RE: draft-ietf-dnsext-rfc2539bis-dhk-06.txt
"Eastlake III Donald-LDE008" <Donald.Eastlake@motorola.com> Sun, 26 March 2006 00:12 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNIsG-0001cm-PP for dnsext-archive@lists.ietf.org; Sat, 25 Mar 2006 19:12:52 -0500
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNIsG-0007pL-8n for dnsext-archive@lists.ietf.org; Sat, 25 Mar 2006 19:12:52 -0500
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1FNIq3-0009KB-SY for namedroppers-data@psg.com; Sun, 26 Mar 2006 00:10:35 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.1
Received: from [129.188.136.8] (helo=motgate8.mot.com) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <Donald.Eastlake@motorola.com>) id 1FNIq2-0009Jw-W9 for namedroppers@ops.ietf.org; Sun, 26 Mar 2006 00:10:35 +0000
Received: from il06exr03.mot.com (il06exr03.mot.com [129.188.137.133]) by motgate8.mot.com (8.12.11/Motgate7) with ESMTP id k2Q0QUo8029054 for <namedroppers@ops.ietf.org>; Sat, 25 Mar 2006 17:26:30 -0700 (MST)
Received: from de01exm64.ds.mot.com (de01exm64.am.mot.com [10.176.8.15]) by il06exr03.mot.com (8.13.1/8.13.0) with ESMTP id k2Q0Qg5Q026152 for <namedroppers@ops.ietf.org>; Sat, 25 Mar 2006 18:26:42 -0600 (CST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: draft-ietf-dnsext-rfc2539bis-dhk-06.txt
Date: Sat, 25 Mar 2006 19:10:24 -0500
Message-ID: <3870C46029D1F945B1472F170D2D9790BB221A@de01exm64.ds.mot.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: draft-ietf-dnsext-rfc2539bis-dhk-06.txt
Thread-Index: AcZNN4WaeBjuioP+QR+nSbjGNvLa2wDLtgQg
From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
To: namedroppers@ops.ietf.org
X-Brightmail-Tracker: AAAAAQAAAAQ=
X-White-List-Member: TRUE
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 386e0819b1192672467565a524848168
Hi, See below at @@@ ________________________________ From: owner-namedroppers@ops.ietf.org [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of Mike StJohns Sent: Tuesday, March 21, 2006 5:25 PM To: namedroppers@ops.ietf.org Subject: draft-ietf-dnsext-rfc2539bis-dhk-06.txt As part of the DNSEXT meeting I agreed to review the above document with a view to getting it off of the chair's list. It has passed WGLC, but hasn't had sufficient reviewers for AD comfort. 1) The document is currently expired. @@@ As with the 2536bis draft, an update has been submitted with just the version and date bumped and the boilerplate nits fixed. 2) The document appears to substantially share text with RFC2539 with the exception that the specific reference to how to incorporate DH data with a KEY record has been replaced with " within the RDATA portion of a RR". @@@ In addition, one more abbreviation for a standard Diffie-Hellman group has been included. Also, as per my 12/27/2005 posting to namedroppers, there are yet two more additional standard DH groups defined in RFC 3526 (in connection with IPsec), for which DNS DH key format abbreviations should be defined and, to avoid duplication and possible inconsistency, the details of these standard DH groups should be omitted and RFC 3526 referenced. 3) The document includes text about a "work in progress" that was a work in progress back when 2539 was published. That either needs to be removed or cited. @@@ This is just in the acknowledgements section, since some of the material in this draft was duplicated from another Internet-Draft which was long ago abandoned and has expired. I suppose I could change the acknowledgements to be less informative by removing that reference while leaving in the names of the people being acknowledged. 4) There are several nits and warnings on the existing draft (e.g. old boilerplate) For at least some of the same reasons as I cited in for the DSA draft, I can't support advancement of this draft. E.g. there isn't enough connective tissue between this document and RFC4034 which specifies the various record formats. To be adequate for publication, this document should explicitly cite DNSKEY as the record reference and completely specify the part of the RDATA for the DNSKEY to which this applies. Also, the algorithm information identifier from 2535 should be added to this document. @@@ The format in this document is usable in both DNSKEY and KEY (to support TKEY). It is probably a good idea to list the RR types in which it is used and cite their best RFC definition. I'm also fine with giving the motivations for this revision. But all the bits outside of the DH key format defined in this document are defined in other documents, like RFC 4034. While the same algorithm number is used in DNSKEY and KEY, it is the case that as shown by the IPSECKEY RR, it is quite possible that in the future application specific RRs might be defined which would want to reference this DH data format but use different algorithm numbers or identifiers. So, if the algorithm number is included in this document, it needs to be clear that the "DH" algorithm might be otherwise identified in future defined RRs. Also, the " PublicValue is the binary representation of the DH public value with most significant byte first." statement needs to clearly identify this is a positive integer (ditto for prime) with no leading zero octets or some such. - This is necessary to ensure implementers don't accidentally just plug the number into the "BigInteger" function and end up with negative numbers of some sort. In other words, the binary representative as stated is ambiguous. @@@ OK. This would be a good change to make. Mike @@@ Thanks, @@@ Donald -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- RE: draft-ietf-dnsext-rfc2539bis-dhk-06.txt Eastlake III Donald-LDE008