Last active
September 9, 2022 13:10
-
-
Save moonshiner/0746776f2351ae9c8e3edb3373ee39c6 to your computer and use it in GitHub Desktop.
Revisions
-
moonshiner revised this gist
Sep 9, 2022 . 1 changed file with 9 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,40 +4,41 @@ This appears to be every RFC from rfc-editor.org which has DNSSEC in the abstract or title Number | Title | Included? | Reasons | More Info | Status --- | --- | --- | --- | --- | --- | RFC 9276 a.k.a. BCP 236 | Guidance for NSEC3 Parameter Settings | Yes | | Errata | Best Current Practice RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | Relevant | | Proposed Standard RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard RFC 8901 | Multi-Signer DNSSEC Models | Yes | Relevant | | Informational RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | | Updates RFC 6698, RFC 6840 | Proposed Standard RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | | Informational RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | | Errata,<br>Obsoletes RFC 6944,<br>Updated by RFC 9157 | Proposed Standard RFC 8509 | A Root Key Trust Anchor Sentinel for DNSSEC | Yes | Trust Anchor | | Proposed Standard RFC 8483 | Yeti DNS Testbed | No | Not Relevant | | Informational RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035,<br>Updated by RFC 9077 | Proposed Standard RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | Yes | Trust Anchor | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Yes | Relevant | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | Yes | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | Yes | Trust Anchor | | Informational RFC 7583 | DNSSEC Key Rollover Timing Considerations | Yes | Relevant | | Informational RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard RFC 7129 | Authenticated Denial of Existence in the DNS | Yes | Relevant | | Informational RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | Yes | | | Proposed Standard RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624,<br>Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 | Proposed Standard RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata,<br>Obsoleted by RFC 8659 | Proposed Standard RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | | Informational RFC 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) | Yes | | Errata,<br>Updates RFC 4033, RFC 4034, RFC 4035, RFC 5155,<br>Updated by RFC 8749 | Proposed Standard RFC 6781 | DNSSEC Operational Practices, Version 2 | Yes | | Errata,<br>Obsoletes RFC 4641 | Informational RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | Yes | | | Proposed Standard RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | No | | Errata,<br>Updated by RFC 7218, RFC 7671, RFC 8749 | Proposed Standard RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | | | Proposed Standard RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard RFC 5910 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Not Relevant | Errata,<br>Obsoletes RFC 4310 | Proposed Standard @@ -66,4 +67,3 @@ RFC 3225 | Indicating Resolver Support of DNSSEC | | | Updated by RFC 4033, RF RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | | Informational RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034,<br>Updates RFC 2535,<br>Updated by RFC 3658 | Proposed Standard RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137,<br> Updates RFC 2535, RFC 2136 | Proposed Standard -
Jul 28, 2022 . 1 changed file with 0 additions and 20 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -67,23 +67,3 @@ RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034,<br>Updates RFC 2535,<br>Updated by RFC 3658 | Proposed Standard RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137,<br> Updates RFC 2535, RFC 2136 | Proposed Standard -
Jul 28, 2022 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ Number | Title | Included? | Reasons | More Info | Status RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard RFC 8901 | Multi-Signer DNSSEC Models | Yes | Relevant | | Informational RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | | Updates RFC 6698, RFC 6840 | Proposed Standard RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | | Informational RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | | Errata,<br>Obsoletes RFC 6944,<br>Updated by RFC 9157 | Proposed Standard @@ -20,16 +20,16 @@ RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035, RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Yes | Relevant | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | No | Trust Anchor | | Informational RFC 7583 | DNSSEC Key Rollover Timing Considerations | Yes | Relevant | | Informational RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard RFC 7129 | Authenticated Denial of Existence in the DNS | Yes | Relevant | | Informational RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | | | | Proposed Standard RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624,<br>Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 | Proposed Standard RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata,<br>Obsoleted by RFC 8659 | Proposed Standard @@ -51,7 +51,7 @@ RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | | Proposed S RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata,<br>Obsoletes RFC 2541,<br>Obsoleted by RFC 6781 | Informational RFC 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Yes | | Errata | Proposed Standard RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | | Experimental RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | Yes | Relevant | Errata,<br>Updates RFC 4035, RFC 4034 | Proposed Standard RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | | Historic (changed from Informational November 2019) RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard -
Jul 28, 2022 . 1 changed file with 6 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,6 @@ This appears to be every RFC from rfc-editor.org which has DNSSEC in the abstrac Number | Title | Included? | Reasons | More Info | Status --- | --- | --- | --- | --- | --- | RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard @@ -41,8 +40,6 @@ RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | | | RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | | | Errata,<br>Updated by RFC 7218, RFC 7671, RFC 8749 | Proposed Standard RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | | | Proposed Standard RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard RFC 5910 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Not Relevant | Errata,<br>Obsoletes RFC 4310 | Proposed Standard RFC 5702 | Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC | Yes | | Updated by RFC 6944 | Proposed Standard RFC 5155 | DNS Security (DNSSEC) Hashed Authenticated Denial of Existence | Yes | | Errata,<br>Updated by RFC 6840, RFC 6944, RFC 9077, RFC 9157 | Proposed Standard @@ -74,13 +71,19 @@ RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | If we do it as both a reference of DNSSEC and a BCP, then I think we should add: RFC 8901 Multi-Signer DNSSEC Models RFC 8027 a.k.a. BCP 207 DNSSEC Roadblock Avoidance RFC 7583 DNSSEC Key Rollover Timing Considerations RFC 7129 Authenticated Denial of Existence in the DNS RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing I would not include these that you included: RFC 9157 Revised IANA Considerations for DNSSEC [It's IETF administrivia] RFC 6014 Cryptographic Algorithm Identifier Allocation for DNSSEC [It's IETF administrivia] RFC 5933 Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC [Algo is dead] -
Jul 28, 2022 . 1 changed file with 16 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -68,4 +68,19 @@ RFC 3226 | DNSSEC and IPv6 A6 aware server/resolver message size requirements | RFC 3225 | Indicating Resolver Support of DNSSEC | | | Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | | Informational RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034,<br>Updates RFC 2535,<br>Updated by RFC 3658 | Proposed Standard RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137,<br> Updates RFC 2535, RFC 2136 | Proposed Standard If we do it as both a reference of DNSSEC and a BCP, then I think we should add: RFC 8901 Multi-Signer DNSSEC Models RFC 8027 a.k.a. BCP 207 DNSSEC Roadblock Avoidance RFC 7583 DNSSEC Key Rollover Timing Considerations RFC 7129 Authenticated Denial of Existence in the DNS RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing I would not include these that you included: RFC 9157 Revised IANA Considerations for DNSSEC [It's IETF administrivia] RFC 6014 Cryptographic Algorithm Identifier Allocation for DNSSEC [It's IETF administrivia] RFC 5933 Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC [Algo is dead] -
Apr 13, 2022 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,9 @@ # DNSSEC RFCs This appears to be every RFC from rfc-editor.org which has DNSSEC in the abstract or title Number | Title | Included? | Reasons | More Info | Status --- | --- | --- | --- | --- | --- | -
Apr 13, 2022 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ This is every RFC from rfc-editor.org which has DNSSEC in the abstract or title Number | Title | Included? | Reasons | More Info | Status --- | --- | --- | --- | --- | --- | RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | | Updates RFC 5155, RFC 6014, RFC 8624 | Proposed Standard -
Apr 13, 2022 . 1 changed file with 8 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | | Updates RFC 5155, R RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard RFC 8901 | Multi-Signer DNSSEC Models | | | | Informational RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | | Updates RFC 6698, RFC 6840 | Proposed Standard RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | | Informational RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | | Errata,<br>Obsoletes RFC 6944,<br>Updated by RFC 9157 | Proposed Standard @@ -14,24 +14,24 @@ RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035, RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | | | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | No | Trust Anchor | | Informational RFC 7583 | DNSSEC Key Rollover Timing Considerations | | | | Informational RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard RFC 7129 | Authenticated Denial of Existence in the DNS | | | | Informational RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | | | | Proposed Standard RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624,<br>Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 | Proposed Standard RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata,<br>Obsoleted by RFC 8659 | Proposed Standard RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | | Informational RFC 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) | Yes | | Errata,<br>Updates RFC 4033, RFC 4034, RFC 4035, RFC 5155,<br>Updated by RFC 8749 | Proposed Standard RFC 6781 | DNSSEC Operational Practices, Version 2 | Yes | | Errata,<br>Obsoletes RFC 4641 | Informational RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | | | | Proposed Standard RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | | | Errata,<br>Updated by RFC 7218, RFC 7671, RFC 8749 | Proposed Standard RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | | | Proposed Standard RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard RFC 6014 | Cryptographic Algorithm Identifier Allocation for DNSSEC | Yes | | Updates RFC 4033, RFC 4034, RFC 4035,<br>Updated by RFC 9157 | Proposed Standard @@ -47,7 +47,7 @@ RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | | Proposed S RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata,<br>Obsoletes RFC 2541,<br>Obsoleted by RFC 6781 | Informational RFC 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Yes | | Errata | Proposed Standard RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | | Experimental RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | | | Errata,<br>Updates RFC 4035, RFC 4034 | Proposed Standard RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | | Historic (changed from Informational November 2019) RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard -
Apr 13, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,7 +14,7 @@ RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035, RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Relevant? | | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard -
Apr 13, 2022 . 1 changed file with 11 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,34 +4,34 @@ RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | | Updates RFC 5155, R RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard RFC 8901 | Multi-Signer DNSSEC Models | Relevant? | | | Informational RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | | Updates RFC 6698, RFC 6840 | Proposed Standard RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | | Informational RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | | Errata,<br>Obsoletes RFC 6944,<br>Updated by RFC 9157 | Proposed Standard RFC 8509 | A Root Key Trust Anchor Sentinel for DNSSEC | No | Trust Anchor | | Proposed Standard RFC 8483 | Yeti DNS Testbed | No | Not Relevant | | Informational RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035,<br>Updated by RFC 9077 | Proposed Standard RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Consider | | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | No | Trust Anchor | | Informational RFC 7583 | DNSSEC Key Rollover Timing Considerations | Relevant? | | | Informational RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard RFC 7129 | Authenticated Denial of Existence in the DNS | Relevant? | | | Informational RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | Relevant? | | | Proposed Standard RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624,<br>Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 | Proposed Standard RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata,<br>Obsoleted by RFC 8659 | Proposed Standard RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | | Informational RFC 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) | Yes | | Errata,<br>Updates RFC 4033, RFC 4034, RFC 4035, RFC 5155,<br>Updated by RFC 8749 | Proposed Standard RFC 6781 | DNSSEC Operational Practices, Version 2 | Yes | | Errata,<br>Obsoletes RFC 4641 | Informational RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | Relevant? | | | Proposed Standard RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | Relevant? | | Errata,<br>Updated by RFC 7218, RFC 7671, RFC 8749 | Proposed Standard RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | | | Proposed Standard RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard RFC 6014 | Cryptographic Algorithm Identifier Allocation for DNSSEC | Yes | | Updates RFC 4033, RFC 4034, RFC 4035,<br>Updated by RFC 9157 | Proposed Standard @@ -47,7 +47,7 @@ RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | | Proposed S RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata,<br>Obsoletes RFC 2541,<br>Obsoleted by RFC 6781 | Informational RFC 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Yes | | Errata | Proposed Standard RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | | Experimental RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | Relevant? | | Errata,<br>Updates RFC 4035, RFC 4034 | Proposed Standard RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | | Historic (changed from Informational November 2019) RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard @@ -61,4 +61,4 @@ RFC 3226 | DNSSEC and IPv6 A6 aware server/resolver message size requirements | RFC 3225 | Indicating Resolver Support of DNSSEC | | | Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | | Informational RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034,<br>Updates RFC 2535,<br>Updated by RFC 3658 | Proposed Standard RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137,<br> Updates RFC 2535, RFC 2136 | Proposed Standard -
Apr 12, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,64 @@ Number | Title | Included? | Reasons | More Info | Status --- | --- | --- | --- | --- | --- | RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | | Updates RFC 5155, RFC 6014, RFC 8624 | Proposed Standard RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard RFC 8901 | Multi-Signer DNSSEC Models | Consider | Seems Relevant | | Informational RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | | Updates RFC 6698, RFC 6840 | Proposed Standard RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | | Informational RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | | Errata,<br>Obsoletes RFC 6944,<br>Updated by RFC 9157 | Proposed Standard RFC 8509 | A Root Key Trust Anchor Sentinel for DNSSEC | No | Trust Anchor not relevant | | Proposed Standard RFC 8483 | Yeti DNS Testbed | No | Not Relevant | | Informational RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | | Updates RFC 4035,<br>Updated by RFC 9077 | Proposed Standard RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor not relevant | Updated by RFC 8553 | Proposed Standard RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | | Errata | Proposed Standard RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | | Errata,<br>Updates RFC 7344 | Proposed Standard RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Consider | | Errata | Best Current Practice RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | | Errata | Informational RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | | Experimental RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | | Proposed Standard RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | No | Trust Anchor not relevant | | Informational RFC 7583 | DNSSEC Key Rollover Timing Considerations | Consider | Seems Relevant | | Informational RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard RFC 7129 | Authenticated Denial of Existence in the DNS | Consider | Seems Relevant | | Informational RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | Consider | | | Proposed Standard RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624,<br>Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 | Proposed Standard RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata,<br>Obsoleted by RFC 8659 | Proposed Standard RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | | Informational RFC 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) | Yes | | Errata,<br>Updates RFC 4033, RFC 4034, RFC 4035, RFC 5155,<br>Updated by RFC 8749 | Proposed Standard RFC 6781 | DNSSEC Operational Practices, Version 2 | Yes | | Errata,<br>Obsoletes RFC 4641 | Informational RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | Consider | | | Proposed Standard RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | Consider | | Errata,<br>Updated by RFC 7218, RFC 7671, RFC 8749 | Proposed Standard RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | | | Proposed Standard RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard RFC 6014 | Cryptographic Algorithm Identifier Allocation for DNSSEC | Yes | | Updates RFC 4033, RFC 4034, RFC 4035,<br>Updated by RFC 9157 | Proposed Standard RFC 5933 | Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC | Yes | | Updated by RFC 6944 | Proposed Standard RFC 5910 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Not Relevant | Errata,<br>Obsoletes RFC 4310 | Proposed Standard RFC 5702 | Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC | Yes | | Updated by RFC 6944 | Proposed Standard RFC 5155 | DNS Security (DNSSEC) Hashed Authenticated Denial of Existence | Yes | | Errata,<br>Updated by RFC 6840, RFC 6944, RFC 9077, RFC 9157 | Proposed Standard RFC 5074 | DNSSEC Lookaside Validation (DLV) | No | Historic | | Historic (changed from Informational September 2019) RFC 5011 a.k.a. STD 74 | Automated Updates of DNS Security (DNSSEC) Trust Anchors | Yes | | | Internet Standard (changed from Proposed Standard January 2013) RFC 4986 | Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover | No | Trust Anchor not relevant | | Informational RFC 4956 | DNS Security (DNSSEC) Opt-In | No | Not Relevant | Errata | Experimental RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | | Proposed Standard RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata,<br>Obsoletes RFC 2541,<br>Obsoleted by RFC 6781 | Informational RFC 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Yes | | Errata | Proposed Standard RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | | Experimental RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | Consider | | Errata,<br>Updates RFC 4035, RFC 4034 | Proposed Standard RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | | Historic (changed from Informational November 2019) RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard RFC 4035 | Protocol Modifications for the DNS Security Extensions | Yes | | Errata,<br>Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845,<br>Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226,<br>Updated by RFC 4470, RFC 6014, RFC 6840, RFC 8198, RFC 9077 | Proposed Standard RFC 4034 | Resource Records for the DNS Security Extensions | Yes | | Errata,<br>Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845,<br>Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226,<br>Updated by RFC 4470, RFC 6014, RFC 6840, RFC 6944, RFC 9077 | Proposed Standard RFC 4033 | DNS Security Introduction and Requirements | Yes | | Errata,<br>Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845,<br>Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226,<br>Updated by RFC 6014, RFC 6840 | Proposed Standard RFC 3845 | DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035,<br>Updates RFC 3755, RFC 2535 | Proposed Standard RFC 3757 | Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag | No | Obsoleted | Errata,<br>Obsoleted by RFC 4033, RFC 4034, RFC 4035,<br>Updates RFC 3755, RFC 2535 | Proposed Standard RFC 3755 | Legacy Resolver Compatibility for Delegation Signer (DS) | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035,<br>Updates RFC 3658, RFC 2535,<br>Updated by RFC 3757, RFC 3845 | Proposed Standard RFC 3226 | DNSSEC and IPv6 A6 aware server/resolver message size requirements | No | Not Relevant | Errata,<br>Updates RFC 2535, RFC 2874,<br>Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard RFC 3225 | Indicating Resolver Support of DNSSEC | | | Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | | Informational RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034,<br>Updates RFC 2535,<br>Updated by RFC 3658 | Proposed Standard RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137,<br> Updates RFC 2535, RFC 2136 | Proposed Standard