Re: [dnsext] Capture signature chain?
Tony Finch <dot@dotat.at> Mon, 19 March 2012 16:11 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1773721F8865 for <dnsext@ietfa.amsl.com>; Mon, 19 Mar 2012 09:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.463
X-Spam-Level:
X-Spam-Status: No, score=-6.463 tagged_above=-999 required=5 tests=[AWL=0.136, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcObftq3jTIG for <dnsext@ietfa.amsl.com>; Mon, 19 Mar 2012 09:11:10 -0700 (PDT)
Received: from ppsw-50.csi.cam.ac.uk (ppsw-50.csi.cam.ac.uk [131.111.8.150]) by ietfa.amsl.com (Postfix) with ESMTP id 5B80E21F885B for <dnsext@ietf.org>; Mon, 19 Mar 2012 09:11:10 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:60367) by ppsw-50.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1S9fAq-0002iA-rR (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 19 Mar 2012 16:11:08 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1S9fAq-000816-Hb (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 19 Mar 2012 16:11:08 +0000
Date: Mon, 19 Mar 2012 16:11:08 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
In-Reply-To: <B2EC7390-13B1-4EFE-BABB-5228004418A4@icsi.berkeley.edu>
Message-ID: <alpine.LSU.2.00.1203191609170.3931@hermes-2.csi.cam.ac.uk>
References: <B2EC7390-13B1-4EFE-BABB-5228004418A4@icsi.berkeley.edu>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: dnsext List <dnsext@ietf.org>
Subject: Re: [dnsext] Capture signature chain?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 16:11:16 -0000
Nicholas Weaver <nweaver@icsi.berkeley.edu> wrote: > Is there currently a standard wire/storage format for capturing the > entire DNSSEC signature chain required for validation in a single > transaction? No. I would recommend just listing all the relevant RRsets in DNS wire format. There is also http://tools.ietf.org/html/draft-agl-dane-serializechain-01 which tries to omit unnecessary data. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Northwest FitzRoy, Sole: Mainly southwesterly 4 or 5, increasing 6 at times in west. Moderate or rough. Fair. Good.
- [dnsext] Capture signature chain? Nicholas Weaver
- Re: [dnsext] Capture signature chain? Tony Finch
- Re: [dnsext] Capture signature chain? Donald Eastlake
- Re: [dnsext] Capture signature chain? =JeffH