DNS Security (DNSSEC) Experiments
RFC 4955

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    dnsext mailing list <namedroppers@ops.ietf.org>, 
    dnsext chair <dnsext-chairs@tools.ietf.org>
Subject: Protocol Action: 'DNSSEC Experiments' to Proposed 
         Standard 

The IESG has approved the following document:

- 'DNSSEC Experiments '
   <draft-ietf-dnsext-dnssec-experiments-05.txt> as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Mark Townsley and Jari Arkko.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-experiments-05.txt

Ballot Text

   Technical Summary

This document describes how algorithm identifiers can be used to
perform experiments within a DNSSECbis environment without that the
published data is marked as "bogus" by validating resolvers that do
not partake in the experiments.

The document explains why this methodology works and describes how
experiments are to be defined.

Besides, it suggests that algorithm identifiers can be used to
introduce non-backward compatible DNSSEC features into the
protocol.

The technology relies on the fact that DNSSECbis validators should
treat RRSets that are signed  (exclusively) with key-algorithms that
are not implemented by the validator, should treat the RRset as
not being signed at al.

The first application of this methodology will be an experiment with
"opt-in" [draft-ietf-dnsext-dnssec-opt-in]. It is possible that the
methodology will be used for the introduction of current DNSSEC
extensions currently under development in DNSEXT, the NSEC3 work.


   Working Group Summary

There is a solid consensus behind this working group document.
It has had a few review cycles and it is seen as relevant

   Document Quality

This document has been reviewed (among others) by these key members,
most of them recognized  DNS and or DNSSEC specialist.

Sam Weiler

(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00576.html)

Ed Lewis
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00440.html)

Andrew Sullivan
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00330.html)

Mark Kosters
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00309.html)

Thierry Moreau
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00305.html)

Scott Rose
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00316.html)

RodneyJoffe
(http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00335.html)

Thomas Nartan (thread starting at:
http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00308.html).

RFC Editor Note