DNSSECbis was published in RFC 4033, RFC 4034, and RFC 4035.
Since the publication, some people filed errata against those
documents, some additional developments added to DNSSECbis, and
some implementation experience illustrated ambiguities or issues
with the original texts. This draft collects those issues in a
single place, updating the DNSSECbis specification and clarifying
it where need be.
Working Group Summary
This draft is the product of the DNS Extensions Working Group.
Many of the clarifications came easily. The more
contentious parts of the document have been discussed at length.
For the most controversial of the clarifications, extensive
discussion is included in appendices so that implementers and
deployers may make informed decisions.
Most, if not all, of the document is reflected in the bulk of
DNSSECbis validators and signers deployed on the Internet. The
document is the result of several years of experience and
discussion, collected with an eye to improving implementations.
One of the most contentious parts resulted in multiple rounds of
discussion and a special design team meeting. The document as it
stands has been refined over a long period of time, and is of high
Who is the Document Shepherd? Who is the Responsible Area
Andrew Sullivan is the Document Shepherd, and Ralph Droms is the
Responsible Area Director.Technical Summary