Redefinition of DNS Authenticated Data (AD) bit
RFC 3655
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2017-05-16
|
06 | (System) | Changed document authors from "Brian Wellington" to "Brian Wellington, Ólafur Guðmundsson" |
|
2015-10-14
|
06 | (System) | Notify list changed from , to |
|
2003-11-17
|
06 | Thomas Narten | [Note]: 'published as RFC 3655' added by Thomas Narten |
|
2003-11-17
|
06 | Thomas Narten | published as RFC 3655 |
|
2003-11-05
|
06 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2003-11-05
|
06 | (System) | RFC published |
|
2003-08-15
|
06 | Natalia Syracuse | State Changes to RFC Ed Queue from Approved-announcement sent by Natalia Syracuse |
|
2003-08-13
|
06 | Michael Lee | IESG state changed to Approved-announcement sent |
|
2003-08-13
|
06 | Michael Lee | IESG has approved the document |
|
2003-08-13
|
06 | Michael Lee | Closed "Approve" ballot |
|
2003-07-16
|
06 | Michael Lee | State Changes to Approved-announcement sent from Approved-announcement to be sent :: Point Raised - writeup needed by Lee, Michael |
|
2003-07-10
|
06 | Amy Vezza | State Changes to Approved-announcement to be sent :: Point Raised - writeup needed from IESG Evaluation by Vezza, Amy |
|
2003-07-03
|
06 | Erik Nordmark | State Changes to IESG Evaluation from AD Evaluation by Nordmark, Erik |
|
2003-07-03
|
06 | Erik Nordmark | State Changes to AD Evaluation from IESG Evaluation :: AD Followup by Nordmark, Erik |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Steven Bellovin |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Thomas Narten |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] Position for Allison Mankin has been changed to Discuss from No Record |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] Position for Randy Bush has been changed to Discuss from No Record |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand |
|
2003-06-17
|
06 | (System) | [Ballot Position Update] New position, Yes, has been recorded for Erik Nordmark |
|
2003-06-17
|
06 | Allison Mankin | [Ballot discuss] The final paragraph of the Security Considerations is written in a way that obscures meaning, in contrast to the related final paragraph of … [Ballot discuss] The final paragraph of the Security Considerations is written in a way that obscures meaning, in contrast to the related final paragraph of Section 3. > Resolvers (full or stub) that blindly trust the AD bit without > knowing the security policy of the server generating the answer can > not be considered security aware. A better version would be "that blindly trust the AD bit MUST be used only in an environment in which configurations ensure that the security policy of the server is appropriate to the AD bit's information being valid for a decision on whether to use the information it applies to" Perhaps rather than obscuring meaning, it is actually wrong. But the above hasty attempt tried to express something less wrong. |
|
2003-06-17
|
06 | (System) | Ballot has been issued |
|
2003-06-17
|
06 | Randy Bush | [Ballot discuss] this 'discuss' is meant literally. i just think that there are some issues here worth discussing. the major issue here is that having … [Ballot discuss] this 'discuss' is meant literally. i just think that there are some issues here worth discussing. the major issue here is that having a remote, often untrusted, server assert (often over an untrusted channel) that the data met its local policies is not overly useful and is possibly misleading. the counter is that the stub client may have a trust relationship, via tsig or whatever, with the server, which also provides a trustable channel. on the other hand, this is no worse, and arguably better than the current definition of the AD bit. this then devolves into the question of whether it is better to improve a weak assertion or to recover the bit and reserve it for future use. who is going to use this assertion? is it thought that application layers will learn the trust state of the dns data which they use? and then, there is the exciting question of what this means in the presense of the dreaded opt-in. the client can not tell if the server which set the AD bit is locally configured to like opted-out data. |
|
2003-06-17
|
06 | Randy Bush | Created "Approve" ballot |
|
2003-06-17
|
06 | (System) | Ballot writeup text was added |
|
2003-06-17
|
06 | (System) | Last call text was added |
|
2003-06-17
|
06 | (System) | Ballot approval text was added |
|
2002-09-25
|
06 | Erik Nordmark | responsible has been changed to IESG member from Working Group |
|
2002-09-25
|
06 | Erik Nordmark | State Changes to IESG Evaluation -- Evaluation of Result from AD Evaluation -- External Party by nordmark |
|
2002-09-25
|
06 | Erik Nordmark | Need to review if 06 satisfies the comments from the IESG. |
|
2002-09-25
|
06 | Erik Nordmark | A new comment added by nordmark |
|
2002-09-25
|
06 | Erik Nordmark | responsible has been changed to Working Group from IETF Secretary |
|
2002-06-28
|
06 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-06.txt |
|
2002-06-05
|
06 | Erik Nordmark | Waiting for 24 hours to get IESG comments gathered before sending to the WG. |
|
2002-06-05
|
06 | Erik Nordmark | Due date has been changed to 06/06/2002 from 05/21/2002 A new comment added by nordmark |
|
2002-06-05
|
06 | Erik Nordmark | State Changes to New Version Needed (WG/Author) from Ready for Telechat … State Changes to New Version Needed (WG/Author) from Ready for Telechat by nordmark |
|
2002-05-24
|
06 | Stephen Coya | State Changes to Ready for Telechat from Last Call Issued … State Changes to Ready for Telechat from Last Call Issued by scoya |
|
2002-05-16
|
06 | Stephen Coya | Due date has been changed to 05/21/2002 from by scoya |
|
2002-05-15
|
06 | Jacqueline Hargest | State Changes to Last Call Issued from Last Call … State Changes to Last Call Issued from Last Call Requested by jhargest |
|
2002-05-07
|
06 | Erik Nordmark | responsible has been changed to IETF Secretary from Responsible AD |
|
2002-05-07
|
06 | Erik Nordmark | State Changes to Last Call Requested from AD Evaluation … State Changes to Last Call Requested from AD Evaluation by nordmark |
|
2002-05-07
|
06 | (System) | Last call sent |
|
2002-03-28
|
06 | Erik Nordmark | Intended Status has been changed to Proposed Standard from None |
|
2002-03-28
|
06 | Erik Nordmark | State Changes to AD Evaluation from Pre AD … State Changes to AD Evaluation from Pre AD Evaluation by Erik Nordmark |
|
2002-03-28
|
06 | Erik Nordmark | Draft Added by Erik Nordmark |
|
2002-03-26
|
05 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-05.txt |
|
2002-02-15
|
04 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-04.txt |
|
2001-07-19
|
03 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-03.txt |
|
2001-06-21
|
02 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-02.txt |
|
2001-01-22
|
01 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-01.txt |
|
2000-11-21
|
00 | (System) | New version available: draft-ietf-dnsext-ad-is-secure-00.txt |