Skip to main content

Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover
RFC 4986

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    dnsext mailing list <>, 
    dnsext chair <>
Subject: Document Action: 'Requirements related to DNSSEC Trust 
         Anchor Rollover' to Informational RFC 

The IESG has approved the following document:

- 'Requirements related to DNSSEC Trust Anchor Rollover '
   <draft-ietf-dnsext-rollover-requirements-05.txt> as an Informational RFC

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Mark Townsley and Jari Arkko.

A URL of this Internet-Draft is:

Ballot Text

Technical Summary
This document provides a number or "requirements" for key-rollover in a
DNSSEC operational environment.

DNSSEC has been designed in such a way that zone operators can roll
their key-signin key, when those key-signing keys are configured as
trust anchors in remote resolvers those resolvers should automatically
adapt to these changes. This document sets out the requirements that
must be met by a DNS trust-anchor rollover solution for DNSSEC aware

As described in section 1 and 2, this document is intended to capture
the various requirements and use those in making a trade-off between
the various proposals that were available to the group. These
requirements acted as "goals". With the selection of
draft-ietf-dnsext-trustupdate-timers this document has no further
relevance. It is requested to be published as informational.
Working Group Summary
Please see the PROTO statement for significant issues raised by one
member of the WG.
Protocol Quality
The PROTO statement lists a number of specific reviewers for this

RFC Editor Note