From internet-drafts@ietf.org Mon Mar 11 08:20:38 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C4021F8A72; Mon, 11 Mar 2013 08:20:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.499 X-Spam-Level: X-Spam-Status: No, score=-102.499 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9WtmU1FOmyg; Mon, 11 Mar 2013 08:20:37 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD3611E80CC; Mon, 11 Mar 2013 08:20:35 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.42 Message-ID: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> Date: Mon, 11 Mar 2013 08:20:35 -0700 Cc: dnsext@ietf.org Subject: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 15:20:38 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the DNS Extensions Working Group of the IETF. Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Al= gorithm Implementation Status Author(s) : Scott Rose Filename : draft-ietf-dnsext-dnssec-algo-imp-status-04.txt Pages : 7 Date : 2013-03-11 Abstract: The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms but there is no record of the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. This document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-algo-imp-status-04 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-dnsext-dnssec-algo-imp-status= -04 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From ajs@crankycanuck.ca Mon Mar 11 12:16:23 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECB911E8121 for ; Mon, 11 Mar 2013 12:16:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.84 X-Spam-Level: X-Spam-Status: No, score=-0.84 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXBr+3RlHKKs for ; Mon, 11 Mar 2013 12:16:21 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 0052811E8165 for ; Mon, 11 Mar 2013 12:16:20 -0700 (PDT) Received: from crankycanuck.ca (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 061168A031 for ; Mon, 11 Mar 2013 19:16:19 +0000 (UTC) Date: Mon, 11 Mar 2013 15:16:07 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130311191607.GF38303@crankycanuck.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 19:16:23 -0000 Dear colleagues, This update from Scott is an attempt to solve the objections raised in an IESG DISCUSS without violating the WG's consensus that this document was about implementation and not deployment. I think it walks that line, and I am comfortable going ahead. If, however, you object, you need to squawk in the next 24 hours. Otherwise, our AD is going to sign off. This is a tight deadline because (1) as shepherd, I am convinced this actually solves the problem and (2) the document hung fire long enough that we are up against the change of the IESG. Please be aware that, if the current changes do not solve the problem, I have no idea how to proceed; we will probably have to abandon this document in that case. Thanks to Scott for incorporating these changes and for being so patient. Best regards, A On Mon, Mar 11, 2013 at 08:20:35AM -0700, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the DNS Extensions Working Group of the IETF. > > Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status > Author(s) : Scott Rose > Filename : draft-ietf-dnsext-dnssec-algo-imp-status-04.txt > Pages : 7 > Date : 2013-03-11 > > Abstract: > The DNS Security Extensions (DNSSEC) requires the use of > cryptographic algorithm suites for generating digital signatures over > DNS data. There is currently an IANA registry for these algorithms > but there is no record of the recommended implementation status of > each algorithm. This document provides an applicability statement on > algorithm implementation status for DNSSEC component software. This > document lists each algorithm's status based on the current > reference. In the case that an algorithm is specified without an > implementation status, this document assigns one. This document > updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-algo-imp-status-04 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsext-dnssec-algo-imp-status-04 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext -- Andrew Sullivan ajs@crankycanuck.ca From ajs@anvilwalrusden.com Mon Mar 11 12:24:15 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210DD21F8CF0 for ; Mon, 11 Mar 2013 12:24:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.797 X-Spam-Level: X-Spam-Status: No, score=-0.797 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1psjfmvkKfN9 for ; Mon, 11 Mar 2013 12:24:14 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 7F40721F8C96 for ; Mon, 11 Mar 2013 12:24:14 -0700 (PDT) Received: from crankycanuck.ca (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 17E828A031 for ; Mon, 11 Mar 2013 19:24:14 +0000 (UTC) Date: Mon, 11 Mar 2013 15:24:06 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130311192406.GG38303@crankycanuck.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 19:24:15 -0000 Dear colleagues, This update from Scott is an attempt to solve the objections raised in an IESG DISCUSS without violating the WG's consensus that this document was about implementation and not deployment. I think it walks that line, and I am comfortable going ahead. If, however, you object, you need to squawk in the next 24 hours. Otherwise, our AD is going to sign off. This is a tight deadline because (1) as shepherd, I am convinced this actually solves the problem and (2) the document hung fire long enough that we are up against the change of the IESG. Please be aware that, if the current changes do not solve the problem, I have no idea how to proceed; we will probably have to abandon this document in that case. Thanks to Scott for incorporating these changes and for being so patient. Best regards, A On Mon, Mar 11, 2013 at 08:20:35AM -0700, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the DNS Extensions Working Group of the IETF. > > Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status > Author(s) : Scott Rose > Filename : draft-ietf-dnsext-dnssec-algo-imp-status-04.txt > Pages : 7 > Date : 2013-03-11 > > Abstract: > The DNS Security Extensions (DNSSEC) requires the use of > cryptographic algorithm suites for generating digital signatures over > DNS data. There is currently an IANA registry for these algorithms > but there is no record of the recommended implementation status of > each algorithm. This document provides an applicability statement on > algorithm implementation status for DNSSEC component software. This > document lists each algorithm's status based on the current > reference. In the case that an algorithm is specified without an > implementation status, this document assigns one. This document > updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-algo-imp-status-04 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsext-dnssec-algo-imp-status-04 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext -- Andrew Sullivan ajs@anvilwalrusden.com From jabley@hopcount.ca Mon Mar 11 12:28:10 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E80421F8EB7 for ; Mon, 11 Mar 2013 12:28:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.824 X-Spam-Level: X-Spam-Status: No, score=-101.824 tagged_above=-999 required=5 tests=[AWL=-0.776, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSCQtjTQ16Xx for ; Mon, 11 Mar 2013 12:28:06 -0700 (PDT) Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2F021F8FB0 for ; Mon, 11 Mar 2013 12:28:06 -0700 (PDT) Received: by mail-ie0-f181.google.com with SMTP id 17so5235112iea.26 for ; Mon, 11 Mar 2013 12:28:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=5e/KBj+BgrOr8blH0IKl0yaxls6dMMpqZRDajMEZ04A=; b=cZv2V2dt+k75+wmJPdr6KuzwU191lHJop4X7a3rwaLpF1Xd0taYXu50Lt1End/2ohd opFcq0IIwo6/Prv6hvKSz0RLzCEBpV0WNKAW0eLrhdtsVU6Z7GOwADX/CWR3CqaQ9byL kOEwLFMA1OVM80kSRuHMuR8tlsWJyiua/pLUk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=5e/KBj+BgrOr8blH0IKl0yaxls6dMMpqZRDajMEZ04A=; b=SrmLSZAzVJYzCshWvhh/KfNmgdPDmtoR26cIAaCAVhDxLFklSxrt17q3uyNaFFma/Z 1HsOYhTWZ5hdjZGkHa5I2NWir8SamQh2/54HVB73Zqr0dRsXPA06Jb3lQgV9bWd33vAh +EtKAjBA+EJQ01Ax62zWp8L2kDfgDxUkyzPJFx6cNxT8bZ2+PFykqCYTPtBCwrc0IuwG HLNzmSa7ZlnUjsVkhpz6KwPLT9xV7c9n3t4whrTZ9yRO2qmq5DeeuugMA54Tb9Zu9IbW zJVXdDElYaAGSFK8mlQMDVSOZOwDLrFNe3fmBF5Ht2mqfHLiMFAia4yfMraGNRlo8oEo OQVw== X-Received: by 10.42.203.68 with SMTP id fh4mr9675232icb.36.1363030085594; Mon, 11 Mar 2013 12:28:05 -0700 (PDT) Received: from [10.254.50.227] ([64.235.96.2]) by mx.google.com with ESMTPS id ew5sm15876648igc.2.2013.03.11.12.28.02 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 Mar 2013 12:28:04 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Joe Abley In-Reply-To: <20130311191607.GF38303@crankycanuck.ca> Date: Mon, 11 Mar 2013 15:28:14 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> To: Andrew Sullivan X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQnWF8Q+rmNLdSctkiEkYELitSupJLrgl3c4GsbaKC+fsbTBdhV1bYMnCUm2RkOHGAt6ke7W Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 19:28:10 -0000 On 2013-03-11, at 15:16, Andrew Sullivan wrote: > This update from Scott is an attempt to solve the objections raised in > an IESG DISCUSS without violating the WG's consensus that this > document was about implementation and not deployment. I think it > walks that line, and I am comfortable going ahead. >=20 > If, however, you object, you need to squawk in the next 24 hours. > Otherwise, our AD is going to sign off. This is a tight deadline > because (1) as shepherd, I am convinced this actually solves the > problem and (2) the document hung fire long enough that we are up > against the change of the IESG. Please be aware that, if the current > changes do not solve the problem, I have no idea how to proceed; we > will probably have to abandon this document in that case. I think this document is useful, and solves a problem. One possible nit: the IANA Considerations Section specifies that this = document (when published) act as The reference for the named IANA = registry. It's not clear to me whether this adequately anticipates the = addition of new algorithms in the future. I think it's reasonable for = this document to provide a reference for all algorithms currently listed = in that registry, but presumably future algorithms would be listed with = different references, and the important thing is to specify that those = references exist (i.e. that the documents by which future algorithms are = added specify clearly what the implementation status of those new = algorithms is). Hence, I suggest in: 3. IANA Considerations This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. REMOVE: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. ADD: Because this document establishes the implementation status of every algorithm listed in this registry at the time of writing, it should = be listed as the reference for all those algorithms. Future entries to this registry should include an implementation status with = corresponding pertinent registries. Joe= From ajs@anvilwalrusden.com Mon Mar 11 12:43:39 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2654821F8FEC for ; Mon, 11 Mar 2013 12:43:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.803 X-Spam-Level: X-Spam-Status: No, score=-0.803 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PysYn95TQ9jf for ; Mon, 11 Mar 2013 12:43:37 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id C5B1121F8FEB for ; Mon, 11 Mar 2013 12:43:36 -0700 (PDT) Received: from crankycanuck.ca (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 2AA868A031 for ; Mon, 11 Mar 2013 19:43:36 +0000 (UTC) Date: Mon, 11 Mar 2013 15:43:18 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130311194317.GA38441@crankycanuck.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 19:43:39 -0000 On Mon, Mar 11, 2013 at 03:28:14PM -0400, Joe Abley wrote: > > REMOVE: > > Because this document establishes the implementation status of every > algorithm, it should be listed as a reference for the entire > registry. > > ADD: > > Because this document establishes the implementation status of every > algorithm listed in this registry at the time of writing, it should be > listed as the reference for all those algorithms. Future entries to > this registry should include an implementation status with corresponding > pertinent registries. Thanks. This does suggest an ambiguity, but probably not the one you read (which does mean there's a problem). What we envisioned was a reference on the registry itself (and not on the entries) pointing to this document. The individual entries should doubtless still have entries to the documents that specify the algorithm. (This change to the way it was stated since the previous draft was an attempt to deal with a comment from the IESG.) What about "Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them)." ? Note that the last part of your "ADD" is explicitly disallowed. Any future entry is either Optional (in which case no new entry is needed), or else this entire document needs to be made obsolete and replaced. Best, A (as shepherd -- I failed to mention that last time. Sorry.) -- Andrew Sullivan ajs@anvilwalrusden.com From wwwrun@rfc-editor.org Sun Mar 10 11:16:16 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0B021F86BB for ; Sun, 10 Mar 2013 11:16:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.561 X-Spam-Level: X-Spam-Status: No, score=-102.561 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzKKg7h-MJDF for ; Sun, 10 Mar 2013 11:16:15 -0700 (PDT) Received: from rfc-editor.org (unknown [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 6382B21F86A8 for ; Sun, 10 Mar 2013 11:16:15 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id BF4B3B1E003; Sun, 10 Mar 2013 11:16:07 -0700 (PDT) To: ben@links.org, geoff-s@panix.com, roy@nominet.org.uk, davidb@verisign.com, rdroms.ietf@gmail.com, brian@innovationslab.net, ogud@ogud.com, ajs@anvilwalrusden.com From: RFC Errata System Message-Id: <20130310181607.BF4B3B1E003@rfc-editor.org> Date: Sun, 10 Mar 2013 11:16:07 -0700 (PDT) X-Mailman-Approved-At: Mon, 11 Mar 2013 12:54:26 -0700 Cc: andy@arin.net, dnsext@ietf.org, rfc-editor@rfc-editor.org Subject: [dnsext] [Technical Errata Reported] RFC5155 (3544) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Mar 2013 18:16:16 -0000 The following errata report has been submitted for RFC5155, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5155&eid=3544 -------------------------------------- Type: Technical Reported by: Andy Newton Section: 3.3 Original Text ------------- The Next Hashed Owner Name field is represented as an unpadded sequence of case-insensitive base32 digits, without whitespace. Corrected Text -------------- The Next Hashed Owner Name field is represented as an unpadded sequence of case-insensitive base32hex digits, without whitespace Notes ----- RFC 4648 Section 7 says: 'This encoding may be referred to as "base32hex". This encoding should not be regarded as the same as the "base32" encoding and should not be referred to as only "base32".' There are many spots in RFC 5155 that use the term base32 where base32hex is the appropriate term. Section 3.3 above is the most important, but Section 1.1 uses the term as well Section 3 paragraph 4 and Section 3.2 paragraph 8. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5155 (draft-ietf-dnsext-nsec3-13) -------------------------------------- Title : DNS Security (DNSSEC) Hashed Authenticated Denial of Existence Publication Date : March 2008 Author(s) : B. Laurie, G. Sisson, R. Arends, D. Blacka Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From jabley@hopcount.ca Mon Mar 11 13:00:55 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF80E21F8CB8 for ; Mon, 11 Mar 2013 13:00:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.436 X-Spam-Level: X-Spam-Status: No, score=-101.436 tagged_above=-999 required=5 tests=[AWL=-0.388, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PKKQpEMeCZiK for ; Mon, 11 Mar 2013 13:00:55 -0700 (PDT) Received: from mail-ia0-x22e.google.com (mail-ia0-x22e.google.com [IPv6:2607:f8b0:4001:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id F126121F8C09 for ; Mon, 11 Mar 2013 13:00:51 -0700 (PDT) Received: by mail-ia0-f174.google.com with SMTP id k38so2348407iah.5 for ; Mon, 11 Mar 2013 13:00:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=A7Evghp+LNuskpPWjeuWmrxN20kj39XiSK6BbLZgqnY=; b=bP8nXJwC9YAz6+F4uuQlGzo3o/eiqA/nK0bgIxseRipCtmMuj2KMBBSmeIPki/JdAL YrSUNyzsX3do1jaWrH0xDJUBklIfNusB1HzS0Kg/Y6ceym+tiuFD0j8YQV+ny4kg3XRo Eq8W1BwzjyhKSDvtf146ckPWuDTU+yhkTONCI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=A7Evghp+LNuskpPWjeuWmrxN20kj39XiSK6BbLZgqnY=; b=Rx+hhEBCpsZl43g739T6+bkyTj/9ETXzH0eFubzV+p+CMmrJfeD527Ut+f2hF36V0w 3S86KgHWpI2Lpe9ev+WGngQzPqw/79hVVSqJz9Z3LZPRRhZWTgE+MB7XHOrCAoea2TaD rGHOouL+z+VuLFmW7B8YWHSiCIkJXLdwY6gMYXirJQkiCPZWVI+qNTv77SrRb2cCjDF4 VLtLVuDFU9kVNWqb6JNdJgNJdQsnA59/AQsbQe1F0BeCrrfmuT8GXYtm6ha63xaBUspJ 5NaPOihKnPbRF6Y7F2OFQNOgDHSW/cw5vUdh/SNSGq3G/XTTm0AkXf5FK1YazpBv3W4N FgZA== X-Received: by 10.42.30.132 with SMTP id v4mr9777237icc.34.1363032051408; Mon, 11 Mar 2013 13:00:51 -0700 (PDT) Received: from [10.254.50.227] ([64.235.96.2]) by mx.google.com with ESMTPS id g6sm14658197ign.4.2013.03.11.13.00.49 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 11 Mar 2013 13:00:50 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Joe Abley In-Reply-To: <20130311194317.GA38441@crankycanuck.ca> Date: Mon, 11 Mar 2013 16:01:04 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> To: Andrew Sullivan X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQlbNgmwWkRwCP1XtF5GRe4K/PgGPoMd3TvIG+Wc25iyWnvWRc2qaBQctu8ifw4XrJkqyi+G Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 20:00:56 -0000 On 2013-03-11, at 15:43, Andrew Sullivan wrote: > What about "Because this document establishes the implementation > status of every algorithm, it should be listed as a reference for the > registry itself (leaving in place the individual entries for the > algorithms referring to the documents that specify them)." ? That seems like it would have eliminated my confusion. Perhaps also = explicitly state that this document aims to classify existing and all = future algorithms that might be standardised, until replaced. This could = be done by adding to the table earlier in the document make it clear = explicitly that "Optional" includes all future algorithms. +------------+------------+-------------------+-------------------+ | Must | Must Not | Recommended | Optional | | Implement | Implement | to Implement | | +------------+------------+-------------------+-------------------+ | | | | | | RSASHA1 | RSAMD5 | RSASHA256 | Any | | | | RSASHA1-NSEC3 | registered | | | | -SHA1 | algorithm | | | | RSASHA512 | not listed in | | | | ECDSAP256SHA256 | this table | | | | ECDSAP384SHA384 | | +------------+------------+-------------------+-------------------+ REMOVE: Any registered algorithm not listed in this table ADD: Any registered algorithm not listed in this table, including any = algorithm registered in the future. One further comment, the document justifies as "recommended" ECDSA on = the grounds that they might be popular in the future because they = feature small key sizes. Likewise, ECDSA with the two identified curves (ECDSAP256SHA256 and ECDSAP384SHA384) are algorithms that may see widespread use due to the perceived similar level of security offered with smaller key size compared to the key sizes of algorithms such as RSA. Therefore, ECDSAP256SHA256 and ECDSAP384SHA384 are Recommended to Implement. ECC-GOST are not recommended, although I believe they have the same = advantages. Arguably ECC-GOST has been around for longer, and hence has = an advantage over ECDSA. Both have stable references, in English, in the = RFC series. What is the reason for appearing to promote one over the = other? > Note that the last part of your "ADD" is explicitly disallowed. Any > future entry is either Optional (in which case no new entry is > needed), or else this entire document needs to be made obsolete and > replaced. =20 That's clear, now, and seems like a reasonable approach. Joe= From ajs@anvilwalrusden.com Mon Mar 11 13:12:35 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0552821F8F7A for ; Mon, 11 Mar 2013 13:12:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.807 X-Spam-Level: X-Spam-Status: No, score=-0.807 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6JQdL1UVz9C for ; Mon, 11 Mar 2013 13:12:34 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 69DB421F8F5C for ; Mon, 11 Mar 2013 13:12:34 -0700 (PDT) Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 7D9058A031 for ; Mon, 11 Mar 2013 20:12:33 +0000 (UTC) Date: Mon, 11 Mar 2013 16:12:01 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130311201201.GD38441@mx1.yitter.info> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 20:12:35 -0000 On Mon, Mar 11, 2013 at 04:01:04PM -0400, Joe Abley wrote: > > That seems like it would have eliminated my confusion. Perhaps also > explicitly state that this document aims to classify existing and > all future algorithms that might be standardised, until replaced. This paragraph in 2.4 doesn't do: [RFC6014] establishes a parallel procedure for adding a registry entry for a new algorithm other than a standards track document. Because any algorithm not listed in the foregoing table is Optional, algorithms entered into the registry using the [RFC6014] procedure are automatically Optional. ? > ECC-GOST are not recommended, although I believe they have the same > advantages. Arguably ECC-GOST has been around for longer, and hence > has an advantage over ECDSA. Both have stable references, in > English, in the RFC series. What is the reason for appearing to > promote one over the other? I don't know; that's what the WG said before. This is the first time this question came up. I think that would be a substantive change to the intent of the document, and would require a new WGLC, but I think yours is a fair question. Best, A -- Andrew Sullivan ajs@anvilwalrusden.com From weiler@watson.org Mon Mar 11 13:15:56 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3D0221F8E09 for ; Mon, 11 Mar 2013 13:15:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.367 X-Spam-Level: X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIDxpu0s+vvz for ; Mon, 11 Mar 2013 13:15:55 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id CC77321F8FD1 for ; Mon, 11 Mar 2013 13:15:54 -0700 (PDT) Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.5/8.14.5) with ESMTP id r2BKDH5G032826; Mon, 11 Mar 2013 16:13:17 -0400 (EDT) (envelope-from weiler@watson.org) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.5/8.14.5/Submit) with ESMTP id r2BKDH0Q032822; Mon, 11 Mar 2013 16:13:17 -0400 (EDT) (envelope-from weiler@watson.org) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Mon, 11 Mar 2013 16:13:17 -0400 (EDT) From: Samuel Weiler To: Andrew Sullivan In-Reply-To: <20130311191607.GF38303@crankycanuck.ca> Message-ID: References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Mon, 11 Mar 2013 16:13:17 -0400 (EDT) Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 20:15:56 -0000 The substance is fine, but there's a preexisting ambiguity that the -04 changes arguably make worse: Quoting from section 2.2: "...RSASHA1-NSEC3-SHA1 is set to Recommended..." "...RSA/SHA-256 and RSA/SHA-512 are also set to Recommended..." "ECDSAP256SHA256 and ECDSAP384SHA384 are Recommended to Implement."... "All other algorithms used in DNSSEC specified without an implementation status are currently set to Optional." The last sentence is the troubling one. I think you mean "where no other document has set an implementation status", but that's somewhat vague, and it would be reasonable to interpret the doc as saying "and everything else is Optional", which is not what we intend. There's a sentence in the introduction that argues for the second interpretation: "This document defines the current implementation status for _all_ registered algorithms." (emphasis added) This version (-04) has a new sentence in section 4 saying: "...this document establishes the implementation status of every algorithm, ...", which makes that alternate reading even more tempting. I think something needs to change. Most likely, we just need to restate in the text (not just the table) the status of RSASHA1 and RSAMD5. Also, shouldn't the indirect, private, and privateoid text replace "up to the implementer's discretion" with "Optional"? It's good to call out that these numbers could refer to multiple algoriths, as is done. -- Sam From ajs@anvilwalrusden.com Mon Mar 11 13:34:42 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202A321F8FEE for ; Mon, 11 Mar 2013 13:34:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.81 X-Spam-Level: X-Spam-Status: No, score=-0.81 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crdA042UV9V4 for ; Mon, 11 Mar 2013 13:34:41 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 975F921F8E06 for ; Mon, 11 Mar 2013 13:34:41 -0700 (PDT) Received: from crankycanuck.ca (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id D81BC8A031 for ; Mon, 11 Mar 2013 20:34:40 +0000 (UTC) Date: Mon, 11 Mar 2013 16:34:15 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130311203415.GE38441@crankycanuck.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 20:34:42 -0000 Hi Sam, On Mon, Mar 11, 2013 at 04:13:17PM -0400, Samuel Weiler wrote: > The last sentence is the troubling one. I think you mean "where no > other document has set an implementation status", but that's > somewhat vague, and it would be reasonable to interpret the doc as > saying "and everything else is Optional", which is not what we > intend. It absolutely is too what we intend. The very point of this document is that there be exactly one current official list of the status values of every algorithm. Every algorithm not explicitly called out in that table has the status value Optional. That was exactly what I understood previous consensus calls on this document to be saying, and if people think that's not what we said then we have a problem. > I think something needs to change. Most likely, we just need to > restate in the text (not just the table) the status of RSASHA1 and > RSAMD5. Why not just in the table? > Also, shouldn't the indirect, private, and privateoid text replace > "up to the implementer's discretion" with "Optional"? It's good to > call out that these numbers could refer to multiple algoriths, as is > done. I don't think I can tell the difference between Optional and "up to the implementer's discretion". Also, since the document explicitly says that anything not listed elsewhere in the table is therefore Optional, the indirect, private, and privateoid algorithms just are Optional. No? I should note that the WG pretty much ran out of steam on this document quite some time ago, and there is every reason to suppose that the document will never get published if we start making substantive changes right now, so I urge participants to be careful about the changes they ask for. This is not an attempt to tell people not to raise substantive issues, but it is a plea to consider whether this or that part needs to be polished to a higher gloss, or whether the document is comprehensible as it stands and clearly expresses the meaning of the WG. Best, A -- Andrew Sullivan ajs@anvilwalrusden.com From ajs@anvilwalrusden.com Tue Mar 12 06:27:47 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7723D21F8AD1 for ; Tue, 12 Mar 2013 06:27:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.8 X-Spam-Level: X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmEmDwCJwSig for ; Tue, 12 Mar 2013 06:27:47 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3BF21F8A8B for ; Tue, 12 Mar 2013 06:27:46 -0700 (PDT) Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id B298C8A031 for ; Tue, 12 Mar 2013 13:27:45 +0000 (UTC) Date: Tue, 12 Mar 2013 09:27:06 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130312132705.GA39133@mx1.yitter.info> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130311201201.GD38441@mx1.yitter.info> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 13:27:47 -0000 Dear colleagues, On Mon, Mar 11, 2013 at 04:12:01PM -0400, Andrew Sullivan wrote: > On Mon, Mar 11, 2013 at 04:01:04PM -0400, Joe Abley wrote: > > English, in the RFC series. What is the reason for appearing to > > promote one over the other? > > I don't know; that's what the WG said before. The reasoning in the draft behind recommending ECDSAP256SHA256 and ECDSAP384SHA384 and not GOST-ECC is that the former two "may see widespread use". Does anyone have an argument that ECC-GOST also falls into that category? If so, Joe is quite correct. If not, then it seems the current recommendations are ok. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com From ajs@anvilwalrusden.com Tue Mar 12 06:38:55 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA1B21F8A99 for ; Tue, 12 Mar 2013 06:38:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.803 X-Spam-Level: X-Spam-Status: No, score=-0.803 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7pXgB23MVdU for ; Tue, 12 Mar 2013 06:38:54 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id D23B521F8BA2 for ; Tue, 12 Mar 2013 06:38:53 -0700 (PDT) Received: from crankycanuck.ca (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 4E6D18A031 for ; Tue, 12 Mar 2013 13:38:53 +0000 (UTC) Date: Tue, 12 Mar 2013 09:38:30 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130312133829.GB39133@crankycanuck.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 13:38:55 -0000 Sam, Thanks for your conversation in the hall. More below. On Mon, Mar 11, 2013 at 04:13:17PM -0400, Samuel Weiler wrote: > I think something needs to change. Most likely, we just need to > restate in the text (not just the table) the status of RSASHA1 and > RSAMD5. It appears that we now agree that the table covers everything, and that the text in section 2.2 is just rationale for some algorithms' state. If I understand your concern, you'd prefer to see the table in section 2.2 to be expressed instead as running text. Note that, if we do this, we pass through the IESG changeover, so this document will need to be processed by a new IESG (with the additional snags that might imply). Given that the definitions in previous drafts were _also_ in the table, I'm a little concerned that this is now being offered as a substantive reason to override prior consensus. Would it be sufficient to extend the sentence in section 1 to make clearer that the table is the official line here? That is OLD, sec 1 para 3: This document defines the current implementation status for all registered algorithms. NEW, sec 1 para 3: This document defines the current implementation status for all registered algorithms; the definitions are found in the table in Section 2.3. Will that do? Best, A (as shepherd) -- Andrew Sullivan ajs@anvilwalrusden.com From jabley@hopcount.ca Tue Mar 12 06:48:03 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2954021F8BD7 for ; Tue, 12 Mar 2013 06:48:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.929 X-Spam-Level: X-Spam-Status: No, score=-99.929 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_IP_ADDR=1.119, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIL2DWZJs8RO for ; Tue, 12 Mar 2013 06:48:02 -0700 (PDT) Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 6E82621F8AC1 for ; Tue, 12 Mar 2013 06:48:02 -0700 (PDT) Received: by mail-ie0-f177.google.com with SMTP id 16so6432986iea.36 for ; Tue, 12 Mar 2013 06:48:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=AzLDkBUAMXv6V6mxtLZMdC691QHuWPea1dZI6wX4EwM=; b=c27/t9qzOItByi+E2Dw2ubL9XpKzUTUP669vFbn711+hkJEDk5/GK/mdRNIZlp5x28 xBAJK2v/F+D09rD7TBKGWH0ld0xQvnW+KoheTRqwGFusZMKnuLWpr9d0n2I9bbQrtRIC 7cfchb8aYNItm8LuS8RHpnJuVKDiXA/wI5Tu0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=AzLDkBUAMXv6V6mxtLZMdC691QHuWPea1dZI6wX4EwM=; b=U2UYOVeHdLDqhkxrXtbFEr/8GOI63j+IWzvrNM5fC4g5gacJtRnDA7tV8fdQ55Yvog RdQrbsD6AyHt6CxkbscIupL8kP4PUeZJGQ7fy+O3nZLvtcnn/VgYSca2KojQ+K+3eOxb 8Jaq0FiKYuKAPSZ2zUWRcrP4Hoar54s61cFBTBtI/6LPtRibHyKpjs5qkSO9X83fhuF6 Y59tFvdpRlxDRsT+f1wgHG2pNcHukGHS1ojCLSAmvJJjEqoTXh/jMbhdH7P9cTTZwFlb PyLWfcDDGqzR87TjBrWI1amFAvzC6VyCHbz4fDAlQuz6C/HVMzlGBjprVNufEqwxLeqN uIvA== X-Received: by 10.50.89.200 with SMTP id bq8mr11648340igb.58.1363096081993; Tue, 12 Mar 2013 06:48:01 -0700 (PDT) Received: from [199.212.90.51] ([199.212.90.51]) by mx.google.com with ESMTPS id xe9sm19622880igb.7.2013.03.12.06.48.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Mar 2013 06:48:01 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Joe Abley In-Reply-To: <20130312132705.GA39133@mx1.yitter.info> Date: Tue, 12 Mar 2013 09:47:58 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> <20130312132705.GA39133@mx1.yitter.info> To: Andrew Sullivan X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQkJJU0ZslmXlBcacd6AcC/1e4tlPXEoiwMlbzZ0FsqL8qhJogYKupFRUL6EP25xMDxVT7GI Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 13:48:03 -0000 On 2013-03-12, at 09:27, Andrew Sullivan wrote: > On Mon, Mar 11, 2013 at 04:12:01PM -0400, Andrew Sullivan wrote: >> On Mon, Mar 11, 2013 at 04:01:04PM -0400, Joe Abley wrote: >=20 >>> English, in the RFC series. What is the reason for appearing to >>> promote one over the other? >>=20 >> I don't know; that's what the WG said before.=20 >=20 > The reasoning in the draft behind recommending ECDSAP256SHA256 and > ECDSAP384SHA384 and not GOST-ECC is that the former two "may see > widespread use". To give the quote more context, the draft says that the former two "may = see widespread use due to the perceived similar level of security = offered with smaller key size compared to the key sizes of algorithms = such as RSA." The prediction of widespread use is based on a presumed = advantage that smaller key sizes are good. There's no citation for the cryptographic strength (perceived or = otherwise) of ECDSAP256SHA256 or ECDSAP384SHA384 relative to the other = "recommended" algorithms, i.e. RSASHA256, RSASHA1-NSEC3-SHA1 or = RSASHA512. RFC 6605 has this to say: Current estimates are that ECDSA with curve P-256 has an approximate equivalent strength to RSA with 3072-bit keys. Using ECDSA with curve P-256 in DNSSEC has some advantages and disadvantages relative to using RSA with SHA-256 and with 3072-bit keys. ECDSA keys are much shorter than RSA keys; at this size, the difference is 256 versus 3072 bits. Similarly, ECDSA signatures are much shorter than RSA signatures. This is relevant because DNSSEC stores and transmits both keys and signatures. which adds more detail, but also omits citations (beyond "current = estimates"). I didn't look very hard, but I couldn't find a comparison = between GOST R.34.10-2001 and RSA/SHA256. In both ECDSA and GOST-ECC a public key Q =3D (x, y) is represented in = DNSSEC as the concatenation x | y.=20 In GOST R.34.10-2001 and ECDSA/P-256, the wire encoding is specified as = 32 bytes for each of x and y, giving an encoded public key size of 512 = bytes. In ECDSA/P-384, the wire encoding is specified as 48 bytes for each of x = and y, giving an encoded public key size of 768 bits. Based purely on the motivation to reduce the key size (given that no = citations are given for either ECDSA or GOST-ECC with respect to = cryptographic strength relative to other algorithms) it seems that = GOST-ECC has the same advantages as ECDSA/P-256 and is better than = ECDSA/P-384. > Does anyone have an argument that ECC-GOST also > falls into that category? Arguments about possible future widespread use are difficult to justify. = Counter-examples (alg A is more likely to see use than alg B because A = is encumbered, or is computationally expensive, or something) seem = slightly easier to come up with. But since ECDSA and GOST-ECC are = fundamentally so similar, it seems odd to me to treat them differently. The only practical difference between ECDSA and GOST-ECC is where they = were developed and standardised, and (once again) I think it'd be = unfortunate if there was the perception that the GOST-specified = algorithm was being under-promoted purely for geopolitical reasons. Joe From weiler@watson.org Tue Mar 12 07:18:04 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8179921F8B4C for ; Tue, 12 Mar 2013 07:18:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.413 X-Spam-Level: X-Spam-Status: No, score=-2.413 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zsvC5qBI5hVt for ; Tue, 12 Mar 2013 07:18:04 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id CB80621F8B4A for ; Tue, 12 Mar 2013 07:18:03 -0700 (PDT) Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.5/8.14.5) with ESMTP id r2CEGkoU030237; Tue, 12 Mar 2013 10:16:46 -0400 (EDT) (envelope-from weiler@watson.org) Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.5/8.14.5/Submit) with ESMTP id r2CEGkXu030234; Tue, 12 Mar 2013 10:16:46 -0400 (EDT) (envelope-from weiler@watson.org) X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs Date: Tue, 12 Mar 2013 10:16:46 -0400 (EDT) From: Samuel Weiler To: Andrew Sullivan In-Reply-To: <20130312133829.GB39133@crankycanuck.ca> Message-ID: References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130312133829.GB39133@crankycanuck.ca> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Tue, 12 Mar 2013 10:16:46 -0400 (EDT) Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 14:18:04 -0000 On Tue, 12 Mar 2013, Andrew Sullivan wrote: > It appears that we now agree that the table covers everything, and > that the text in section 2.2 is just rationale for some algorithms' > state. If I understand your concern, you'd prefer to see the table > in section 2.2 to be expressed instead as running text. Not quite. I think the table in 2.3 is complete. HOWEVER, the text in 2.2 sounds like it intends to be complete, and it differs from the table. > Will that do? That is clunky. My suggestion: add two sentences to 2.2 explaining the additional non-Optional entires in the table in 2.3: RSASHA1 and RSAMD5. "RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5." Or something like that. -- Sam From ajs@anvilwalrusden.com Tue Mar 12 07:20:58 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580FF21F8B4C for ; Tue, 12 Mar 2013 07:20:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.807 X-Spam-Level: X-Spam-Status: No, score=-0.807 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcvgsgK21RoJ for ; Tue, 12 Mar 2013 07:20:57 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB7221F8B4A for ; Tue, 12 Mar 2013 07:20:56 -0700 (PDT) Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id DDD188A031 for ; Tue, 12 Mar 2013 14:20:55 +0000 (UTC) Date: Tue, 12 Mar 2013 10:20:44 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130312142044.GE39133@mx1.yitter.info> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> <20130312132705.GA39133@mx1.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 14:20:58 -0000 On Tue, Mar 12, 2013 at 09:47:58AM -0400, Joe Abley wrote: > > The only practical difference between ECDSA and GOST-ECC is where they were developed and standardised, and (once again) I think it'd be unfortunate if there was the perception that the GOST-specified algorithm was being under-promoted purely for geopolitical reasons. > I'm not sure that's the reason. I actually have no idea what the reason was, but the WG previously had already reached consensus on this issue, so I'm trying to figure out whether the problem is merely the description of why the ECDSA algorithms might find more pick-up, or whether the document has a fundamental mistake in it. I also cannot help but observe that this issue has cropped up now after multiple WGLC events on this basic issue, and nobody ever mentioned it before. The only reason the document is back before the WG is to ensure that the changes in response to the AD's DISCUSS have not changed the substance of the document. This is not to discourage late observations, but to ask about the quality of review that we did in the past, and also to ask whether, if we reopen this, whether we'll get adequate review in the next round of discussion. There is no question that moving ECC-GOST from Optional to some other status is a substantive change to the document, and would need another WGLC and, IMO, IETF LC. I would not be even remotely surprised if that LC failed for want of responses. Best, A -- Andrew Sullivan ajs@anvilwalrusden.com From ajs@anvilwalrusden.com Tue Mar 12 07:56:01 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A51121F84A1 for ; Tue, 12 Mar 2013 07:56:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.808 X-Spam-Level: X-Spam-Status: No, score=-0.808 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPbTmOWacF-C for ; Tue, 12 Mar 2013 07:56:00 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id A76E021F8675 for ; Tue, 12 Mar 2013 07:56:00 -0700 (PDT) Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id BAC698A036 for ; Tue, 12 Mar 2013 14:55:50 +0000 (UTC) Date: Tue, 12 Mar 2013 10:55:39 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130312145539.GB39238@mx1.yitter.info> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130312133829.GB39133@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 14:56:01 -0000 On Tue, Mar 12, 2013 at 10:16:46AM -0400, Samuel Weiler wrote: > > My suggestion: add two sentences to 2.2 explaining the additional > non-Optional entires in the table in 2.3: RSASHA1 and RSAMD5. > > "RSASHA1 has an implementation status of Must Implement, consistent > with [RFC4034]. RSAMD5 has an implementation status of Must Not > Implement because of known weaknesses in MD5." > > Or something like that. These are good. Thanks! I see no reason this can't be added. A -- Andrew Sullivan ajs@anvilwalrusden.com From rdroms@cisco.com Tue Mar 12 07:58:59 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB60B21F8AF4 for ; Tue, 12 Mar 2013 07:58:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hx1yZUESLIQu for ; Tue, 12 Mar 2013 07:58:59 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 55CE621F896E for ; Tue, 12 Mar 2013 07:58:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=888; q=dns/txt; s=iport; t=1363100339; x=1364309939; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=6yKXrIhM2IP28jxB32Ess5hTu6JR+AVDWB4cRxcqoNw=; b=b9SbhnBDsD5g8Np34QckfL0bAok0sp8PLv9W/wTnaX9S2Th+Fs2+4cbl VL+8eb476x6+H4/7UY+68ioGyFJaGim/xNUUop18K2QFHc3YLofbFmt0v 27VJbSv1EeKlsr4GscryyjfvpNDme28F5wRMJ++dXe/4MaT7Bt/7wXfQ/ E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ah4FAOlBP1GtJV2b/2dsb2JhbABDh0y9F4FHFnSCKAEBAQMBAQEBNzQLBQsCAQgOCgoUECcLJQIEDgUIiAYGDLB2j3cTBI5aAjEHgl9hA6dMgwqCKA X-IronPort-AV: E=Sophos;i="4.84,831,1355097600"; d="scan'208";a="186566525" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-8.cisco.com with ESMTP; 12 Mar 2013 14:58:59 +0000 Received: from xhc-aln-x13.cisco.com (xhc-aln-x13.cisco.com [173.36.12.87]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id r2CEwwGu010083 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Mar 2013 14:58:58 GMT Received: from xmb-aln-x04.cisco.com ([169.254.9.127]) by xhc-aln-x13.cisco.com ([173.36.12.87]) with mapi id 14.02.0318.004; Tue, 12 Mar 2013 09:58:58 -0500 From: "Ralph Droms (rdroms)" To: Andrew Sullivan Thread-Topic: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt Thread-Index: AQHOHmwd5pF0LUuL9E+Ad/iyNu0v5pihMLyAgAAP+YCAASQIAIAACrEAgAAK3YCAAADrAA== Date: Tue, 12 Mar 2013 14:58:58 +0000 Message-ID: <4518F39EB578034D8C99A9B7776CDBA353913C@xmb-aln-x04.cisco.com> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130312133829.GB39133@crankycanuck.ca> <20130312145539.GB39238@mx1.yitter.info> In-Reply-To: <20130312145539.GB39238@mx1.yitter.info> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.86.245.134] Content-Type: text/plain; charset="us-ascii" Content-ID: <1434FF9AE519A944A87E911949FADAB5@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dnsext@ietf.org" Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 14:59:00 -0000 On Mar 12, 2013, at 10:55 AM 3/12/13, Andrew Sullivan wrote: > On Tue, Mar 12, 2013 at 10:16:46AM -0400, Samuel Weiler wrote: >>=20 >> My suggestion: add two sentences to 2.2 explaining the additional >> non-Optional entires in the table in 2.3: RSASHA1 and RSAMD5. >>=20 >> "RSASHA1 has an implementation status of Must Implement, consistent >> with [RFC4034]. RSAMD5 has an implementation status of Must Not >> Implement because of known weaknesses in MD5." >>=20 >> Or something like that. >=20 > These are good. Thanks! I see no reason this can't be added. I can make this change with an RFC Editor note. - Ralph >=20 > A >=20 > --=20 > Andrew Sullivan > ajs@anvilwalrusden.com > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From jabley@hopcount.ca Tue Mar 12 09:38:27 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB0721F8C8C for ; Tue, 12 Mar 2013 09:38:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.929 X-Spam-Level: X-Spam-Status: No, score=-99.929 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_IP_ADDR=1.119, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAOIOrUXJnEz for ; Tue, 12 Mar 2013 09:38:26 -0700 (PDT) Received: from mail-ie0-x229.google.com (mail-ie0-x229.google.com [IPv6:2607:f8b0:4001:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 9362E21F8C1F for ; Tue, 12 Mar 2013 09:38:26 -0700 (PDT) Received: by mail-ie0-f169.google.com with SMTP id 13so55399iea.14 for ; Tue, 12 Mar 2013 09:38:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=p4tcYxaSl6QL7/1jqrlALDx1Fi+rYkSJ0FmvMllb8WA=; b=GWnYp2owlaUpaRq/8nAwnhCD64/lU2E2wcAADeWYXdRkH19/xQ/qaRJLtOWKEgGhBY rEqb1ad+gBgoLPzoI0MnyQs2Vzq9VfmFqRBHGRoUhVRYszPYpW0Q549Vhhhz7M06oAyL T8Uf6ionSqoL5mLosdNAygz9PxablTW3tUdyc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=p4tcYxaSl6QL7/1jqrlALDx1Fi+rYkSJ0FmvMllb8WA=; b=bA/l4qBfxCJvC//6vzp2WFp1XM4Hct1VSzIlSXLGRLpHD85RiVHPhfMgHlN6SOJHrF HkOaYzzJEgqg9p5yDobMcTalX4uRh3+W0Chr94kqEY4NtvT5suISuUxyzIQ7fKKjN4lj kTWHS40Yft9ypDN9sEuQeo7A9vGt26AAC0facLtwhVtItBQB7LXQbkQHVCizSovwH5hg Mmx+cgOUmLGKjB2Pzeo6flqAvZATiN6PgFNigUY1JFvvL65ocVCFcI3XLTLH20k5mDLn 9/T/2ShM3vrSvF3n8b0WE+CDzGpjlTBkV6/8Qj3p4+HgaMkO1HeOKaGgr+DAVxXEiecn ZNPw== X-Received: by 10.50.20.168 with SMTP id o8mr11737895ige.77.1363106306126; Tue, 12 Mar 2013 09:38:26 -0700 (PDT) Received: from [199.212.90.51] ([199.212.90.51]) by mx.google.com with ESMTPS id hi4sm22281027igc.6.2013.03.12.09.38.24 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Mar 2013 09:38:25 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Joe Abley In-Reply-To: <20130312142044.GE39133@mx1.yitter.info> Date: Tue, 12 Mar 2013 12:38:22 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <87F111F3-9E94-4328-ABE4-A7DA4F0A37F1@hopcount.ca> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> <20130312132705.GA39133@mx1.yitter.info> <20130312142044.GE39133@mx1.yitter.info> To: Andrew Sullivan X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQkTuHSEKRxnZa6QVVup2RxDeZ2psBlB93oa69A9ToNI2ZMUrfAJBl7oreyg875upXtee93F Cc: dnsext@ietf.org Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 16:38:27 -0000 On 2013-03-12, at 10:20, Andrew Sullivan wrote: > This is not to discourage late observations, but to ask about the > quality of review that we did in the past, and also to ask whether, if > we reopen this, whether we'll get adequate review in the next round of > discussion. There is no question that moving ECC-GOST from Optional > to some other status is a substantive change to the document, and > would need another WGLC and, IMO, IETF LC. I would not be even > remotely surprised if that LC failed for want of responses. I seem to think that there's ample evidence that people think this = document is worth publishing. I think that's established, regardless of = the amount of feedback received for any future last call (low volumes or = absence of response could be attribute to LG-fatigue.) With respect to this change, if nobody has sufficient interest to = comment perhaps the answer is that it's not actually substantive. Joe= From ajs@anvilwalrusden.com Tue Mar 12 11:26:59 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 544AB11E8148 for ; Tue, 12 Mar 2013 11:26:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.814 X-Spam-Level: X-Spam-Status: No, score=-0.814 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmfvSgIFKbt6 for ; Tue, 12 Mar 2013 11:26:58 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 2FCA311E8109 for ; Tue, 12 Mar 2013 11:26:53 -0700 (PDT) Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 5A5C38A031 for ; Tue, 12 Mar 2013 18:26:52 +0000 (UTC) Date: Tue, 12 Mar 2013 14:26:22 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130312182622.GB39324@mx1.yitter.info> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> <20130312132705.GA39133@mx1.yitter.info> <20130312142044.GE39133@mx1.yitter.info> <87F111F3-9E94-4328-ABE4-A7DA4F0A37F1@hopcount.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87F111F3-9E94-4328-ABE4-A7DA4F0A37F1@hopcount.ca> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 18:26:59 -0000 On Tue, Mar 12, 2013 at 12:38:22PM -0400, Joe Abley wrote: > > I seem to think that there's ample evidence that people think this > document is worth publishing. I think that's established, regardless > of the amount of feedback received for any future last call (low > volumes or absence of response could be attribute to LG-fatigue.) Ok. For that reason, then, I'm going to ask Ralph to go ahead, with the two notes we determined are going to be needed. If there is a later need to move ECC-GOST to Recommended to Implement, it ought to be a fairly trivial matter to produce a new document for this, and send it through an area or up the AD Sponsored track. Thanks very much for your comments & review! A -- Andrew Sullivan ajs@anvilwalrusden.com From rdroms@cisco.com Tue Mar 12 11:51:49 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673CB11E8108 for ; Tue, 12 Mar 2013 11:51:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NC3O1ttglJ5V for ; Tue, 12 Mar 2013 11:51:48 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id E38D211E812A for ; Tue, 12 Mar 2013 11:51:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1267; q=dns/txt; s=iport; t=1363114305; x=1364323905; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=FKhMhVwsRmOJJK0QWNHUUyYvlw6P8bUijr8J/R0fi+w=; b=dLniN2L6oCD+vhw6PqunUDDcxAB2Edqj1Y7V0l5sGhgYXJC8hy7mha9d fDnIRumg8PCjvkXBeWemq38pVQWMUB+5P4x7SdWWgTH5sUiM8uEVkGr5j MezpZ3xce4/06S/P0Fu3xzDBaMEfG0+KG7jHEy4j02Ase+ePxVkcZcQqR 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEFAFN4P1GtJV2c/2dsb2JhbABDxGqBSxZ0gikBAQEDAQEBATc0CwULAgEIDgoKFBAnCyUCBA4FCIgGBgyxVY9cEwSOWgIxB4JfYQOnTIMKgig X-IronPort-AV: E=Sophos;i="4.84,832,1355097600"; d="scan'208";a="183681978" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP; 12 Mar 2013 18:51:44 +0000 Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r2CIpiKa023618 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Mar 2013 18:51:44 GMT Received: from xmb-aln-x04.cisco.com ([169.254.9.127]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.02.0318.004; Tue, 12 Mar 2013 13:51:44 -0500 From: "Ralph Droms (rdroms)" To: Andrew Sullivan Thread-Topic: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt Thread-Index: AQHOH09C6jDG6O1XM0ON1gwx+GJKFpiiunqA Date: Tue, 12 Mar 2013 18:51:43 +0000 Message-ID: <4518F39EB578034D8C99A9B7776CDBA353A459@xmb-aln-x04.cisco.com> References: <20130311152035.4888.59295.idtracker@ietfa.amsl.com> <20130311191607.GF38303@crankycanuck.ca> <20130311194317.GA38441@crankycanuck.ca> <20130311201201.GD38441@mx1.yitter.info> <20130312132705.GA39133@mx1.yitter.info> <20130312142044.GE39133@mx1.yitter.info> <87F111F3-9E94-4328-ABE4-A7DA4F0A37F1@hopcount.ca> <20130312182622.GB39324@mx1.yitter.info> In-Reply-To: <20130312182622.GB39324@mx1.yitter.info> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.86.247.103] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dnsext@ietf.org Group Working" Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-imp-status-04.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 18:51:49 -0000 On Mar 12, 2013, at 2:26 PM 3/12/13, Andrew Sullivan wrote: > On Tue, Mar 12, 2013 at 12:38:22PM -0400, Joe Abley wrote: >>=20 >> I seem to think that there's ample evidence that people think this >> document is worth publishing. I think that's established, regardless >> of the amount of feedback received for any future last call (low >> volumes or absence of response could be attribute to LG-fatigue.) >=20 > Ok. For that reason, then, I'm going to ask Ralph to go ahead, with > the two notes we determined are going to be needed. Please send the exact text for the two notes. > If there is a > later need to move ECC-GOST to Recommended to Implement, it ought to > be a fairly trivial matter to produce a new document for this, and > send it through an area or up the AD Sponsored track. >=20 > Thanks very much for your comments & review! Thanks to all for your participation in the discussion and prompt responses= so we can get this document resolved before I step down. - Ralph >=20 > A=20 >=20 > --=20 > Andrew Sullivan > ajs@anvilwalrusden.com > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From iesg-secretary@ietf.org Wed Mar 13 08:05:23 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 665C421F8C9F; Wed, 13 Mar 2013 08:05:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.548 X-Spam-Level: X-Spam-Status: No, score=-102.548 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 382aAXGYpyQ0; Wed, 13 Mar 2013 08:05:22 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A2F21F8E0E; Wed, 13 Mar 2013 08:05:16 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.42 Message-ID: <20130313150516.12865.89723.idtracker@ietfa.amsl.com> Date: Wed, 13 Mar 2013 08:05:16 -0700 Cc: dnsext chair , dnsext mailing list , RFC Editor Subject: [dnsext] Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2013 15:05:23 -0000 The IESG has approved the following document: - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Best Current Practice This document is the product of the DNS Extensions Working Group. The IESG contact persons are Ralph Droms and Brian Haberman. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ Technical Summary The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms that it lacks the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. The document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. Working Group Summary The intended effect of this draft was originally captured in draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and controversial use of the IANA registry. That approach was too controversial, and so the WG split the document into two parts. This draft is one of them. The present approach was far less controversial than the previous one, and nobody has raised any objection to the current text. Document Quality The draft does not specify a protocol of any kind, but it does make a recommendation in favour of some algorithms that are so far not widely deployed. The discussion of dnssec-registry-fixes led to the approach instantiated in this draft. Personnel Andrew Sullivan is the Document Shepherd, and Ralph Droms is the Responsible Area Director. RFC Editor Note Please make the following two changes: In section 2.2: OLD: 2.2. Algorithm Implementation Status Assignment Rationale The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ NEW: 2.2. Algorithm Implementation Status Assignment Rationale RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5. The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ END In the IANA considerations: OLD: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. NEW: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them). END From iesg-secretary@ietf.org Wed Mar 13 08:05:23 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEE0D21F8DF9 for ; Wed, 13 Mar 2013 08:05:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.548 X-Spam-Level: X-Spam-Status: No, score=-102.548 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRJaR83XBAqt; Wed, 13 Mar 2013 08:05:23 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD7521F8E10; Wed, 13 Mar 2013 08:05:16 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IANA X-Test-IDTracker: no X-IETF-IDTracker: 4.42 X-IETF-Draft-string: draft-ietf-dnsext-dnssec-algo-imp-status X-IETF-Draft-revision: 04 Message-ID: <20130313150516.12865.51363.idtracker@ietfa.amsl.com> Date: Wed, 13 Mar 2013 08:05:16 -0700 Cc: dnsext chair , dnsext mailing list , RFC Editor Subject: [dnsext] Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: noreply@ietf.org List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2013 15:05:23 -0000 The IESG has approved the following document: - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Best Current Practice This document is the product of the DNS Extensions Working Group. The IESG contact persons are Ralph Droms and Brian Haberman. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ Technical Summary The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms that it lacks the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. The document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. Working Group Summary The intended effect of this draft was originally captured in draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and controversial use of the IANA registry. That approach was too controversial, and so the WG split the document into two parts. This draft is one of them. The present approach was far less controversial than the previous one, and nobody has raised any objection to the current text. Document Quality The draft does not specify a protocol of any kind, but it does make a recommendation in favour of some algorithms that are so far not widely deployed. The discussion of dnssec-registry-fixes led to the approach instantiated in this draft. Personnel Andrew Sullivan is the Document Shepherd, and Ralph Droms is the Responsible Area Director. RFC Editor Note Please make the following two changes: In section 2.2: OLD: 2.2. Algorithm Implementation Status Assignment Rationale The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ NEW: 2.2. Algorithm Implementation Status Assignment Rationale RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5. The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ END In the IANA considerations: OLD: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. NEW: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them). END From ogud@ogud.com Wed Mar 13 20:37:11 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D54C11E80BF for ; Wed, 13 Mar 2013 20:37:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.599 X-Spam-Level: X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLcaT-DJ0jbW for ; Wed, 13 Mar 2013 20:37:10 -0700 (PDT) Received: from smtp139.ord.emailsrvr.com (smtp139.ord.emailsrvr.com [173.203.6.139]) by ietfa.amsl.com (Postfix) with ESMTP id C3D4B11E80A4 for ; Wed, 13 Mar 2013 20:37:09 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp22.relay.ord1a.emailsrvr.com (SMTP Server) with ESMTP id 79455200199 for ; Wed, 13 Mar 2013 23:37:09 -0400 (EDT) X-Virus-Scanned: OK Received: by smtp22.relay.ord1a.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 05B69200187 for ; Wed, 13 Mar 2013 23:37:08 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Olafur Gudmundsson In-Reply-To: <20130313150516.12865.51363.idtracker@ietfa.amsl.com> Date: Wed, 13 Mar 2013 23:37:08 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <73C57154-5F39-4BEB-9213-49621702BF38@ogud.com> References: <20130313150516.12865.51363.idtracker@ietfa.amsl.com> To: dnsext mailing list X-Mailer: Apple Mail (2.1499) Subject: [dnsext] DNSEXT future: Re: Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 03:37:11 -0000 Dear Colleagues,=20 The working group has now reached the milestone that all documents on = its charter have been advanced by the IESG to RFC-editor or have fallen = by the wayside.=20 This starts the final countdown on the existence of the working group, = we will stay around until the RFC's of the 3 documents in various states = of RFC editor processing conclude.=20 We have updated the milestones to reflect this.=20 Olafur & Andrew=20 On Mar 13, 2013, at 11:05 AM, The IESG wrote: > The IESG has approved the following document: > - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm > Implementation Status' > (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Best Current > Practice >=20 From iesg-secretary@ietf.org Thu Mar 14 07:59:26 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2BC411E81C5; Thu, 14 Mar 2013 07:59:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JH+d3wJg61wT; Thu, 14 Mar 2013 07:59:22 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 21A5511E821E; Thu, 14 Mar 2013 07:58:54 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.43 Message-ID: <20130314145854.23217.22454.idtracker@ietfa.amsl.com> Date: Thu, 14 Mar 2013 07:58:54 -0700 Cc: dnsext chair , dnsext mailing list , RFC Editor Subject: [dnsext] CORRECTED Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Proposed Standard (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 14:59:26 -0000 The IESG has approved the following document: - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact person is Ralph Droms. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ Technical Summary The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms that it lacks the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. The document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. Working Group Summary The intended effect of this draft was originally captured in draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and controversial use of the IANA registry. That approach was too controversial, and so the WG split the document into two parts. This draft is one of them. The present approach was far less controversial than the previous one, and nobody has raised any objection to the current text. Document Quality The draft does not specify a protocol of any kind, but it does make a recommendation in favour of some algorithms that are so far not widely deployed. The discussion of dnssec-registry-fixes led to the approach instantiated in this draft. Personnel Andrew Sullivan is the Document Shepherd, and Ralph Droms is the Responsible Area Director. RFC Editor Note Please make the following two changes: In section 2.2: OLD: 2.2. Algorithm Implementation Status Assignment Rationale The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ NEW: 2.2. Algorithm Implementation Status Assignment Rationale RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5. The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ END In the IANA considerations: OLD: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. NEW: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them). END From iesg-secretary@ietf.org Thu Mar 14 07:59:27 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA2411E8212 for ; Thu, 14 Mar 2013 07:59:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVXkSTET9AQu; Thu, 14 Mar 2013 07:59:26 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 61DD511E8221; Thu, 14 Mar 2013 07:58:54 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IANA X-Test-IDTracker: no X-IETF-IDTracker: 4.43 X-IETF-Draft-string: draft-ietf-dnsext-dnssec-algo-imp-status X-IETF-Draft-revision: 04 Message-ID: <20130314145854.23217.84041.idtracker@ietfa.amsl.com> Date: Thu, 14 Mar 2013 07:58:54 -0700 Cc: dnsext chair , dnsext mailing list , RFC Editor Subject: [dnsext] CORRECTED Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Proposed Standard (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: noreply@ietf.org List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 14:59:27 -0000 The IESG has approved the following document: - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact person is Ralph Droms. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ Technical Summary The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms that it lacks the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. The document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933. Working Group Summary The intended effect of this draft was originally captured in draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and controversial use of the IANA registry. That approach was too controversial, and so the WG split the document into two parts. This draft is one of them. The present approach was far less controversial than the previous one, and nobody has raised any objection to the current text. Document Quality The draft does not specify a protocol of any kind, but it does make a recommendation in favour of some algorithms that are so far not widely deployed. The discussion of dnssec-registry-fixes led to the approach instantiated in this draft. Personnel Andrew Sullivan is the Document Shepherd, and Ralph Droms is the Responsible Area Director. RFC Editor Note Please make the following two changes: In section 2.2: OLD: 2.2. Algorithm Implementation Status Assignment Rationale The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ NEW: 2.2. Algorithm Implementation Status Assignment Rationale RSASHA1 has an implementation status of Must Implement, consistent with [RFC4034]. RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5. The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ END In the IANA considerations: OLD: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the entire registry. NEW: Because this document establishes the implementation status of every algorithm, it should be listed as a reference for the registry itself (leaving in place the individual entries for the algorithms referring to the documents that specify them). END From Ted.Lemon@nominum.com Thu Mar 14 11:54:55 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 218CE11E80F2; Thu, 14 Mar 2013 11:54:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npb1k0at7L-h; Thu, 14 Mar 2013 11:54:54 -0700 (PDT) Received: from exprod7og112.obsmtp.com (exprod7og112.obsmtp.com [64.18.2.177]) by ietfa.amsl.com (Postfix) with ESMTP id 7E90911E8193; Thu, 14 Mar 2013 11:54:54 -0700 (PDT) Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob112.postini.com ([64.18.6.12]) with SMTP ID DSNKUUIc/ix3mwZ4eRFsGtf2OYEev56YR0zZ@postini.com; Thu, 14 Mar 2013 11:54:54 PDT Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 1E2C61B8A7F; Thu, 14 Mar 2013 11:54:54 -0700 (PDT) Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 15D2F190043; Thu, 14 Mar 2013 11:54:54 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com) Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.02.0318.004; Thu, 14 Mar 2013 11:54:54 -0700 From: Ted Lemon To: Lynne Bartholomew Thread-Topic: CORRECTED Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Proposed Standard (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) Thread-Index: AQHOIN9FOqB6OYnwuUCwVpzcS8d6xJil/m4A Date: Thu, 14 Mar 2013 18:54:53 +0000 Message-ID: <8D23D4052ABE7A4490E77B1A012B6307474C41DB@mbx-01.win.nominum.com> References: <20130314145854.23217.22454.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.1.10] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Brian Haberman , dnsext mailing list , Andrew Sullivan , The IESG , Ralph Droms , dnsext chair , RFC Editor Subject: Re: [dnsext] CORRECTED Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Proposed Standard (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 18:54:55 -0000 On Mar 14, 2013, at 2:10 PM, Lynne Bartholomew wrot= e: > Forwarding to you as an FYI, after seeing the updated AD list; apologies = for the oversight. Not a problem. I saw the discussion and felt that the right thing was bei= ng done, so I didn't interfere. :) From lbartholomew@amsl.com Thu Mar 14 11:01:20 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6881F21F8800; Thu, 14 Mar 2013 11:01:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9UWDBs0wf04; Thu, 14 Mar 2013 11:01:19 -0700 (PDT) Received: from mail.amsl.com (mail.amsl.com [64.170.98.20]) by ietfa.amsl.com (Postfix) with ESMTP id AB32011E80F2; Thu, 14 Mar 2013 11:01:19 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 9E00D124937; Thu, 14 Mar 2013 11:01:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IYfDLpC8-9q9; Thu, 14 Mar 2013 11:01:19 -0700 (PDT) Received: from [192.168.1.3] (c-71-202-76-213.hsd1.ca.comcast.net [71.202.76.213]) by c8a.amsl.com (Postfix) with ESMTPSA id 271B91246C5; Thu, 14 Mar 2013 11:01:19 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Lynne Bartholomew In-Reply-To: <20130314145854.23217.22454.idtracker@ietfa.amsl.com> Date: Thu, 14 Mar 2013 11:01:18 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130314145854.23217.22454.idtracker@ietfa.amsl.com> To: The IESG , Andrew Sullivan , Ralph Droms , Brian Haberman X-Mailer: Apple Mail (2.1085) X-Mailman-Approved-At: Thu, 14 Mar 2013 12:18:39 -0700 Cc: dnsext chair , dnsext mailing list , IETF-Announce , RFC Editor Subject: Re: [dnsext] CORRECTED Protocol Action: 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Proposed Standard (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 18:01:20 -0000 Dear IESG, Andrew, Ralph, and Brian, We have updated our database record for this document. It is now listed = as Proposed Standard. Thank you. RFC Editor/lb > From: Brian Haberman > Date: March 14, 2013 7:20:24 AM PDT > To: Ralph Droms > Cc: Andrew Sullivan , The IESG = , dnsext-chairs@tools.ietf.org, = rfc-editor@rfc-editor.org, dnsext-ads@tools.ietf.org > Subject: Re: [dnsext] Protocol Action: 'Applicability Statement: DNS = Security (DNSSEC) DNSKEY Algorithm Implementation Status' to Best = Current Practice (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) >=20 > Ugh. So, the header boilerplate indicates Standards Track, which is = good. I suspect that the announcement text was not updated after that = change (and that led to the mis-worded announcement). >=20 > Since this was a BCP->PS change, I think we can ask the secretariat to = withdraw the announcement and the shepherding AD can re-generate the = text and re-send the announcement. >=20 > Brian >=20 > On 3/14/13 9:45 AM, Ralph Droms wrote: >> Good catch. I think it should be standards track, but Ted and Brian = are technically in charge now. >>=20 >> - Ralph >>=20 >> On Mar 14, 2013, at 9:42 AM 3/14/13, Andrew Sullivan = wrote: >>=20 >>> Oh, heck. One of the things Pete insisted on in his DISCUSS was = that >>> this not be published as BCP but on the standards track, because = it's >>> an applicability statement. >>>=20 >>> I missed the BCP part of this announcement yesterday. >>>=20 >>> Is this a Bad Thing? Is there something to be done about it? The >>> Draft currently says the Intended status is standards track. >>>=20 >>> A On Mar 14, 2013, at 7:58 AM, The IESG wrote: > The IESG has approved the following document: > - 'Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm > Implementation Status' > (draft-ietf-dnsext-dnssec-algo-imp-status-04.txt) as Proposed = Standard >=20 > This document is the product of the DNS Extensions Working Group. >=20 > The IESG contact person is Ralph Droms. >=20 > A URL of this Internet Draft is: > = http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-imp-status/ >=20 >=20 >=20 >=20 > Technical Summary=20 >=20 > The DNS Security Extensions (DNSSEC) requires the use of=20 > cryptographic algorithm suites for generating digital signatures=20 > over DNS data. There is currently an IANA registry for these=20 > algorithms that it lacks the recommended implementation status of=20 > each algorithm. This document provides an applicability statement=20 > on algorithm implementation status for DNSSEC component software.=20 > This document lists each algorithm's status based on the current=20 > reference. In the case that an algorithm is specified without an=20 > implementation status, this document assigns one. The document=20 > updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933.=20 >=20 > Working Group Summary=20 >=20 > The intended effect of this draft was originally captured in=20 > draft-ietf-dnsext-dnssec-registry-fixes-08, which made a novel and=20= > controversial use of the IANA registry. That approach was too=20 > controversial, and so the WG split the document into two parts.=20 > This draft is one of them.=20 >=20 > The present approach was far less controversial than the previous=20= > one, and nobody has raised any objection to the current text.=20 >=20 > Document Quality=20 >=20 > The draft does not specify a protocol of any kind, but it does=20 > make a recommendation in favour of some algorithms that are so far=20= > not widely deployed. =20 >=20 > The discussion of dnssec-registry-fixes led to the approach=20 > instantiated in this draft. =20 >=20 > Personnel=20 >=20 > Andrew Sullivan is the Document Shepherd, and Ralph Droms is the=20 > Responsible Area Director.=20 >=20 >=20 > RFC Editor Note >=20 > Please make the following two changes: >=20 > In section 2.2: >=20 > OLD: >=20 > 2.2. Algorithm Implementation Status Assignment Rationale >=20 > The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement > as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ >=20 > NEW: >=20 > 2.2. Algorithm Implementation Status Assignment Rationale >=20 > RSASHA1 has an implementation status of Must Implement, consistent > with [RFC4034]. RSAMD5 has an implementation status of Must Not > Implement because of known weaknesses in MD5. >=20 > The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement > as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/ >=20 > END >=20 > In the IANA considerations: >=20 > OLD: >=20 > Because this document establishes the implementation status of every > algorithm, it should be listed as a reference for the entire > registry. >=20 > NEW: >=20 > Because this document establishes the implementation > status of every algorithm, it should be listed as a reference for > the registry itself (leaving in place the individual entries for the > algorithms referring to the documents that specify them). >=20 > END >=20 >=20 From envite@rolamasao.org Sun Mar 17 05:59:18 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08A3421F8883 for ; Sun, 17 Mar 2013 05:59:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.137 X-Spam-Level: * X-Spam-Status: No, score=1.137 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldNFD8kYlvq1 for ; Sun, 17 Mar 2013 05:59:17 -0700 (PDT) Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 4E27021F87BB for ; Sun, 17 Mar 2013 05:59:16 -0700 (PDT) Received: from tochox.localnet (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id A749611EC1 for ; Sun, 17 Mar 2013 12:59:14 +0000 (WET) From: Noel David Torres =?iso-8859-1?q?Ta=F1o?= To: dnsext@ietf.org Date: Sun, 17 Mar 2013 12:58:46 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.0-4-amd64; KDE/4.8.4; x86_64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2273923.PBeHldsGm9"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201303171259.07860.envite@rolamasao.org> Subject: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Mar 2013 14:48:35 -0000 --nextPart2273923.PBeHldsGm9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all I'm Noel Torres, sysadmin from Spain. I have readed in the charter that this WG will be shut down soon. Did I do = bad=20 by subscribing? Regards =2D------------------------ A: Because it breaks the logical flow of discussion. Q: Why is top posting bad? --nextPart2273923.PBeHldsGm9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlFFvhsACgkQcLQA8+7Hw3LpXACgggt7xE5w8nKXVrqESRi1VtY+ 5IoAn2R4trDz2+MmRnxiXl0Wb7HIgAr4 =GRYs -----END PGP SIGNATURE----- --nextPart2273923.PBeHldsGm9-- From ajs@anvilwalrusden.com Sun Mar 17 13:17:16 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7831421F8BA1 for ; Sun, 17 Mar 2013 13:17:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.84 X-Spam-Level: X-Spam-Status: No, score=-0.84 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcAI9U65zYqR for ; Sun, 17 Mar 2013 13:17:16 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id EBE9E21F8B98 for ; Sun, 17 Mar 2013 13:17:15 -0700 (PDT) Received: from mx1.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 1AC768A031 for ; Sun, 17 Mar 2013 20:17:14 +0000 (UTC) Date: Sun, 17 Mar 2013 16:17:12 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130317201712.GC85736@mx1.yitter.info> References: <201303171259.07860.envite@rolamasao.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <201303171259.07860.envite@rolamasao.org> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Mar 2013 20:17:16 -0000 On Sun, Mar 17, 2013 at 12:58:46PM +0000, Noel David Torres Taño wrote: > I have readed in the charter that this WG will be shut down soon. Did I do bad > by subscribing? No. There is no intention to shut the list down. A -- Andrew Sullivan ajs@anvilwalrusden.com From envite@rolamasao.org Sun Mar 17 15:49:22 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC7721F8AC1 for ; Sun, 17 Mar 2013 15:49:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.187 X-Spam-Level: * X-Spam-Status: No, score=1.187 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lrlYfk1r2LP for ; Sun, 17 Mar 2013 15:49:22 -0700 (PDT) Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 9F31221F84E3 for ; Sun, 17 Mar 2013 15:49:20 -0700 (PDT) Received: from tochox.localnet (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id 74D3A11EC1 for ; Sun, 17 Mar 2013 22:49:17 +0000 (WET) From: Noel David Torres =?iso-8859-1?q?Ta=F1o?= To: dnsext@ietf.org Date: Sun, 17 Mar 2013 22:49:06 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.0-4-amd64; KDE/4.8.4; x86_64; ; ) References: <201303171259.07860.envite@rolamasao.org> <20130317201712.GC85736@mx1.yitter.info> In-Reply-To: <20130317201712.GC85736@mx1.yitter.info> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1463084.o668b1G4lL"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201303172249.13316.envite@rolamasao.org> Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Mar 2013 22:49:22 -0000 --nextPart1463084.o668b1G4lL Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Domingo, 17 de marzo de 2013 20:17:12 Andrew Sullivan wrote: > On Sun, Mar 17, 2013 at 12:58:46PM +0000, Noel David Torres Ta=F1o wrote: > > I have readed in the charter that this WG will be shut down soon. Did I > > do bad by subscribing? >=20 > No. There is no intention to shut the list down. >=20 > A Thanks I want to learn how to create a DNS extension, but I think it is more polit= e=20 to just read and learn first. Regards Noel er Envite =2D------------------------ A: Because it breaks the logical flow of discussion. Q: Why is top posting bad? --nextPart1463084.o668b1G4lL Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlFGSGkACgkQcLQA8+7Hw3JJWwCeJiX7/9AGemvCjm1TDpoPJ3/B V0gAn13F4MaWcdJyZG1SrcgRVp545Vdl =OBLL -----END PGP SIGNATURE----- --nextPart1463084.o668b1G4lL-- From ajs@anvilwalrusden.com Sun Mar 17 17:21:59 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D45C21F89E2 for ; Sun, 17 Mar 2013 17:21:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.096 X-Spam-Level: X-Spam-Status: No, score=-0.096 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwUJZD-ZH+SD for ; Sun, 17 Mar 2013 17:21:58 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id B160B21F882F for ; Sun, 17 Mar 2013 17:21:58 -0700 (PDT) Received: from mx1.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 334518A031 for ; Mon, 18 Mar 2013 00:21:57 +0000 (UTC) Date: Sun, 17 Mar 2013 20:21:50 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130318002149.GA51562@mx1.yitter.info> References: <201303171259.07860.envite@rolamasao.org> <20130317201712.GC85736@mx1.yitter.info> <201303172249.13316.envite@rolamasao.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <201303172249.13316.envite@rolamasao.org> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 00:21:59 -0000 On Sun, Mar 17, 2013 at 10:49:06PM +0000, Noel David Torres Taño wrote: > I want to learn how to create a DNS extension, but I think it is more polite > to just read and learn first. What sort of extension do you want to create? A -- Andrew Sullivan ajs@anvilwalrusden.com From envite@rolamasao.org Sun Mar 17 17:41:46 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD1B21F8C05 for ; Sun, 17 Mar 2013 17:41:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.175 X-Spam-Level: * X-Spam-Status: No, score=1.175 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_EQ_STATIC=1.172, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2W3DiB+DEfM for ; Sun, 17 Mar 2013 17:41:45 -0700 (PDT) Received: from rolamasao.org (68.167.216.87.static.jazztel.es [87.216.167.68]) by ietfa.amsl.com (Postfix) with ESMTP id 4F47921F8BF1 for ; Sun, 17 Mar 2013 17:41:45 -0700 (PDT) Received: from tochox.localnet (localhost [IPv6:::1]) by rolamasao.org (Postfix_t) with ESMTPSA id E3DD511EC1 for ; Mon, 18 Mar 2013 00:41:43 +0000 (WET) From: Noel David Torres =?iso-8859-1?q?Ta=F1o?= To: dnsext@ietf.org Date: Mon, 18 Mar 2013 00:41:35 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.0-4-amd64; KDE/4.8.4; x86_64; ; ) References: <201303171259.07860.envite@rolamasao.org> <201303172249.13316.envite@rolamasao.org> <20130318002149.GA51562@mx1.yitter.info> In-Reply-To: <20130318002149.GA51562@mx1.yitter.info> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1707746.izbh5DYAqi"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201303180041.38715.envite@rolamasao.org> Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 00:41:47 -0000 --nextPart1707746.izbh5DYAqi Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Lunes, 18 de marzo de 2013 00:21:50 Andrew Sullivan wrote: > On Sun, Mar 17, 2013 at 10:49:06PM +0000, Noel David Torres Ta=F1o wrote: > > I want to learn how to create a DNS extension, but I think it is more > > polite to just read and learn first. >=20 > What sort of extension do you want to create? >=20 > A Thanks for asking. I really did not expect to explain so soon after joining. I think (of course I may be wrong) that OIDs behave like the DNS tree, wher= e=20 there is a single root, branches may be delegated, and each node and leaf h= as=20 a name. Thus a new CLASS may be created for OID management, with root serve= rs=20 serving only 0 (ITU-T), 1 (ISO) and 2 (joint-iso-itu-t), and with NS glue=20 records like IN class has. This way, for example, 1 can be delegated to ISO= ,=20 1.3.6 can be delegated by ISO to USA DOD, 1.3.6.1 by DOD to IANA, and IANA = can=20 delegate 1.3.6.1.4.1.* to each "private enterprise" that has applied or=20 applies in the future. There may be SOA records like those of IN class, and NS records alike, but= =20 instead of A records there may be NAME records complemented by some kind of= =20 TXT records. Hope this is not a total madness Regards Noel Torres er Envite =2D------------------------ A: Because it breaks the logical flow of discussion. Q: Why is top posting bad? --nextPart1707746.izbh5DYAqi Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlFGYsIACgkQcLQA8+7Hw3IUggCfU1mgi5Onvn6gYjd6SFY6dR/A 99EAn3hrO1l5NWlfSgC2NI6zoNZ4APyt =03v/ -----END PGP SIGNATURE----- --nextPart1707746.izbh5DYAqi-- From ajs@anvilwalrusden.com Sun Mar 17 18:42:51 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D947B21F8C05 for ; Sun, 17 Mar 2013 18:42:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.468 X-Spam-Level: X-Spam-Status: No, score=-0.468 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rumbA49YdRcE for ; Sun, 17 Mar 2013 18:42:51 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id E92D621F8BF4 for ; Sun, 17 Mar 2013 18:42:50 -0700 (PDT) Received: from mx1.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 319FD8A031 for ; Mon, 18 Mar 2013 01:42:49 +0000 (UTC) Date: Sun, 17 Mar 2013 21:42:55 -0400 From: Andrew Sullivan To: dnsext@ietf.org Message-ID: <20130318014255.GD51735@mx1.yitter.info> References: <201303171259.07860.envite@rolamasao.org> <201303172249.13316.envite@rolamasao.org> <20130318002149.GA51562@mx1.yitter.info> <201303180041.38715.envite@rolamasao.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <201303180041.38715.envite@rolamasao.org> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 01:42:52 -0000 On Mon, Mar 18, 2013 at 12:41:35AM +0000, Noel David Torres Taño wrote: > a name. Thus a new CLASS may be created for OID management Historically, efforts to create a new CLASS have failed. But for this case, since the whole point is a completely new use case, maybe it'd work. You might want to look at what the ONS (in the RFID area: http://www.gs1.org/gsmp/kc/epcglobal/ons) did. I'd be a little worried about the space you're working in. Remember that a DNS name can't be longer than 255 octets. Anyway, this doesn't really sound like an extension of the DNS, just a novel application of the existing protocol to a new use case. DNSEXT worked on changes to the wire protocol, and apart from the CLASS there's no real change here. Good luck with the project. A -- Andrew Sullivan ajs@anvilwalrusden.com From d3e3e3@gmail.com Sun Mar 17 19:22:19 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919C021F8C77 for ; Sun, 17 Mar 2013 19:22:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rB42Rnm8jAB for ; Sun, 17 Mar 2013 19:22:18 -0700 (PDT) Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id CF02021F8C6F for ; Sun, 17 Mar 2013 19:22:18 -0700 (PDT) Received: by mail-ob0-f181.google.com with SMTP id ni5so4902780obc.12 for ; Sun, 17 Mar 2013 19:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=7No9KWKPuIbLVIk67DJKQEgsfsjlKhpwS03t/fH/h2M=; b=iH615Op0vuGmsXAK3v9wRws+O2Pvhx0HhDTBeGa6c9thTp5+gLf9mxPBYQOsPPvw6B qLxnFI/axG8aITT47l9zoxt0icdOb13nYx84zZ3tw0w5Y31U/KFhzGL/GuxsxSRpYg3c rsy5VfNk4vp7tqy2dZiEyKCaSmwcHfEOvpQ0c2mAn3JC6xbCrUxyPuEo/dALgRSpMz24 d7UprPXZJxWF+v/OHiQsMVWsv/drU7BZ6RiJqzppyx8RC54CESMMR0WuVMojVoUUemim ogeR6dVjS2qsYL3VW/r2ldUcrCsYPR68qpXkPeRlZ50NqxW1nD+bLyFPOBKvyG+zcKVP X7EA== X-Received: by 10.60.26.72 with SMTP id j8mr6188693oeg.2.1363573338379; Sun, 17 Mar 2013 19:22:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.76.139.200 with HTTP; Sun, 17 Mar 2013 19:21:57 -0700 (PDT) In-Reply-To: <20130318014255.GD51735@mx1.yitter.info> References: <201303171259.07860.envite@rolamasao.org> <201303172249.13316.envite@rolamasao.org> <20130318002149.GA51562@mx1.yitter.info> <201303180041.38715.envite@rolamasao.org> <20130318014255.GD51735@mx1.yitter.info> From: Donald Eastlake Date: Sun, 17 Mar 2013 22:21:57 -0400 Message-ID: To: dnsext@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 02:22:19 -0000 On Sun, Mar 17, 2013 at 9:42 PM, Andrew Sullivan w= rote: > On Mon, Mar 18, 2013 at 12:41:35AM +0000, Noel David Torres Ta=F1o wrote: >> a name. Thus a new CLASS may be created for OID management > > Historically, efforts to create a new CLASS have failed. But for this > case, since the whole point is a completely new use case, maybe it'd > work. It is my opinion that the only thing that would justify a CLASS is a very strong desire/need for different root control/servers. Thanks, Donald =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com > You might want to look at what the ONS (in the RFID area: > http://www.gs1.org/gsmp/kc/epcglobal/ons) did. > > I'd be a little worried about the space you're working in. Remember > that a DNS name can't be longer than 255 octets. > > Anyway, this doesn't really sound like an extension of the DNS, just a > novel application of the existing protocol to a new use case. DNSEXT > worked on changes to the wire protocol, and apart from the CLASS > there's no real change here. > > Good luck with the project. > > A > > -- > Andrew Sullivan > ajs@anvilwalrusden.com > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From scottr.nist@gmail.com Mon Mar 18 06:20:06 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF46A21F8D85 for ; Mon, 18 Mar 2013 06:20:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gz5qNcp+7qOK for ; Mon, 18 Mar 2013 06:20:04 -0700 (PDT) Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id D4F8E21F8D60 for ; Mon, 18 Mar 2013 06:20:03 -0700 (PDT) Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 18 Mar 2013 09:20:00 -0400 Received: from smtp.nist.gov (129.6.16.226) by WSXGHUB1.xchange.nist.gov (129.6.18.96) with Microsoft SMTP Server id 8.3.298.1; Mon, 18 Mar 2013 09:20:02 -0400 Received: from 6-140.antd.nist.gov (6-140.antd.nist.gov [129.6.140.6]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id r2IDK1Jd007814 for ; Mon, 18 Mar 2013 09:20:01 -0400 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 (Apple Message framework v1283) From: Scott Rose In-Reply-To: <20130318014255.GD51735@mx1.yitter.info> Date: Mon, 18 Mar 2013 09:20:01 -0400 Content-Transfer-Encoding: quoted-printable Message-ID: <882E714E-888C-4701-98C1-62E36A18BD9C@gmail.com> References: <201303171259.07860.envite@rolamasao.org> <201303172249.13316.envite@rolamasao.org> <20130318002149.GA51562@mx1.yitter.info> <201303180041.38715.envite@rolamasao.org> <20130318014255.GD51735@mx1.yitter.info> To: X-Mailer: Apple Mail (2.1283) Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 13:20:06 -0000 I remember there was at least one previous attempt at this idea (that I = was semi-involved with as a sounding board). There the decision was to = use the IN class and put the OID tree under the .arpa TLD since it would = fit the definition of architecture. This was before the new gTLD = process was finalized so there was no serious push to have a .oid TLD. There the idea was to use the existing root/TLD infrastructure. Not = sure what happened to the group that tried to do this. =20 Scott On Mar 17, 2013, at 9:42 PM, Andrew Sullivan wrote: > On Mon, Mar 18, 2013 at 12:41:35AM +0000, Noel David Torres Ta=F1o = wrote: >> a name. Thus a new CLASS may be created for OID management >=20 > Historically, efforts to create a new CLASS have failed. But for this > case, since the whole point is a completely new use case, maybe it'd > work. >=20 > You might want to look at what the ONS (in the RFID area: > http://www.gs1.org/gsmp/kc/epcglobal/ons) did. >=20 > I'd be a little worried about the space you're working in. Remember > that a DNS name can't be longer than 255 octets. >=20 > Anyway, this doesn't really sound like an extension of the DNS, just a > novel application of the existing protocol to a new use case. DNSEXT > worked on changes to the wire protocol, and apart from the CLASS > there's no real change here. >=20 > Good luck with the project. >=20 > A >=20 > --=20 > Andrew Sullivan > ajs@anvilwalrusden.com > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Scott Rose NIST scott.rose@nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From bmanning@karoshi.com Mon Mar 18 20:58:10 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8130021F8AB2 for ; Mon, 18 Mar 2013 20:58:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.299 X-Spam-Level: X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJX-KfafOWSD for ; Mon, 18 Mar 2013 20:58:10 -0700 (PDT) Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id E0DFD21F8AA6 for ; Mon, 18 Mar 2013 20:58:09 -0700 (PDT) Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id r2J3w6s4019424; Tue, 19 Mar 2013 03:58:07 GMT Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id r2J3w5IE019423; Tue, 19 Mar 2013 03:58:05 GMT Date: Tue, 19 Mar 2013 03:58:05 +0000 From: bmanning@vacation.karoshi.com To: Noel David Torres =?iso-8859-1?Q?Ta=F1o?= Message-ID: <20130319035805.GA19020@vacation.karoshi.com.> References: <201303171259.07860.envite@rolamasao.org> <201303172249.13316.envite@rolamasao.org> <20130318002149.GA51562@mx1.yitter.info> <201303180041.38715.envite@rolamasao.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <201303180041.38715.envite@rolamasao.org> User-Agent: Mutt/1.4.1i Cc: dnsext@ietf.org Subject: Re: [dnsext] Presentation and question X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 03:58:10 -0000 my my.. Steve Hotz and I did this 20 years ago - when the DNS was much less ossified than it is today. we started w/ new class, ended up anchoring in the int. tree (when we had emptied out arpa of everything but in-addr.... but that is another story). it didn't get much traction then, would be happy to work on it again. /bill On Mon, Mar 18, 2013 at 12:41:35AM +0000, Noel David Torres Taqo wrote: > On Lunes, 18 de marzo de 2013 00:21:50 Andrew Sullivan wrote: > > On Sun, Mar 17, 2013 at 10:49:06PM +0000, Noel David Torres Taqo wrote: > > > I want to learn how to create a DNS extension, but I think it is more > > > polite to just read and learn first. > > > > What sort of extension do you want to create? > > > > A > > Thanks for asking. I really did not expect to explain so soon after joining. > > I think (of course I may be wrong) that OIDs behave like the DNS tree, where > there is a single root, branches may be delegated, and each node and leaf has > a name. Thus a new CLASS may be created for OID management, with root servers > serving only 0 (ITU-T), 1 (ISO) and 2 (joint-iso-itu-t), and with NS glue > records like IN class has. This way, for example, 1 can be delegated to ISO, > 1.3.6 can be delegated by ISO to USA DOD, 1.3.6.1 by DOD to IANA, and IANA can > delegate 1.3.6.1.4.1.* to each "private enterprise" that has applied or > applies in the future. > > There may be SOA records like those of IN class, and NS records alike, but > instead of A records there may be NAME records complemented by some kind of > TXT records. > > Hope this is not a total madness > > Regards > > Noel Torres > er Envite > ------------------------- > A: Because it breaks the logical flow of discussion. > Q: Why is top posting bad? > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From jabley@hopcount.ca Tue Mar 19 07:33:07 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62D9321F8C98 for ; Tue, 19 Mar 2013 07:33:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpvBBVFYwmqo for ; Tue, 19 Mar 2013 07:33:06 -0700 (PDT) Received: from mail-ie0-x229.google.com (mail-ie0-x229.google.com [IPv6:2607:f8b0:4001:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id B04C621F8C06 for ; Tue, 19 Mar 2013 07:33:06 -0700 (PDT) Received: by mail-ie0-f169.google.com with SMTP id 13so659952iea.0 for ; Tue, 19 Mar 2013 07:33:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:from:content-type:content-transfer-encoding:subject:date :references:to:message-id:mime-version:x-mailer; bh=R7l8xq+u4ZcvtNl2U36kYK6ew9tKlCQavmOhUwv2mGg=; b=gbnje1d8s/z7NdEOoAFdO2cN0pmMjpHV1ppO94W+bky2ZmYhzB9rK+xvSrxwRb2KMp wIX9ebUmSWzlgwStI+/nNZc/AO+Q10+p2wUQr5ydlJvCmX/GwJ3pC8Bi+rGleTI5/1ya LfcDnvcXQ6vOy8cdsdvfk9+i/U/KLhYPmXBIw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:content-type:content-transfer-encoding:subject:date :references:to:message-id:mime-version:x-mailer:x-gm-message-state; bh=R7l8xq+u4ZcvtNl2U36kYK6ew9tKlCQavmOhUwv2mGg=; b=gPF0VSot2DniZhYO1b1OJHhrh/9w3Q/s6nMNKc6wth8DmuK3zk4JOTlrHRN5HoRjf0 qmC+HYn4/lsLJR+q1CEnvmiv3EYDP1LRG1efZGhg7HN3CTLfbc8eJHvvL0u7y7xyGEIb eJLZxR4Apf2SA+cni4XxG1LwmyrLDCrRYfo4RrV0rLqwVvyZzLumNBg8k1ctkZyTe/Pv CWtlpN+lp0zrAm7p8BZLGIhVEgUyVMeCJ5QqszrbHKcUlQJltfc3brVE1o53BccSs8mW oc4b+rFUDkEw6Lkj/HwvOnqT9v1z8hF9pd8y3xhhwxQJn/ANuBLNTKDzqsxueReSq3bm UR3Q== X-Received: by 10.50.45.40 with SMTP id j8mr2024834igm.109.1363703586300; Tue, 19 Mar 2013 07:33:06 -0700 (PDT) Received: from [10.23.45.55] (nat.teksavvy.com. [206.248.154.94]) by mx.google.com with ESMTPS id xf4sm609334igb.8.2013.03.19.07.33.04 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Mar 2013 07:33:05 -0700 (PDT) From: Joe Abley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Tue, 19 Mar 2013 10:33:04 -0400 References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> To: "dnsext@ietf.org Group" Message-Id: <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQmxebbmIWTM+O8YWQttwYZqsRf9V20GPr4/5K7Culzkirksssyzct/7LDzmzZt4tYC1EcJ/ Subject: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 14:33:07 -0000 Hi all, During a conversation about an attempt to stuff IP and subscriber MAC = addresses into the DNS (something that is happening operationally in = Canada, related to wholesale cable internet service) I noticed that = there is currently no clean way to represent ethernet MAC addresses. = People are either using TXT records, or encoding MAC addresses into PTR = RDATA, and it's all a bit messy. Assuming that this is not the last time that someone will find a reason = to encode layer-2 addresses in the DNS, I thought it worthwhile to = define a cleaner option. The draft referenced below defines two new RRTypes, EUI48 (for EUI-48 = addresses, which is what prompted this line of thinking) and EUI64 (for = EUI-64 addresses, since it seems silly to accommodate one without the = other). The wire format is pretty trivial (network byte order, simple octet = string), the RRTypes chosen are unremarkable (not sure what else you'd = call an EUI-48 address RRType than EUI48) and the presentation format = should be familiar. The examples given use the ethernet address of the = wireless adapter on my laptop and its EUI-64 mapping, for lack of any = documentation OUI that I could find. The IEEE references are consistent = with the references for EUI-64 in IPv6, e.g. in RFC 4291. The expert = review template for the RRType application is included as an appendix. In the event that this proposal doesn't meet with projectile heartburn, = I would hope that this could be adopted, discussed, refined and = last-called before the demise of dnsext. Alternatively, assuming again = that the expert review raises no concerns and code points are assigned, = it could proceed as an individual-track submission. Comments welcome. Joe Begin forwarded message: > From: > Subject: New Version Notification for = draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt > Date: 18 March 2013 18:08:11 EDT > To: >=20 >=20 > A new version of I-D, draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt > has been successfully submitted by Joe Abley and posted to the > IETF repository. >=20 > Filename: draft-jabley-dnsext-eui48-eui64-rrtypes > Revision: 00 > Title: Resource Records for EUI-48 and EUI-64 = Addresses in the DNS > Creation date: 2013-03-18 > Group: Individual Submission > Number of pages: 15 > URL: = http://www.ietf.org/internet-drafts/draft-jabley-dnsext-eui48-eui64-rrtype= s-00.txt > Status: = http://datatracker.ietf.org/doc/draft-jabley-dnsext-eui48-eui64-rrtypes > Htmlized: = http://tools.ietf.org/html/draft-jabley-dnsext-eui48-eui64-rrtypes-00 >=20 >=20 > Abstract: > EUI-48 and EUI-64 are address formats specified by the IEEE for use > in various layer-2 networks, e.g. ethernet. >=20 > This document defines two new DNS resource record types, EUI48 and > EUI64, for encoding ethernet addresses in the DNS. >=20 >=20 >=20 >=20 > The IETF Secretariat >=20 From jim@rfc1035.com Tue Mar 19 07:42:53 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9230421F8CA0 for ; Tue, 19 Mar 2013 07:42:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Rc81uiazqv5 for ; Tue, 19 Mar 2013 07:42:53 -0700 (PDT) Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) by ietfa.amsl.com (Postfix) with ESMTP id 02AF221F8C9A for ; Tue, 19 Mar 2013 07:42:53 -0700 (PDT) Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) by shaun.rfc1035.com (Postfix) with ESMTP id 4D54DCBC41F; Tue, 19 Mar 2013 14:42:51 +0000 (GMT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: Jim Reid In-Reply-To: <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> Date: Tue, 19 Mar 2013 14:42:51 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <355D7D38-8DDE-4BD3-A883-2B55176FDF2F@rfc1035.com> References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> To: Joe Abley X-Mailer: Apple Mail (2.1503) Cc: "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 14:42:53 -0000 On 19 Mar 2013, at 14:33, Joe Abley wrote: > In the event that this proposal doesn't meet with projectile = heartburn, I would hope that this could be adopted, discussed, refined = and last-called before the demise of dnsext. Alternatively, assuming = again that the expert review raises no concerns and code points are = assigned, it could proceed as an individual-track submission. IMO, just shove this through the RFC5395 process and we're done. Nothing = for the WG to see here, move along... Documenting this with an = Informational or Individual RFC is nice too. From iesg-secretary@ietf.org Wed Mar 20 11:27:16 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09B621F9080; Wed, 20 Mar 2013 11:27:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.321 X-Spam-Level: X-Spam-Status: No, score=-102.321 tagged_above=-999 required=5 tests=[AWL=0.279, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZa6LMxorW5Q; Wed, 20 Mar 2013 11:27:13 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0536B21F8653; Wed, 20 Mar 2013 11:27:13 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.43 Message-ID: <20130320182712.16573.74697.idtracker@ietfa.amsl.com> Date: Wed, 20 Mar 2013 11:27:12 -0700 Cc: dnsext@ietf.org Subject: [dnsext] Last Call: (Signaling Cryptographic Algorithm Understanding in DNSSEC) to Proposed Standard X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ietf@ietf.org List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Mar 2013 18:27:16 -0000 The IESG has received a request from the DNS Extensions WG (dnsext) to consider the following document: - 'Signaling Cryptographic Algorithm Understanding in DNSSEC' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-03. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be generated using different algorithms. This draft sets out to specify a way for validating end-system resolvers to signal to a server which digital signature and hash algorithms they support. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-signal/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-signal/ballot/ No IPR declarations have been submitted directly on this I-D. From iesg-secretary@ietf.org Wed Mar 20 11:27:17 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E5B21F9060 for ; Wed, 20 Mar 2013 11:27:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.321 X-Spam-Level: X-Spam-Status: No, score=-102.321 tagged_above=-999 required=5 tests=[AWL=0.279, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5cBzuTz4QPsH; Wed, 20 Mar 2013 11:27:16 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22BA721F9063; Wed, 20 Mar 2013 11:27:13 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IANA X-Test-IDTracker: no X-IETF-IDTracker: 4.43 X-IETF-Draft-string: draft-ietf-dnsext-dnssec-algo-signal X-IETF-Draft-revision: 09 Message-ID: <20130320182713.16573.5808.idtracker@ietfa.amsl.com> Date: Wed, 20 Mar 2013 11:27:13 -0700 Cc: dnsext@ietf.org Subject: [dnsext] Last Call: (Signaling Cryptographic Algorithm Understanding in DNSSEC) to Proposed Standard X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: noreply@ietf.org List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Mar 2013 18:27:17 -0000 The IESG has received a request from the DNS Extensions WG (dnsext) to consider the following document: - 'Signaling Cryptographic Algorithm Understanding in DNSSEC' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-03. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be generated using different algorithms. This draft sets out to specify a way for validating end-system resolvers to signal to a server which digital signature and hash algorithms they support. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-signal/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-dnsext-dnssec-algo-signal/ballot/ No IPR declarations have been submitted directly on this I-D. From bmanning@karoshi.com Fri Mar 22 09:01:18 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9021821F8E77 for ; Fri, 22 Mar 2013 09:01:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.449 X-Spam-Level: X-Spam-Status: No, score=-6.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLiIfEfBNyzc for ; Fri, 22 Mar 2013 09:01:17 -0700 (PDT) Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id BEFCF21F8D35 for ; Fri, 22 Mar 2013 09:01:01 -0700 (PDT) Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id r2MG0us4010874; Fri, 22 Mar 2013 16:00:57 GMT Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id r2MG0tuC010873; Fri, 22 Mar 2013 16:00:55 GMT Date: Fri, 22 Mar 2013 16:00:55 +0000 From: bmanning@vacation.karoshi.com To: Joe Abley Message-ID: <20130322160055.GC10565@vacation.karoshi.com.> References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> User-Agent: Mutt/1.4.1i Cc: "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 16:01:18 -0000 so to be clear, ITU.hopcount.ca in EUI64 0x0eedc231997faace is valid? where does one anchor the reverse map? /bill On Tue, Mar 19, 2013 at 10:33:04AM -0400, Joe Abley wrote: > Hi all, > > During a conversation about an attempt to stuff IP and subscriber MAC addresses into the DNS (something that is happening operationally in Canada, related to wholesale cable internet service) I noticed that there is currently no clean way to represent ethernet MAC addresses. People are either using TXT records, or encoding MAC addresses into PTR RDATA, and it's all a bit messy. > > Assuming that this is not the last time that someone will find a reason to encode layer-2 addresses in the DNS, I thought it worthwhile to define a cleaner option. > > The draft referenced below defines two new RRTypes, EUI48 (for EUI-48 addresses, which is what prompted this line of thinking) and EUI64 (for EUI-64 addresses, since it seems silly to accommodate one without the other). > > The wire format is pretty trivial (network byte order, simple octet string), the RRTypes chosen are unremarkable (not sure what else you'd call an EUI-48 address RRType than EUI48) and the presentation format should be familiar. The examples given use the ethernet address of the wireless adapter on my laptop and its EUI-64 mapping, for lack of any documentation OUI that I could find. The IEEE references are consistent with the references for EUI-64 in IPv6, e.g. in RFC 4291. The expert review template for the RRType application is included as an appendix. > > In the event that this proposal doesn't meet with projectile heartburn, I would hope that this could be adopted, discussed, refined and last-called before the demise of dnsext. Alternatively, assuming again that the expert review raises no concerns and code points are assigned, it could proceed as an individual-track submission. > > Comments welcome. > > > Joe > > Begin forwarded message: > > > From: > > Subject: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt > > Date: 18 March 2013 18:08:11 EDT > > To: > > > > > > A new version of I-D, draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt > > has been successfully submitted by Joe Abley and posted to the > > IETF repository. > > > > Filename: draft-jabley-dnsext-eui48-eui64-rrtypes > > Revision: 00 > > Title: Resource Records for EUI-48 and EUI-64 Addresses in the DNS > > Creation date: 2013-03-18 > > Group: Individual Submission > > Number of pages: 15 > > URL: http://www.ietf.org/internet-drafts/draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt > > Status: http://datatracker.ietf.org/doc/draft-jabley-dnsext-eui48-eui64-rrtypes > > Htmlized: http://tools.ietf.org/html/draft-jabley-dnsext-eui48-eui64-rrtypes-00 > > > > > > Abstract: > > EUI-48 and EUI-64 are address formats specified by the IEEE for use > > in various layer-2 networks, e.g. ethernet. > > > > This document defines two new DNS resource record types, EUI48 and > > EUI64, for encoding ethernet addresses in the DNS. > > > > > > > > > > The IETF Secretariat > > > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext From paf@frobbit.se Fri Mar 22 09:09:45 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE5521F8959 for ; Fri, 22 Mar 2013 09:09:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.3 X-Spam-Level: X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p1N1JeYmZlhF for ; Fri, 22 Mar 2013 09:09:43 -0700 (PDT) Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) by ietfa.amsl.com (Postfix) with ESMTP id BBDA121F8928 for ; Fri, 22 Mar 2013 09:09:43 -0700 (PDT) Received: from junior.frobbit.se (unknown [192.165.72.12]) by mail.frobbit.se (Postfix) with ESMTPA id 29F5320239; Fri, 22 Mar 2013 17:09:43 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: =?iso-8859-1?Q?Patrik_F=E4ltstr=F6m?= In-Reply-To: <20130322160055.GC10565@vacation.karoshi.com.> Date: Fri, 22 Mar 2013 17:09:43 +0100 Content-Transfer-Encoding: 7bit Message-Id: References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> <20130322160055.GC10565@vacation.karoshi.com.> To: bmanning@vacation.karoshi.com X-Mailer: Apple Mail (2.1503) Cc: "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 16:09:45 -0000 On 22 mar 2013, at 17:00, bmanning@vacation.karoshi.com wrote: > so to be clear, > > > ITU.hopcount.ca in EUI64 0x0eedc231997faace > > is valid? > > where does one anchor the reverse map? http://www.alvestrand.no/objectid/top.html Patrik From jabley@hopcount.ca Fri Mar 22 09:21:32 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FBFD21F8D8D for ; Fri, 22 Mar 2013 09:21:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.999 X-Spam-Level: X-Spam-Status: No, score=-102.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id weXP3T9PczuP for ; Fri, 22 Mar 2013 09:21:32 -0700 (PDT) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by ietfa.amsl.com (Postfix) with ESMTP id D204721F8D79 for ; Fri, 22 Mar 2013 09:21:31 -0700 (PDT) Received: by mail-pb0-f54.google.com with SMTP id jt11so514911pbb.41 for ; Fri, 22 Mar 2013 09:21:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=JrCbe1/wNCTyBpM+VkK4u4mkXe6RoDeIxNplJllQZAo=; b=U/LrFoDve6NYJzY+7Kpl1YDrwOh88uU+AgGkcaqDOOJw/PieaPX+ZGdHkr6jzAkRYi bAzAjimEiKea8ka0e9oXRBSEy+PYgVgQeZ0fImvoWkVode44RRpRl3GCT736lG4QiAlH ROwJF1BmHJ0LRUJGkDXFhSgYIvurlIZul5Hyg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=JrCbe1/wNCTyBpM+VkK4u4mkXe6RoDeIxNplJllQZAo=; b=LjwHlsfcIMooF+bSe1zmiPcW+ugU/MJMDE6B39GNmH8anX5LZVkTQrl6TsaL5JZ9f8 bz88NHyK8wTpcihdn5zeSp327MxEgoGye26XCd97aYoQikKpxJtG6IxTggSETQ3FTM0g qBlc3Z8G3jhF54fQU3QoPUYPhaI4ItHQxtgiGgFPPwHYyPIYNGIqIHF8eYTuwVqHySAu 1BRES53F1EuxeFokXsosleOEpL00Ln5K0FTq+hDYod9aOY+HUFvgfzU3pXyVp+WkNDlj Ax8bXy6u99P3oQxqBAQmAHdPGmdaXqWaAfqTgUKxKfTAB8PtM2bxfF9SpMVVYdu2IZrG q+Ug== X-Received: by 10.68.49.167 with SMTP id v7mr3462200pbn.131.1363969291439; Fri, 22 Mar 2013 09:21:31 -0700 (PDT) Received: from dh23.r1.hopcount.ca (dh23.r1.hopcount.ca. [199.212.90.23]) by mx.google.com with ESMTPS id na4sm2914565pbc.8.2013.03.22.09.21.29 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 22 Mar 2013 09:21:30 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: Joe Abley In-Reply-To: <514c803b.0e7bcd0a.7153.ffff8d57SMTPIN_ADDED_BROKEN@mx.google.com> Date: Fri, 22 Mar 2013 12:21:26 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <33E6EC53-2919-4452-8134-24C42525234F@hopcount.ca> References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> <514c803b.0e7bcd0a.7153.ffff8d57SMTPIN_ADDED_BROKEN@mx.google.com> To: bmanning@vacation.karoshi.com X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQlolIj+9I2trOwK1qwK/3I1NbnojnT3ryVxypSv0AMVfTTz8SODRV/ooDg40ps9kxvtjD6I Cc: "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 16:21:32 -0000 On 2013-03-22, at 12:00, bmanning@vacation.karoshi.com wrote: > so to be clear, >=20 > ITU.hopcount.ca in EUI64 0x0eedc231997faace IEEE, if you're making a reference to the origins of EUI64, but no; the = -00 specifies ITU.hopcount.ca. IN EUI64 0e:ed:c2:31:99:7f:fa:ce There's a -01 which contains some changes, following discussions with = the IETF's IEEE liaisons (and still waiting on some feedback from the = IEEE) which changes the representation to ITU.hopcount.ca. IN EUI64 0e-ed-c2-31-99-7f-fa-ce since it appears (but has not yet been confirmed) that hyphen-separated, = two-digit hex octets is the prescribed, canonical presentation format = for such addresses. > where does one anchor the reverse map? No reverse map is defined. Such work could easily be discussed = separately, although I think it's likely to be complicated by the fact = that OUIs are maintained by an organisation that is quite distant from = IANA (the IEEE). I heard a suggestion the other day that address assignments under the = IANA OUI (00-00-5E, see RFC 5342) could be represented under OUI.ARPA. = That at least avoids the administrative complexities of coordination = between IANA and the IEEE, but it's not obvious that there's an = immediate use-case. Perhaps you have one in mind? This work was inspired by what is essentially a loosely-dynamic = documentation exercise, part of which encodes ethernet addresses in DNS = zones. Lacking a resource record which would allow a clean, = source-validated encoding of EUI-48 addresses, the result was a mismash = of TXT records and contrived labels. This draft is motivated by a desire = to make it easier for people to make better decisions in similar = projects in the future. (I've had some other feedback off-list that suggests EUI48/EUI64-like = RRs would be useful for others, which is comforting. I don't always = treasure the knowledge that I'm the only insane person on the block.) Joe From bmanning@karoshi.com Fri Mar 22 09:22:57 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 542D821F8F07 for ; Fri, 22 Mar 2013 09:22:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.374 X-Spam-Level: X-Spam-Status: No, score=-6.374 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oiklXDmW6lgK for ; Fri, 22 Mar 2013 09:22:52 -0700 (PDT) Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by ietfa.amsl.com (Postfix) with ESMTP id 696FE21F8E5D for ; Fri, 22 Mar 2013 09:22:52 -0700 (PDT) Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id r2MGMfs4011031; Fri, 22 Mar 2013 16:22:41 GMT Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id r2MGMeda011030; Fri, 22 Mar 2013 16:22:41 GMT Date: Fri, 22 Mar 2013 16:22:40 +0000 From: bmanning@vacation.karoshi.com To: Patrik =?iso-8859-1?B?RuRsdHN0cvZt?= Message-ID: <20130322162240.GA10997@vacation.karoshi.com.> References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> <20130322160055.GC10565@vacation.karoshi.com.> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.1i Cc: bmanning@vacation.karoshi.com, "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 16:22:57 -0000 On Fri, Mar 22, 2013 at 05:09:43PM +0100, Patrik Fdltstrvm wrote: > > On 22 mar 2013, at 17:00, bmanning@vacation.karoshi.com wrote: > > > so to be clear, > > > > > > ITU.hopcount.ca in EUI64 0x0eedc231997faace > > > > is valid? > > > > where does one anchor the reverse map? > > http://www.alvestrand.no/objectid/top.html > > Patrik yes yes... e.c.a.a.f.7.9.9.1.3.2.c.d.e.e.0.oid.int. in [XXXX] ITU.hopcound.ca. seems to be missing the reverse semantics. /bill From jabley@hopcount.ca Fri Mar 22 09:24:01 2013 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B77D21F8F0C for ; Fri, 22 Mar 2013 09:24:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.149 X-Spam-Level: X-Spam-Status: No, score=-103.149 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrr3gooKzJkC for ; Fri, 22 Mar 2013 09:23:59 -0700 (PDT) Received: from mail-pb0-f47.google.com (mail-pb0-f47.google.com [209.85.160.47]) by ietfa.amsl.com (Postfix) with ESMTP id C89C321F8F07 for ; Fri, 22 Mar 2013 09:23:59 -0700 (PDT) Received: by mail-pb0-f47.google.com with SMTP id rp2so3170683pbb.6 for ; Fri, 22 Mar 2013 09:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=JGfeqCIjc0GkGnXUoy4TKQ73+J1AxIGZY8qojHzSl+4=; b=dpCUt13ehsooVmNse7aPaS0dRqjtaQaQ1HjRkKfvFCtHLhvCvk11zeU4qRm49iY9lx VqlVT57Sb+TUf9EMxhk156DigIEpa1FLFX6vRTKe3QbPitzvlYbBkwA9cY+IFPrQx7Ch ZcUoynGghUIyJDC9IJfMzWH/4Q+hzGt6Ctq54= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=JGfeqCIjc0GkGnXUoy4TKQ73+J1AxIGZY8qojHzSl+4=; b=Lh/A6CnBcvgUbzemv8/UrU9av4bieGyXamRc4Y5aYL1AsRGOzH4NnJIDJwkg4eYwUt cNNbKxTfTnxLXYZr7Kiy2HqgR/mUuJP+qOPqxrXpIYJ1AFRyXSOQy1ETV/QNglyDxOFi ImI8ZCMcIxdt1zqFR2l4l2Po6FBYOsKw3yRr488XdENf7NhmFqtRbLJ44Id1/PyEhxwn m2OlEcfIR3NZs3JLUJjVE+wZJCOLmIKaLemb2i4bqDmniCOCG75tG2ob9OaJLUm5lORT cWIFcwMeL+rJBJnKbj6nujGAol9JpY2wNBGoyz0DovdMDLyFCmtz6D+xjYk3AthSpusC dBeQ== X-Received: by 10.68.102.165 with SMTP id fp5mr3540776pbb.82.1363969439569; Fri, 22 Mar 2013 09:23:59 -0700 (PDT) Received: from dh23.r1.hopcount.ca (dh23.r1.hopcount.ca. [199.212.90.23]) by mx.google.com with ESMTPS id ti8sm2919869pbc.12.2013.03.22.09.23.57 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 22 Mar 2013 09:23:58 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) From: Joe Abley In-Reply-To: Date: Fri, 22 Mar 2013 12:23:54 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130318220811.10255.36298.idtracker@ietfa.amsl.com> <979F8DB6-F554-4EDB-B7D1-5C64A388C1CD@hopcount.ca> <20130322160055.GC10565@vacation.karoshi.com.> To: =?iso-8859-1?Q?Patrik_F=E4ltstr=F6m?= X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQnpAqeLOAYq0OOOHVSRCma9sUA5WDIjwT3ZpoMeXwTlXd1ve1sq9Xj+TyWjCaWEq0rBtYvf Cc: bmanning@vacation.karoshi.com, "dnsext@ietf.org Group" Subject: Re: [dnsext] Fwd: New Version Notification for draft-jabley-dnsext-eui48-eui64-rrtypes-00.txt X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 16:24:01 -0000 On 2013-03-22, at 12:09, Patrik F=E4ltstr=F6m wrote: > On 22 mar 2013, at 17:00, bmanning@vacation.karoshi.com wrote: >=20 >> where does one anchor the reverse map? >=20 > http://www.alvestrand.no/objectid/top.html Unless I'm reading it wrong, that's a collection of object identifiers, = variously maintained by IANA, ANSI and BSI (for various parts of the = tree). It's not obvious to me how that relates to IEEE OUIs or address = assignments within individual OUIs. What did I miss? Joe=