The IESG has approved the following document: - 'DNSSEC Cryptographic Algorithm Recommendation Update Process' (draft-ietf-dnsop-rfc8624-bis-13.txt) as Proposed Standard
This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Mahesh Jethanandani, Éric Vyncke and Mohamed Boucadair. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8624-bis/ Technical Summary The DNSSEC protocol makes use of various cryptographic algorithms to provide authentication of DNS data and proof of non-existence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify both a set of algorithm implementation requirements and usage guidelines to ensure that there is at least one algorithm that all implementations support. This document updates RFC8624 by moving the canonical source of algorithm implementation requirements and usage guidance for DNSSEC from RFC8624 to an IANA registry. This is done both to allow the list to be more easily updated, and to allow the list to be more easily referenced. Future extensions to this registry can be made under new, incremental update RFCs. The document does not change the status (MUST, MAY, RECOMMENDED, etc) of any of the algorithms listed in RFC8624; that is the work of future documents. Working Group Summary From the shepherd's write-up: "WG consensus was solid. There was discussions around Section 2 "Adding usage and implementation recommendations to the IANA DNSSEC tables", but nothing in conflict." Document Quality Also from the shepherd's write-up: "As this document is updating IANA tables, it is more about documenting existing usage and not about implementations." The IETF Last Call received several reviews and the I-D was updated (verified by the AD). Personnel The Document Shepherd for this document is Tim Wicinski. The Responsible Area Director is Éric Vyncke. IANA Note This document adds usage and implementation recommandations to the existing IANA DNSSEC registries. RFC Editor Note When allocating RFC numbers for this I-D and for the related draft-ietf-dnsop-must-not-ecc-gost, draft-ietf-dnsop-must-not-sha1 , please use three consecutive RFC numbers starting with draft-ietf-dnsop-rfc8624-bis, then draft-ietf-dnsop-must-not-sha1, then draft-ietf-dnsop-must-not-ecc-gost. Thanks -éric _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
