Hi, I've submitted the below revision which addresses all comments from IESG review.
Also, in discussions with IESG members it turned out that a clarification should be added that parents might have local policy, *for example* to only accept glue via CSYNC for in-domain nameservers (but not in an unrelated TLD), or to restrict the choice of hash digest type (such as "not SHA-1"). I've added a clarification to that end. As far as I can tell, this document now has no open questions/issues or other outstanding items. Best, Peter -------- Forwarded Message -------- Subject: New Version Notification for draft-ietf-dnsop-cds-consistency-10.txt Date: Wed, 10 Dec 2025 01:40:32 -0800 From: [email protected] To: Peter Thomassen <[email protected]> A new version of Internet-Draft draft-ietf-dnsop-cds-consistency-10.txt has been successfully submitted by Peter Thomassen and posted to the IETF repository. Name: draft-ietf-dnsop-cds-consistency Revision: 10 Title: Clarifications on CDS/CDNSKEY and CSYNC Consistency Date: 2025-12-10 Group: dnsop Pages: 16 URL: https://www.ietf.org/archive/id/draft-ietf-dnsop-cds-consistency-10.txt Status: https://datatracker.ietf.org/doc/draft-ietf-dnsop-cds-consistency/ HTML: https://www.ietf.org/archive/id/draft-ietf-dnsop-cds-consistency-10.html HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-cds-consistency Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-cds-consistency-10 Abstract: Maintenance of DNS delegations requires occasional changes of the DS and NS record sets on the parent side of the delegation. For the case of DS records, "Automating DNSSEC Delegation Trust Maintenance" (RFC 7344) provides automation by allowing the child to publish CDS and/or CDNSKEY records holding the prospective DS parameters which the parent can ingest. Similarly, "Child-to-Parent Synchronization in DNS" (RFC 7477) specifies CSYNC records to indicate a desired update of the delegation's NS (and glue) records. Parent-side entities (e.g., Registries and Registrars) can query these records from the child and, after validation, use them to update the parent- side Resource Record Sets (RRsets) of the delegation. This document specifies under which conditions the target states expressed via CDS/CDNSKEY and CSYNC records are considered "consistent". Parent-side entities accepting such records from the child have to ensure that update requests retrieved from different authoritative nameservers satisfy these consistency requirements before taking any action based on them. This document updates RFC 7344 and RFC 7477. The IETF Secretariat _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
