Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)
RFC 8145

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc:, The IESG <>,,, Tim Wicinski <>,,,
Subject: Protocol Action: 'Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)' to Proposed Standard (draft-ietf-dnsop-edns-key-tag-05.txt)

The IESG has approved the following document:
- 'Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)'
  (draft-ietf-dnsop-edns-key-tag-05.txt) as Proposed Standard

This document is the product of the Domain Name System Operations Working

The IESG contact persons are Benoit Claise and Joel Jaeggli.

A URL of this Internet Draft is:

Technical Summary

This document specifies two different ways for validating DNS resolvers
to signal to a server which DNSSEC keys are referenced in their chain-of-
trust.  The data from such signaling allow zone administrators to
monitor the progress of rollovers in a DNSSEC-signed zone.    This
document describes two independent methods for validating resolvers
to publish their referenced keys: an EDNS option and a different
DNS query.

Working Group Summary

The working group was in strong consensus behind this document. One thing
which did emerge was that there was a division over two methods for
publishihng the keys (EDNS option vs a DNS query).  It turned out that each
method had its positives and its negatives.  The consensus from the working
group was to offer both alternatives, documents the flaws in each.

Document Quality

The document shepherd did a deep dive on the document for technical
correctness, as well as an editorial pass for grammar and diction.
The shepherd feels this document is ready for publication.



Tim Wickinski is the document shpeherd, Joel Jaeggli is the Area Director