Re: [dnsext] [Technical Errata Reported] RFC6944 (4932)

"Rose, Scott" <scott.rose@nist.gov> Mon, 13 February 2017 16:43 UTC

Return-Path: <scott.rose@nist.gov>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955C9129504 for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2017 08:43:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9U7sHOt1x4EP for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2017 08:43:10 -0800 (PST)
Received: from wsget1.nist.gov (wsget1.nist.gov [IPv6:2610:20:6005:13::150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89D4C129441 for <dnsext@ietf.org>; Mon, 13 Feb 2017 08:43:10 -0800 (PST)
Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 13 Feb 2017 11:47:37 -0500
Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.319.2; Mon, 13 Feb 2017 11:43:07 -0500
Received: from [129.6.140.7] (7-140.antd.nist.gov [129.6.140.7]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id v1DGgsuA002086; Mon, 13 Feb 2017 11:42:54 -0500
From: "Rose, Scott" <scott.rose@nist.gov>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Date: Mon, 13 Feb 2017 11:42:54 -0500
Message-ID: <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov>
In-Reply-To: <20170212134703.00224B80258@rfc-editor.org>
References: <20170212134703.00224B80258@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5344)
X-NIST-MailScanner-Information:
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/0v4YrhAAGK238tWnoaUC0EO6MNA>
Cc: dnsext@ietf.org, suresh.krishnan@ericsson.com, charset=UTF-8@rfc-editor.org, ogud@ogud.com
Subject: Re: [dnsext] [Technical Errata Reported] RFC6944 (4932)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 16:43:12 -0000

A reference to RFC 6944 to the whole registry, or the entry for RSA/MD5? 
  There is a ref for the whole table, but not the entry. If this a 
proposed change to the entry, I agree with the change.

Scott



On 12 Feb 2017, at 8:47, RFC Errata System wrote:

> The following errata report has been submitted for RFC6944,
> "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm 
> Implementation Status".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932
>
> --------------------------------------
> Type: Technical
> Reported by: Petr Spacek <petr.spacek@nic.cz>
>
> Section: 3
>
> Original Text
> -------------
>    This document lists the implementation status of cryptographic
>    algorithms used with DNSSEC.  These algorithms are maintained in an
>    IANA registry at 
> http://www.iana.org/assignments/dns-sec-alg-numbers.
>    Because this document establishes the implementation status of 
> every
>    algorithm, it has been listed as a reference for the registry 
> itself.
>
> Corrected Text
> --------------
>    This document lists the implementation status of cryptographic
>    algorithms used with DNSSEC.  These algorithms are maintained in an
>    IANA registry at 
> http://www.iana.org/assignments/dns-sec-alg-numbers.
>    Because this document establishes the implementation status of 
> every
>    algorithm, it has been listed as a reference for the registry 
> itself.
>
>    Given significance of status change of RSAMD5 algorithm, a 
> reference
>    to this RFC should be added to the registry.
>
> Notes
> -----
> "RSAMD5 has an implementation status of Must Not Implement because of 
> known weaknesses in MD5."
>
> This is very important. An additional reference would lower likelihood 
> that DNS Implementors will overlook the important piece of 
> information.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04)
> --------------------------------------
> Title               : Applicability Statement: DNS Security (DNSSEC) 
> DNSKEY Algorithm Implementation Status
> Publication Date    : April 2013
> Author(s)           : S. Rose
> Category            : PROPOSED STANDARD
> Source              : DNS Extensions
> Area                : Internet
> Stream              : IETF
> Verifying Party     : IESG


==================================
Scott Rose, NIST
scottr@nist.gov
ph: +1-301-975-8439
Google Voice: +1-571-249-3671