Skip to main content

Automatic DNSSEC Bootstrapping Using Authenticated Signals from the Zone's Operator
RFC 9615

Revision differences

Document history

Date By Action
2024-07-18
(System) Received changes through RFC Editor sync (added Verified Errata tag)
2024-07-18
(System) Received changes through RFC Editor sync (added Errata tag)
2024-07-16
(System)
Received changes through RFC Editor sync (created document RFC 9615, created became rfc relationship between draft-ietf-dnsop-dnssec-bootstrapping and RFC 9615, set title to 'Automatic …
Received changes through RFC Editor sync (created document RFC 9615, created became rfc relationship between draft-ietf-dnsop-dnssec-bootstrapping and RFC 9615, set title to 'Automatic DNSSEC Bootstrapping Using Authenticated Signals from the Zone's Operator', set abstract to 'This document introduces an in-band method for DNS operators to publish arbitrary information about the zones for which they are authoritative, in an authenticated fashion and on a per-zone basis. The mechanism allows managed DNS operators to securely announce DNSSEC key parameters for zones under their management, including for zones that are not currently securely delegated.

Whenever DS records are absent for a zone's delegation, this signal enables the parent's registry or registrar to cryptographically validate the CDS/CDNSKEY records found at the child's apex. The parent can then provision DS records for the delegation without resorting to out-of-band validation or weaker types of cross-checks such as "Accept after Delay".

This document establishes the DS enrollment method described in Section 4 of this document as the preferred method over those from Section 3 of RFC 8078. It also updates RFC 7344.', set pages to 12, set standardization level to Proposed Standard, added RFC published event at 2024-07-16, created updates relation between RFC 9615 and RFC 7344, created updates relation between RFC 9615 and RFC 8078)
2024-07-16
(System) RFC published