IETF Logo Mail Archive

Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Paul Wouters <paul@nohats.ca> Fri, 29 May 2020 15:31 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F08173A0C52 for <dns-privacy@ietfa.amsl.com>; Fri, 29 May 2020 08:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMC8FxTPNw1n for <dns-privacy@ietfa.amsl.com>; Fri, 29 May 2020 08:31:16 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4510A3A0C4E for <dns-privacy@ietf.org>; Fri, 29 May 2020 08:31:16 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 49YT763pjTzDmT for <dns-privacy@ietf.org>; Fri, 29 May 2020 17:31:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1590766274; bh=OWBOmwGs4vewlLHMiO8/68P5MDp2MpDu3BWbu6zT8bw=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=DP22/AOK9hlCzW9YeFSVi/nnx7hgFhjqC/lpOSUsWVcEtAOTDnriPFHP8aNwO72JF IjPAiXO520RLhcjgBHlGejbeYsJ2ijIN4FIIA1hGG/UVuh+bT9Ly4u5k32p1PMf/0q 7EF1QR7FR/e1Q7SyzTs0cvQyEjgrPx+ozPO/4kzI=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id mzlERVK-n2uc for <dns-privacy@ietf.org>; Fri, 29 May 2020 17:31:12 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dns-privacy@ietf.org>; Fri, 29 May 2020 17:31:12 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 4490E6020EE7; Fri, 29 May 2020 11:31:11 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 434CF66B7C; Fri, 29 May 2020 11:31:11 -0400 (EDT)
Date: Fri, 29 May 2020 11:31:11 -0400
From: Paul Wouters <paul@nohats.ca>
To: dns-privacy@ietf.org
cc: dns-privacy@ietf.org
In-Reply-To: <alpine.DEB.2.20.2005291600050.11689@grey.csi.cam.ac.uk>
Message-ID: <alpine.LRH.2.21.2005291128460.31882@bofh.nohats.ca>
References: <158987990316.29446.4343920282978207647@ietfa.amsl.com> <a15e2d1df86820f2483516662d3712d8a60161cd.camel@powerdns.com> <alpine.LRH.2.21.2005191134560.13722@bofh.nohats.ca> <ec6bc9248179a9ab56ea490f82b14c7e90ffe819.camel@powerdns.com> <alpine.LRH.2.21.2005241222410.4172@bofh.nohats.ca> <36E4371F-BCBE-43F7-9D4B-8439B3FF1D2A@isc.org> <aa745f51e4b7fd0955ae9e444416772b32c75dbf.camel@powerdns.com> <alpine.DEB.2.20.2005280037220.18104@grey.csi.cam.ac.uk> <f2584afc08bcbc7b1e2de98c23f51a086205b5ba.camel@powerdns.com> <alpine.DEB.2.20.2005291600050.11689@grey.csi.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/4SF9F-kASQiO8KPNxEFg6sjUiPM>
Subject: Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 15:31:18 -0000


Note for DNSKEY algorithm, we could use 253 or 254:

https://tools.ietf.org/html/rfc4034#appendix-A.1.1

A.1.1.  Private Algorithm Types

    Algorithm number 253 is reserved for private use and will never be
    assigned to a specific algorithm.  The public key area in the DNSKEY
    RR and the signature area in the RRSIG RR begin with a wire encoded
    domain name, which MUST NOT be compressed.  The domain name indicates
    the private algorithm to use, and the remainder of the public key
    area is determined by that algorithm.  Entities should only use
    domain names they control to designate their private algorithms.

    Algorithm number 254 is reserved for private use and will never be
    assigned to a specific algorithm.  The public key area in the DNSKEY
    RR and the signature area in the RRSIG RR begin with an unsigned
    length byte followed by a BER encoded Object Identifier (ISO OID) of
    that length.  The OID indicates the private algorithm in use, and the
    remainder of the area is whatever is required by that algorithm.
    Entities should only use OIDs they control to designate their private
    algorithms.


DNS software might already support ignoring these algorithms without
adding too much noise to the DNSSEC validation process of having
"wrong" DNSKEY's.

Paul

v2.23.0 | Report a Bug | By Email