IETF Logo Mail Archive

[dnsext] Problem with draft-ietf-dnsext-dnssec-bis-updates-19

Ben Laurie <benl@google.com> Mon, 08 October 2012 13:38 UTC

Return-Path: <benl@google.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF25221F84F1 for <dnsext@ietfa.amsl.com>; Mon, 8 Oct 2012 06:38:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzaJT+f7AFwp for <dnsext@ietfa.amsl.com>; Mon, 8 Oct 2012 06:38:27 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2B01021F84EA for <dnsext@ietf.org>; Mon, 8 Oct 2012 06:38:26 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so2475197wgb.13 for <dnsext@ietf.org>; Mon, 08 Oct 2012 06:38:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-system-of-record; bh=SimJFbiQYSsNiJtyTwW6R0EQYh2pRnjqIGfFizGyBAY=; b=iOA5EWduGILBm78GzA3xVdPXqJFNoYh0P/8pVJJM8PsJq8bKiysxe4EFBLZ25du6jx HHEnGU5ToaiXWmHW6BC760zG+CpbDS+m20hbgoxVPNQjmlmnJS2z79Yoous4zX+ah8WK jaT3pbgvScy94rd0jptbkiMNLohT0YXx4TapkNhIMgKQJMtwvVGhvuSN+1ahnQZakio/ wT0EFHxFdgIBEnOrSryhkRvzCLWzdH/wAT9G9daNygSVwURx7HZaD2++6WUANYs9Yi1T 0UTUkzohkuUrCja1FEq2V5yVIqk5+vU6gRLabpUjzRCx79v9QQo5TkAjOY3I/gTbxZwt bnwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-system-of-record:x-gm-message-state; bh=SimJFbiQYSsNiJtyTwW6R0EQYh2pRnjqIGfFizGyBAY=; b=Zy5FIldcZvRT10m1FfY3kvyxURm91zNq47p0wDmq/+OVhgbY59fTbUx7QxoS3sOE5G hZSO0qoKVSrudPdccCfqDqX5vklonIbqQIcpLfrK0tlOyCqP51fUFeFasUf614ED2V1l U9GfGdXysPahKPsPbG1RZcpaMyUU0srwvg3nCwe4rheNVN36Ous+9ySfDphfBdBFM+kO 6ByAHQpf+JBnKJYpSWQsk8QPs8PiPTuyeR/ODHqamH6TFfAHO4iHUJYW+9IUJ84eOfUl q7GJgp3zVPHJVdUuy7FfaMzgPGJbq/SZ40kBvER2n4Us6ObFR7i3DSAMkO9ad+eN3UPW luyQ==
MIME-Version: 1.0
Received: by 10.216.119.6 with SMTP id m6mr9237573weh.215.1349703506070; Mon, 08 Oct 2012 06:38:26 -0700 (PDT)
Received: by 10.216.236.201 with HTTP; Mon, 8 Oct 2012 06:38:25 -0700 (PDT)
Date: Mon, 08 Oct 2012 14:38:25 +0100
Message-ID: <CABrd9STyyyALzF00p_dgB-pr_+9wfApjJA+v=Ru1QGjd8fgxNg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: dnsext@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQncQmF3Zn3rxsA+w46RByhdEMyRQdzZb32NKTmcyK2estdut2BFLA+r+MH/Fb7/7Id07Gil+OZYAuVCQxMImkNU0F3qg+SL0AS4pMQq0AHyzQZAn4mpmQVcyswf8ORibBSAvWHogfWFCe4v+n7aXAd+U+61ZKss6poQ3gq/spGPXSrfCY/eR4EeMwJGFGJE6Dvj+nPi
Subject: [dnsext] Problem with draft-ietf-dnsext-dnssec-bis-updates-19
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2012 13:38:28 -0000

http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-bis-updates-19#section-5.1
says

"When canonicalizing DNS names (for both ordering and signing), DNS
   names in the RDATA section of NSEC resource records are not
   downcased.  DNS names in the RDATA section of RRSIG resource records
   are downcased."

This appears to be true, but it caused us some confusion: DNS names in
NSEC _are_ still downcased for ordering purposes, and need to be or
there's not much point in NSEC.

It'd be nice you have a clarifying comment in 5.1...

BTW, at some point I appear to have fallen off this list, but not sure why...

v2.23.0 | Report a Bug | By Email