From nobody Mon Feb 13 08:43:13 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955C9129504 for ; Mon, 13 Feb 2017 08:43:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9U7sHOt1x4EP for ; Mon, 13 Feb 2017 08:43:10 -0800 (PST) Received: from wsget1.nist.gov (wsget1.nist.gov [IPv6:2610:20:6005:13::150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89D4C129441 for ; Mon, 13 Feb 2017 08:43:10 -0800 (PST) Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 13 Feb 2017 11:47:37 -0500 Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.319.2; Mon, 13 Feb 2017 11:43:07 -0500 Received: from [129.6.140.7] (7-140.antd.nist.gov [129.6.140.7]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id v1DGgsuA002086; Mon, 13 Feb 2017 11:42:54 -0500 From: "Rose, Scott" To: RFC Errata System Date: Mon, 13 Feb 2017 11:42:54 -0500 Message-ID: <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov> In-Reply-To: <20170212134703.00224B80258@rfc-editor.org> References: <20170212134703.00224B80258@rfc-editor.org> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Mailer: MailMate (1.9.6r5344) X-NIST-MailScanner-Information: Archived-At: Cc: dnsext@ietf.org, suresh.krishnan@ericsson.com, charset=UTF-8@rfc-editor.org, ogud@ogud.com Subject: Re: [dnsext] [Technical Errata Reported] RFC6944 (4932) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 16:43:12 -0000 A reference to RFC 6944 to the whole registry, or the entry for RSA/MD5? There is a ref for the whole table, but not the entry. If this a proposed change to the entry, I agree with the change. Scott On 12 Feb 2017, at 8:47, RFC Errata System wrote: > The following errata report has been submitted for RFC6944, > "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm > Implementation Status". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932 > > -------------------------------------- > Type: Technical > Reported by: Petr Spacek > > Section: 3 > > Original Text > ------------- > This document lists the implementation status of cryptographic > algorithms used with DNSSEC. These algorithms are maintained in an > IANA registry at > http://www.iana.org/assignments/dns-sec-alg-numbers. > Because this document establishes the implementation status of > every > algorithm, it has been listed as a reference for the registry > itself. > > Corrected Text > -------------- > This document lists the implementation status of cryptographic > algorithms used with DNSSEC. These algorithms are maintained in an > IANA registry at > http://www.iana.org/assignments/dns-sec-alg-numbers. > Because this document establishes the implementation status of > every > algorithm, it has been listed as a reference for the registry > itself. > > Given significance of status change of RSAMD5 algorithm, a > reference > to this RFC should be added to the registry. > > Notes > ----- > "RSAMD5 has an implementation status of Must Not Implement because of > known weaknesses in MD5." > > This is very important. An additional reference would lower likelihood > that DNS Implementors will overlook the important piece of > information. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) > -------------------------------------- > Title : Applicability Statement: DNS Security (DNSSEC) > DNSKEY Algorithm Implementation Status > Publication Date : April 2013 > Author(s) : S. Rose > Category : PROPOSED STANDARD > Source : DNS Extensions > Area : Internet > Stream : IETF > Verifying Party : IESG ================================== Scott Rose, NIST scottr@nist.gov ph: +1-301-975-8439 Google Voice: +1-571-249-3671 From nobody Mon Feb 13 13:14:03 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 804421298CF for ; Mon, 13 Feb 2017 13:14:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id veB_Lo9KjhXB for ; Mon, 13 Feb 2017 13:14:00 -0800 (PST) Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7871298C8 for ; Mon, 13 Feb 2017 13:13:59 -0800 (PST) Received: from [192.168.3.170] (unknown [95.82.146.6]) by mail.nic.cz (Postfix) with ESMTPSA id 13CD8600D2; Mon, 13 Feb 2017 22:13:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1487020438; bh=ILxb9X1lxYTa5yo2qMOy0E8WCGkXY/KucrY91gQ1FRc=; h=To:From:Date; b=wwtTJ3MA+yF9ou8XDmcC2H+FYwy9YbNeErRaE3uJvEB+p+JvX+Vsa8gymnSNxbdHG 1SYbStw69a1HdEl4TETogsJSlAcXsY3MNFruuf1XddyH5tiBisW24NHUPyxJ4tRO2x TF0eL0DOyFzmUlbV+Dd/aDof37CEzlIjGIsQJpDg= To: "Rose, Scott" , RFC Errata System References: <20170212134703.00224B80258@rfc-editor.org> <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov> From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= Organization: CZ.NIC Message-ID: <6c10c482-d7c5-d0b0-c11f-e2ac4da53065@nic.cz> Date: Mon, 13 Feb 2017 22:13:57 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean Archived-At: Cc: dnsext@ietf.org, suresh.krishnan@ericsson.com, charset=UTF-8@rfc-editor.org, ogud@ogud.com Subject: Re: [dnsext] [Technical Errata Reported] RFC6944 (4932) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 21:14:02 -0000 The reference right in the entry would be helpful. I'm sorry for not being clear. Petr Špaček @ CZ.NIC On 02/13/2017 05:42 PM, Rose, Scott wrote: > A reference to RFC 6944 to the whole registry, or the entry for RSA/MD5? > There is a ref for the whole table, but not the entry. If this a > proposed change to the entry, I agree with the change. > > Scott > > > > On 12 Feb 2017, at 8:47, RFC Errata System wrote: > >> The following errata report has been submitted for RFC6944, >> "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm >> Implementation Status". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932 >> >> -------------------------------------- >> Type: Technical >> Reported by: Petr Spacek >> >> Section: 3 >> >> Original Text >> ------------- >> This document lists the implementation status of cryptographic >> algorithms used with DNSSEC. These algorithms are maintained in an >> IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. >> Because this document establishes the implementation status of every >> algorithm, it has been listed as a reference for the registry itself. >> >> Corrected Text >> -------------- >> This document lists the implementation status of cryptographic >> algorithms used with DNSSEC. These algorithms are maintained in an >> IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. >> Because this document establishes the implementation status of every >> algorithm, it has been listed as a reference for the registry itself. >> >> Given significance of status change of RSAMD5 algorithm, a reference >> to this RFC should be added to the registry. >> >> Notes >> ----- >> "RSAMD5 has an implementation status of Must Not Implement because of >> known weaknesses in MD5." >> >> This is very important. An additional reference would lower likelihood >> that DNS Implementors will overlook the important piece of information. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) >> -------------------------------------- >> Title : Applicability Statement: DNS Security (DNSSEC) >> DNSKEY Algorithm Implementation Status >> Publication Date : April 2013 >> Author(s) : S. Rose >> Category : PROPOSED STANDARD >> Source : DNS Extensions >> Area : Internet >> Stream : IETF >> Verifying Party : IESG > > > ================================== > Scott Rose, NIST > scottr@nist.gov > ph: +1-301-975-8439 > Google Voice: +1-571-249-3671 From nobody Mon Feb 20 10:14:06 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C652E1294F7 for ; Mon, 6 Feb 2017 17:58:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQkDbdqJ2kAN for ; Mon, 6 Feb 2017 17:58:36 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72598129416 for ; Mon, 6 Feb 2017 17:58:36 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 595D7B8003E; Mon, 6 Feb 2017 17:58:36 -0800 (PST) To: weiler@tislabs.com, davidb@verisign.com, suresh.krishnan@ericsson.com, terry.manderson@icann.org, ogud@ogud.com, ajs@anvilwalrusden.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170207015836.595D7B8003E@rfc-editor.org> Date: Mon, 6 Feb 2017 17:58:36 -0800 (PST) Archived-At: X-Mailman-Approved-At: Mon, 20 Feb 2017 10:14:04 -0800 Cc: text/plain@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, dnsext@ietf.org, charset=UTF-8@rfc-editor.org Subject: [dnsext] [Technical Errata Reported] RFC6840 (4924) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2017 01:58:38 -0000 The following errata report has been submitted for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4924 -------------------------------------- Type: Technical Reported by: Mark Andrews Section: IANA Conside Original Text ------------- This document specifies no IANA Actions. Corrected Text -------------- Add this document as an additional reference for AD in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new behaviour for AD in requests. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Mon Feb 20 10:14:10 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88F501295EA for ; Wed, 8 Feb 2017 03:29:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.203 X-Spam-Level: X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTA8vRIu8hXB for ; Wed, 8 Feb 2017 03:29:03 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67499129406 for ; Wed, 8 Feb 2017 03:29:03 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 4A308B81D1B; Wed, 8 Feb 2017 03:29:03 -0800 (PST) To: weiler@tislabs.com, davidb@verisign.com, suresh.krishnan@ericsson.com, terry.manderson@icann.org, ogud@ogud.com, ajs@anvilwalrusden.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170208112903.4A308B81D1B@rfc-editor.org> Date: Wed, 8 Feb 2017 03:29:03 -0800 (PST) Archived-At: X-Mailman-Approved-At: Mon, 20 Feb 2017 10:14:04 -0800 Cc: text/plain@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, dnsext@ietf.org, charset=UTF-8@rfc-editor.org Subject: [dnsext] [Technical Errata Reported] RFC6840 (4927) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2017 11:29:04 -0000 The following errata report has been submitted for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4927 -------------------------------------- Type: Technical Reported by: Petr Spacek Section: IANA Conside Original Text ------------- (This document specifies no IANA Actions.) Corrected Text -------------- (Add following text:) This document adds an additional reference for CD bit in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new requirements for validating resolvers. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Mon Feb 20 10:14:13 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B6031294F8 for ; Wed, 8 Feb 2017 03:31:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.203 X-Spam-Level: X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id su-ohr_9hSBM for ; Wed, 8 Feb 2017 03:31:41 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B64B129406 for ; Wed, 8 Feb 2017 03:31:41 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 00E85B81D27; Wed, 8 Feb 2017 03:31:40 -0800 (PST) To: weiler@tislabs.com, davidb@verisign.com, suresh.krishnan@ericsson.com, terry.manderson@icann.org, ogud@ogud.com, ajs@anvilwalrusden.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170208113141.00E85B81D27@rfc-editor.org> Date: Wed, 8 Feb 2017 03:31:40 -0800 (PST) Archived-At: X-Mailman-Approved-At: Mon, 20 Feb 2017 10:14:04 -0800 Cc: text/plain@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, dnsext@ietf.org, charset=UTF-8@rfc-editor.org Subject: [dnsext] [Technical Errata Reported] RFC6840 (4928) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2017 11:31:42 -0000 The following errata report has been submitted for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4928 -------------------------------------- Type: Technical Reported by: Petr Spacek Section: IANA Conside Original Text ------------- (This document specifies no IANA Actions.) Corrected Text -------------- (Add following text:) This document adds an additional reference for DO bit in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new behaviour for DO bit in replies. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Mon Feb 20 10:14:17 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 325B7129618 for ; Sun, 12 Feb 2017 05:47:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.203 X-Spam-Level: X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5kUKOZm2Yygq for ; Sun, 12 Feb 2017 05:47:03 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22A0F1295F4 for ; Sun, 12 Feb 2017 05:47:03 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 00224B80258; Sun, 12 Feb 2017 05:47:02 -0800 (PST) To: scottr.nist@gmail.com, suresh.krishnan@ericsson.com, terry.manderson@icann.org, ogud@ogud.com, ajs@anvilwalrusden.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170212134703.00224B80258@rfc-editor.org> Date: Sun, 12 Feb 2017 05:47:02 -0800 (PST) Archived-At: X-Mailman-Approved-At: Mon, 20 Feb 2017 10:14:04 -0800 Cc: text/plain@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, dnsext@ietf.org, charset=UTF-8@rfc-editor.org Subject: [dnsext] [Technical Errata Reported] RFC6944 (4932) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Feb 2017 13:47:04 -0000 The following errata report has been submitted for RFC6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932 -------------------------------------- Type: Technical Reported by: Petr Spacek Section: 3 Original Text ------------- This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself. Corrected Text -------------- This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself. Given significance of status change of RSAMD5 algorithm, a reference to this RFC should be added to the registry. Notes ----- "RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5." This is very important. An additional reference would lower likelihood that DNS Implementors will overlook the important piece of information. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) -------------------------------------- Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status Publication Date : April 2013 Author(s) : S. Rose Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Tue Feb 28 17:37:52 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90114129408; Tue, 28 Feb 2017 17:37:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jNbDrYDRj4A; Tue, 28 Feb 2017 17:37:44 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4262112711D; Tue, 28 Feb 2017 17:37:44 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 31696B8215A; Tue, 28 Feb 2017 17:37:44 -0800 (PST) To: marka@isc.org, weiler@tislabs.com, davidb@verisign.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170301013744.31696B8215A@rfc-editor.org> Date: Tue, 28 Feb 2017 17:37:44 -0800 (PST) Archived-At: Cc: text/plain@rfc-editor.org, dnsext@ietf.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org Subject: [dnsext] [Errata Verified] RFC6840 (4924) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:37:45 -0000 The following errata report has been verified for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4924 -------------------------------------- Status: Verified Type: Technical Reported by: Mark Andrews Date Reported: 2017-02-07 Verified by: Terry Manderson (IESG) Section: IANA Conside Original Text ------------- This document specifies no IANA Actions. Corrected Text -------------- Add this document as an additional reference for AD in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new behaviour for AD in requests. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Tue Feb 28 17:38:56 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B19F2129407; Tue, 28 Feb 2017 17:38:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CHtxp0gqAzXX; Tue, 28 Feb 2017 17:38:49 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68AE71293DA; Tue, 28 Feb 2017 17:38:49 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 61598B82161; Tue, 28 Feb 2017 17:38:49 -0800 (PST) To: petr.spacek@nic.cz, weiler@tislabs.com, davidb@verisign.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170301013849.61598B82161@rfc-editor.org> Date: Tue, 28 Feb 2017 17:38:49 -0800 (PST) Archived-At: Cc: text/plain@rfc-editor.org, dnsext@ietf.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org Subject: [dnsext] [Errata Verified] RFC6840 (4927) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:38:51 -0000 The following errata report has been verified for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4927 -------------------------------------- Status: Verified Type: Technical Reported by: Petr Spacek Date Reported: 2017-02-08 Verified by: Terry Manderson (IESG) Section: IANA Conside Original Text ------------- (This document specifies no IANA Actions.) Corrected Text -------------- (Add following text:) This document adds an additional reference for CD bit in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new requirements for validating resolvers. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Tue Feb 28 17:39:25 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68D4C129407; Tue, 28 Feb 2017 17:39:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6oTZnuuQRMn; Tue, 28 Feb 2017 17:39:18 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3482D1293DA; Tue, 28 Feb 2017 17:39:18 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id 19AC2B81B96; Tue, 28 Feb 2017 17:39:18 -0800 (PST) To: petr.spacek@nic.cz, weiler@tislabs.com, davidb@verisign.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170301013918.19AC2B81B96@rfc-editor.org> Date: Tue, 28 Feb 2017 17:39:18 -0800 (PST) Archived-At: Cc: text/plain@rfc-editor.org, dnsext@ietf.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org Subject: [dnsext] [Errata Verified] RFC6840 (4928) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:39:19 -0000 The following errata report has been verified for RFC6840, "Clarifications and Implementation Notes for DNS Security (DNSSEC)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4928 -------------------------------------- Status: Verified Type: Technical Reported by: Petr Spacek Date Reported: 2017-02-08 Verified by: Terry Manderson (IESG) Section: IANA Conside Original Text ------------- (This document specifies no IANA Actions.) Corrected Text -------------- (Add following text:) This document adds an additional reference for DO bit in the DNS Parameters - DNS Header Flags registry. Notes ----- RFC6840 introduces new behaviour for DO bit in replies. This should be reflected in the DNS Header Flags registry otherwise it is likely DNS Implementors will overlook the new behaviour. -------------------------------------- RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20) -------------------------------------- Title : Clarifications and Implementation Notes for DNS Security (DNSSEC) Publication Date : February 2013 Author(s) : S. Weiler, Ed., D. Blacka, Ed. Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG From nobody Tue Feb 28 17:40:40 2017 Return-Path: X-Original-To: dnsext@ietfa.amsl.com Delivered-To: dnsext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC7F9129677; Tue, 28 Feb 2017 17:40:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_wN0U5fIGjO; Tue, 28 Feb 2017 17:40:34 -0800 (PST) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F22C21293DA; Tue, 28 Feb 2017 17:40:33 -0800 (PST) Received: by rfc-editor.org (Postfix, from userid 30) id E8FDAB82167; Tue, 28 Feb 2017 17:40:33 -0800 (PST) To: petr.spacek@nic.cz, scottr.nist@gmail.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Message-Id: <20170301014033.E8FDAB82167@rfc-editor.org> Date: Tue, 28 Feb 2017 17:40:33 -0800 (PST) Archived-At: Cc: text/plain@rfc-editor.org, dnsext@ietf.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org Subject: [dnsext] [Errata Verified] RFC6944 (4932) X-BeenThere: dnsext@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: DNS Extensions working group discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:40:38 -0000 The following errata report has been verified for RFC6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932 -------------------------------------- Status: Verified Type: Technical Reported by: Petr Spacek Date Reported: 2017-02-12 Verified by: Terry Manderson (IESG) Section: 3 Original Text ------------- This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself. Corrected Text -------------- This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself. Given significance of status change of RSAMD5 algorithm, a reference to this RFC should be added to the registry. Notes ----- "RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5." This is very important. An additional reference would lower likelihood that DNS Implementors will overlook the important piece of information. -------------------------------------- RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04) -------------------------------------- Title : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status Publication Date : April 2013 Author(s) : S. Rose Category : PROPOSED STANDARD Source : DNS Extensions Area : Internet Stream : IETF Verifying Party : IESG