Multi-Signer DNSSEC Models approved as RFC

1 minute read

The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Group - the overall management arm of the IETF).

The approval announcement can be seen here:

The document is now in the RFC Editor’s queue, and modulo minor editorial changes, should be published as an RFC soon (perhaps a couple of months?).

In the weeks leading up to the approval, I spent quite a bit of time and effort responding to reviews and comments by various IESG members, as well as from assigned reviewers from various IETF directorates ( Security, General Area etc). There were no blocking comments, but I tried to address the majority of them anyway. I believe they have improved the clarity, readability, and precision of the draft. The final edited version that was submitted to the RFC Editor is here:

One IESG member asked if this document should really be categorized as a BCP (Best Current Practice), rather than “Informational”. This topic had actually been discussed earlier by the DNSOP working group. So my answer remained the same as before: since these protocol models are still fairly new, and not many folks have deployed them in production yet, we don’t have extensive enough experience with them to portray this document as a BCP yet. But a future revision could upgrade its status to BCP.