[Ext] [dns-operations] NTA for DE installed on 1.1.1.1 around an hour ago
Carsten Strotmann
carsten at strotmann.de
Mon May 11 17:51:26 UTC 2026
Hi Paul,
On 11 May 2026, at 16:10, Paul Hoffman wrote:
> This discussion tracks the extensive discussion in the DNSOP WG that led to RFC 7646, https://datatracker.ietf.org/doc/rfc7646/. If people want to revisit the recommendations in that RFC, please consider writing an Internet Draft that updates RFC 7646 in specific ways, and bringing that draft to the DNSOP WG in the IETF instead of just having the discussion here.
>
> Note that I'm not suggesting that this actually be done: I believe that the discussion that led to RFC 7646 came to consensus, even though it was particularly rough and diverse. I'm suggesting that if there is interest to revisit the RFC, that conversation should be in the venue that could actually update the RFC.
>
I'm not sure that RFC 7646 needs updating. The discussion I've started is about getting enough information during an incident to be able to decide about using an NTA. Maybe we'll get a BCP RFC from that discussion, but I first want to see if there are other people seeing the need of additional work.
I will talk with people during RIPE 92 and see if there are others that see something missing in the DNSSEC puzzle.
Greetings
Carsten
More information about the dns-operations
mailing list