.com, warren@kumari.net
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (DNSSEC Trust Anchor Publication for the Root Zone) to Informational RFC


The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document: - 'DNSSEC Trust Anchor
Publication for the Root Zone'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-08-08. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  The root zone of the Domain Name System (DNS) is cryptographically
  signed using DNS Security Extensions (DNSSEC).

  In order to obtain secure answers from the root zone of the DNS using
  DNSSEC, a client must configure a suitable trust anchor.  This
  document describes the format and publication mechanisms IANA uses to
  distribute the DNSSEC trust anchors.

  This document obsoletes RFC 7958.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7958bis/



No IPR declarations have been submitted directly on this I-D.




2024-07-18
03 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2024-07-18
03 Cindy Morgan Last call announcement was changed
2024-07-18
03 Warren Kumari Last call was requested
2024-07-18
03 Warren Kumari Last call announcement was generated
2024-07-18
03 Warren Kumari Ballot approval text was generated
2024-07-18
03 Warren Kumari IESG state changed to Last Call Requested from Publication Requested
2024-07-18
03 Warren Kumari Changed consensus to Yes from Unknown
2024-07-18
03 Warren Kumari Ballot writeup was changed
2024-07-12
03 Tim Wicinski
Shepherd Write up 7958bis

(1)Publication of this document is requested as Informational. This is appropriate primarily because it describes guidelines and procedures that IANA follows …
Shepherd Write up 7958bis

(1)Publication of this document is requested as Informational. This is appropriate primarily because it describes guidelines and procedures that IANA follows for the publication of trust anchors for bootstrapping DNSSEC validation of signed zones, but doesn’t specify behavior for DNS software or operators. IANA makes the trust anchor available by a variety of mechanisms, as a helpful optimization for operators validating DNSSEC. There would be operational disruption if IANA procedures were changed without notice, but those procedures don’t create a standard.

The document obsoletes RFC 7958, which was published on the independent stream; it was submitted to the WG to get more rigorous review.

(2)Technical Summary:

The root zone of the Domain Name System (DNS) is cryptographically signed using DNS Security Extensions (DNSSEC).

In order to obtain secure answers from the root or signed child zones of the DNS using DNSSEC, a client must configure a suitable trust anchor.  This document describes the format and publication mechanisms IANA uses to distribute the DNSSEC trust anchors.

Working Group Summary:

There was some concern expressed at the time of adoption that the document should go to the Independent Stream, since it documents established practices, deployed by IANA at their discretion. It wasn’t clear to everyone what added value would come from taking it through WG adoption and consensus. However, documenting established practices in Informational RFCs is nothing new for DNSOP, and consensus tends to be that clear, understandable documentation of such fixed “facts of life” helps real-world interoperability of the DNS. 

Document Quality:

The mechanisms described in this document are in daily use for distributing the DNSSEC root zone trust anchor for DNS operators across the Internet. 7958bis reflects experience gained since RFC 7958, published in 2016, including dropping distribution mechanisms that turned out to be less useful. In addition, 7958 was published on the Independent Stream, but 7958bis has been a WG document. It's clearly written, understandable, and technically accurate.

Personnel:

Who is the Document Shepherd? Suzanne Woolf
Warren Kumari is the Responsible Area Director


(3)The document has passed WGLC and looks ready to publish. It has been reviewed for both accuracy of technical detail, and clarity. The technical matters discussed are straightforward, the original draft was well-written, and the authors have been responsive to WG suggestions for edits.

(4) No concerns on reviews.

(5) No broader review needed.

(6) The “IANA Considerations” section of this document uses normative language to describe IANA procedures, which may be a little unusual in an Informational document. However, as written it conveys some attributes of IANA procedures on trust anchor publication that operators can rely on (“MUST”) and some others that may require more flexibility from a client trying to keep their root zone trust anchors up to date(“MAY”).

(7) No IPR to disclose.

(8) No IPR

(9) WG Consensus is solid. There were no objections at Last Call to advancing the document.

(10) No threats of appeal

(11) All nits addressed

(12) No formal review needed

(13) all references have been identified as either normative or informative

(14) All normative references are clear.

(15) There are no downward normative references

(16) This document will obsolete RFC 7958 and it is mentioned in the abstract, title page and introduction.

(17) See above on the IANA Considerations and the use of reserved words. There are no new protocol extensions, registries, or assigned values specified.

(18) There are no new IANA registries.

(19) N/A

(20) No Yang Needed
2024-07-12
03 Tim Wicinski IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2024-07-12
03 Tim Wicinski IESG state changed to Publication Requested from I-D Exists
2024-07-12
03 (System) Changed action holders to Warren Kumari (IESG state changed)
2024-07-12
03 Tim Wicinski Responsible AD changed to Warren Kumari
2024-07-12
03 Tim Wicinski Document is now in IESG state Publication Requested
2024-07-12
03 Suzanne Woolf
Shepherd Write up 7958bis

(1)Publication of this document is requested as Informational. This is appropriate primarily because it describes guidelines and procedures that IANA follows …
Shepherd Write up 7958bis

(1)Publication of this document is requested as Informational. This is appropriate primarily because it describes guidelines and procedures that IANA follows for the publication of trust anchors for bootstrapping DNSSEC validation of signed zones, but doesn’t specify behavior for DNS software or operators. IANA makes the trust anchor available by a variety of mechanisms, as a helpful optimization for operators validating DNSSEC. There would be operational disruption if IANA procedures were changed without notice, but those procedures don’t create a standard.

The document obsoletes RFC 7958, which was published on the independent stream; it was submitted to the WG to get more rigorous review.

(2)Technical Summary:

The root zone of the Domain Name System (DNS) is cryptographically signed using DNS Security Extensions (DNSSEC).

In order to obtain secure answers from the root or signed child zones of the DNS using DNSSEC, a client must configure a suitable trust anchor.  This document describes the format and publication mechanisms IANA uses to distribute the DNSSEC trust anchors.

Working Group Summary:

There was some concern expressed at the time of adoption that the document should go to the Independent Stream, since it documents established practices, deployed by IANA at their discretion. It wasn’t clear to everyone what added value would come from taking it through WG adoption and consensus. However, documenting established practices in Informational RFCs is nothing new for DNSOP, and consensus tends to be that clear, understandable documentation of such fixed “facts of life” helps real-world interoperability of the DNS. 

Document Quality:

The mechanisms described in this document are in daily use for distributing the DNSSEC root zone trust anchor for DNS operators across the Internet. 7958bis reflects experience gained since RFC 7958, published in 2016, including dropping distribution mechanisms that turned out to be less useful. In addition, 7958 was published on the Independent Stream, but 7958bis has been a WG document. It's clearly written, understandable, and technically accurate.

Personnel:

Who is the Document Shepherd? Suzanne Woolf
Warren Kumari is the Responsible Area Director


(3)The document has passed WGLC and looks ready to publish. It has been reviewed for both accuracy of technical detail, and clarity. The technical matters discussed are straightforward, the original draft was well-written, and the authors have been responsive to WG suggestions for edits.

(4) No concerns on reviews.

(5) No broader review needed.

(6) The “IANA Considerations” section of this document uses normative language to describe IANA procedures, which may be a little unusual in an Informational document. However, as written it conveys some attributes of IANA procedures on trust anchor publication that operators can rely on (“MUST”) and some others that may require more flexibility from a client trying to keep their root zone trust anchors up to date(“MAY”).

(7) No IPR to disclose.

(8) No IPR

(9) WG Consensus is solid. There were no objections at Last Call to advancing the document.

(10) No threats of appeal

(11) All nits addressed

(12) No formal review needed

(13) all references have been identified as either normative or informative

(14) All normative references are clear.

(15) There are no downward normative references

(16) This document will obsolete RFC 7958 and it is mentioned in the abstract, title page and introduction.

(17) See above on the IANA Considerations and the use of reserved words. There are no new protocol extensions, registries, or assigned values specified.

(18) There are no new IANA registries.

(19) N/A

(20) No Yang Needed
2024-07-12
03 Tim Wicinski Notification list changed to benno@NLnetLabs.nl, suzworldwide@gmail.com from benno@NLnetLabs.nl because the document shepherd was set
2024-07-12
03 Tim Wicinski Document shepherd changed to Suzanne Woolf
2024-07-08
03 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-03.txt
2024-07-08
03 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-07-08
03 Paul Hoffman Uploaded new revision
2024-07-03
02 Tim Wicinski Authors have new version  to produce
2024-07-03
02 Tim Wicinski IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2024-06-19
02 Tim Wicinski IETF WG state changed to In WG Last Call from WG Document
2024-06-19
02 Tim Wicinski Changed document external resources from: None to:

github_repo https://github.com/paulehoffman/draft-bash-rfc7958bis
2024-06-19
02 Tim Wicinski Notification list changed to benno@NLnetLabs.nl because the document shepherd was set
2024-06-19
02 Tim Wicinski Document shepherd changed to Benno Overeinder
2024-06-19
02 Tim Wicinski Intended Status changed to Informational from None
2024-06-03
02 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-02.txt
2024-06-03
02 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-06-03
02 Paul Hoffman Uploaded new revision
2024-03-17
01 Benno Overeinder Added to session: IETF-119: dnsop  Mon-0530
2024-03-04
01 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-01.txt
2024-03-04
01 Paul Hoffman New version accepted (logged-in submitter: Paul Hoffman)
2024-03-04
01 Paul Hoffman Uploaded new revision
2024-02-06
00 Florian Obser Request for Early review by DNSDIR Completed: Ready with Nits. Reviewer: Florian Obser. Sent review to list.
2024-01-30
00 Jim Reid Request for Early review by DNSDIR is assigned to Florian Obser
2024-01-30
00 Tim Wicinski Requested Early review by DNSDIR
2023-12-30
00 Tim Wicinski This document now replaces draft-bash-rfc7958bis instead of None
2023-12-30
00 Paul Hoffman New version available: draft-ietf-dnsop-rfc7958bis-00.txt
2023-12-30
00 Tim Wicinski WG -00 approved
2023-12-30
00 Paul Hoffman Set submitter to "Paul Hoffman ", replaces to draft-bash-rfc7958bis and sent approval email to group chairs: dnsop-chairs@ietf.org
2023-12-30
00 Paul Hoffman Uploaded new revision