It appears that Wes Hardaker <[email protected]> said: >- >https://datatracker.ietf.org/doc/draft-hardaker-dnsop-root-zone-publication-points/ > >This document should be considered a starting discussion around how a list of >publication points can be gathered and consumed for where root >zone data is available. Right now the list of available sources are only >available in Appendix A of RFC8806, but this document discusses how >to make a real list and its format published by IANA containing URLs of >publication points. > >Note: the format in this draft is just a starting point for discussion – I >honestly expect something like signed json to win in the end.
I'd look at RFC 9718, about publising the DNSSEC root keys since I'd expect it to be published at roughly the same place. It might as well use a similar method. The key file is XML rather than JSON for historical reasons, and there is a detached signature which it appears nobody uses in favor of trusting the https certificate when you download it from data.iana.org. The two are complementary -- if you have a copy of the zone you trust, you have the keys, or if you have a copy of the keys you trust, you can validate a copy of the zone. R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
