Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-00.txt
Samuel Weiler <weiler@watson.org> Wed, 01 February 2012 14:42 UTC
Return-Path: <weiler@watson.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3434B11E8393 for <dnsext@ietfa.amsl.com>; Wed, 1 Feb 2012 06:42:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eW-4SnSfB3C8 for <dnsext@ietfa.amsl.com>; Wed, 1 Feb 2012 06:42:46 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id D916E21F8885 for <dnsext@ietf.org>; Wed, 1 Feb 2012 06:42:18 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id q11EgH2R071567; Wed, 1 Feb 2012 09:42:17 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id q11EgG6Z071560; Wed, 1 Feb 2012 09:42:16 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Wed, 01 Feb 2012 09:42:16 -0500
From: Samuel Weiler <weiler@watson.org>
To: Edward Lewis <Ed.Lewis@neustar.biz>
In-Reply-To: <a06240800cb4dd91377e8@[10.31.203.221]>
Message-ID: <alpine.BSF.2.00.1202010936530.31256@fledge.watson.org>
References: <20120130180338.27331.28809.idtracker@ietfa.amsl.com> <a06240801cb4cadc7fcdb@[10.31.203.221]> <F12080F4-D231-46A3-8908-5C2F977CE740@vpnc.org> <a06240800cb4dd91377e8@[10.31.203.221]>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Wed, 01 Feb 2012 09:42:17 -0500 (EST)
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2012 14:42:48 -0000
On Tue, 31 Jan 2012, Edward Lewis wrote: > Not really. We only needed an NSEC3-ized RSA/SHA-1 to deal with backward > compatibility issues at the time. From here out, any "new" DNSSEC > "algorithm" will be defined for NSEC3 and NSEC. > > And - for RSASHA1-NSEC3-SHA1, the -SHA1 is there twice! The trailing -SHA1 refers to the NSEC3 name hashing algorithm. That could be different from the hash algorithm used in signing (and, in the case of RSASHA256 and RSASHA512, they are indeed different). I think there's a plausible arugment that the mnemonics defined in RFC5702 should have been RSASHA256-SHA1 and RSASHA512-SHA1. -- Sam
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Paul Hoffman
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Scott Rose
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Samuel Weiler