The Multi-signer project is an open project with the goal of providing practical tools and guidelines for the implementation, automation, management and monitoring of a multi-signer model.
- Create and demonstrate tools that automate addition and deletion of signers to a multi-signer model.
- Create monitoring tools to monitor the validity of the zones.
- Create a multi-signer Proof of Concept with multiple organizations.
- Document the use of such tools.
| Categories | Status | |
|---|---|---|
| Specifications | RFC 8901 - Multi-Signer DNSSEC Models | Done |
| draft-wisser-dnssec-automation | In Progress | |
| draft-huque-multisigner-validation | TBD | |
| Multi-Signer Controller | (https://github.com/DNSSEC-Provisioning/music) | In Progress |
| Name Server Capabilities | see Capabilities of Name Server Software | |
| Service Provider Capabilities | see Capabilities of DNS Service Providers | |
| Observations Platform | see (https://dnssecviews.net) | Done |
| Test Definitions | see Test Definitions | In Progress |
| Demonstrations | TBD |
https://github.com/DNSSEC-Provisioning/Multi-signer/blob/main/events.md
- DNSSEC automation: https://github.com/DNSSEC-Provisioning/draft-wisser-dnssec-automation.
- Multi-Signer DNSSEC Models: https://tools.ietf.org/html/rfc8901.
- Managing DS Records from the Parent via CDS/CDNSKEY: https://tools.ietf.org/html/rfc8078.
- Child-to-Parent Synchronization in DNS: https://tools.ietf.org/html/rfc7477.
- Support for CDS/CDNSKEY updates