The IESG has approved the following document: - 'A Root Key Trust Anchor Sentinel for DNSSEC' (draft-ietf-dnsop-kskroll-sentinel-17.txt) as Proposed Standard This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Warren Kumari, Ignas Bagdonas and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ Technical Summary The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key. Working Group Summary This document has had a short history, and came about while working with ICANN on the KSK rollover process, as a way to assist tracking the addition and removal of DNSSEC keys. Document Quality There are two different implementations of the design. Personnel Document Shepherd: Tim Wicinski Responsible Area Director: Terry Manderson
