IETF Logo Mail Archive

[dnsext] Re: [Technical Errata Reported] RFC4035 (8037)

"Rose, Scott W. (Fed)" <scott.rose@nist.gov> Thu, 18 July 2024 17:03 UTC

Return-Path: <scott.rose@nist.gov>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E42DC180B42 for <dnsext@ietfa.amsl.com>; Thu, 18 Jul 2024 10:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.453, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lAMmFqh7fgen for <dnsext@ietfa.amsl.com>; Thu, 18 Jul 2024 10:03:55 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2069.outbound.protection.outlook.com [40.107.89.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87E63C137370 for <dnsext@ietf.org>; Thu, 18 Jul 2024 10:03:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tHG84DbCyYtqo7pImhRrcN/eNCXyn19hVRvOOkHU8vZXTc97H/b0DuHR61Bde8p2FYDIHvlAV6+l6/KulhJOXLHWLiOErghR9o7epQfUqm8A4vu8+aryNHHGupyyNgS+uXzs81ZtoSmS2J/0Z50h9SUhdapz0GZQJqE9py+vKgzrF2Ax0bxVLWchcKgjodIeGiIPOvyIRImKBFD0jQ64I8YQAinRBbVmPCbqi1dTA3TVZssSPVtofP9S6atqrQ9XvGLtDJ2S8boyQEV7agt7jU89aJF+w/7jUUsJPl01o/XfvgY5Aa8U3SgIxiewd3YgTj0gdwpRu3ui8t+yBwGsGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yhztczEzbFkewycGizTpB7J/vXHI5QGAcDqbfliaA9Y=; b=em24rOiKS382+FV3YhxQFLNVRbEKGqzRehxnpi462zaaIXzkhwKDWscNtogccj49VDxQx4PQZKcF68s8hIe6uqSRgN/U1STCr4eKZpCawYM3BoONLcoR+JXpZGxu0yQ4fsrvPOtZ1ZSb678zIRvhmFJAzQr8Ma1CObYg9IqUTJYYEedx9mKvedinGhE8w32wyi68qDfCIFE1IbnjPoJGDnl9xwU5lPvmhJFpO3sjPgl4/pyP8/y0VUTBZQVQt2hhVorrXQ5V7QP11ri+U+etOBEyEhypcQtCkjuTrbkkZMLj1YwIY2DRu4Figy91PUSAqLTtGD2PpWOaLCx+MhKDDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 129.6.18.29) smtp.rcpttodomain=ietf.org smtp.mailfrom=nist.gov; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nist.gov; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yhztczEzbFkewycGizTpB7J/vXHI5QGAcDqbfliaA9Y=; b=BQpfmxcu4UCfcrb+HtUdagLZRU789iVexTj+COsSZaXELLbFVH+hfrU3dIQx4vcOt7ezGObJkFbBjH7yMi3RQaoPTZTV+djR8cGhaQPksxTmb3CvXTJUA2MoV1s7D3py++UAzHnqT7hatvOtlzbB8OZ+By62KQ77dC7TukMa54IQKoSTpY9AL4Ow04HeW6Qo0x/U5f1UzSC7NX0cHVDZ4jesqNZQGdynGkbSXflxxttE/AkRI5Vi40Y3PP9tdzJtIyL8W2oEumqwuGyO7iJxvx2Q43gbcX+wMMedbIlLSjvoTn55nhcNtaMETOzfLVzAaAltCjQqgPT2BOk237N0Fg==
Received: from CY5PR09CA0006.namprd09.prod.outlook.com (2603:10b6:930:1::31) by BLAPR09MB7282.namprd09.prod.outlook.com (2603:10b6:208:28b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.18; Thu, 18 Jul 2024 17:03:52 +0000
Received: from DS4PEPF00000172.namprd09.prod.outlook.com (2603:10b6:930:1:cafe::72) by CY5PR09CA0006.outlook.office365.com (2603:10b6:930:1::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20 via Frontend Transport; Thu, 18 Jul 2024 17:03:51 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 129.6.18.29) smtp.mailfrom=nist.gov; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nist.gov;
Received-SPF: Pass (protection.outlook.com: domain of nist.gov designates 129.6.18.29 as permitted sender) receiver=protection.outlook.com; client-ip=129.6.18.29; helo=smtp1.nist.gov; pr=C
Received: from smtp1.nist.gov (129.6.18.29) by DS4PEPF00000172.mail.protection.outlook.com (10.167.18.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.11 via Frontend Transport; Thu, 18 Jul 2024 17:03:51 +0000
Received: from [129.6.223.109] ([129.6.223.109]) by smtp1.nist.gov with Microsoft SMTPSVC(10.0.14393.4169); Thu, 18 Jul 2024 13:03:50 -0400
From: "Rose, Scott W. (Fed)" <scott.rose@nist.gov>
To: Rob Austein <sra@hactrn.net>
Date: Thu, 18 Jul 2024 13:03:50 -0400
X-Mailer: MailMate (1.14r5937)
Message-ID: <51FBDFB8-263C-41D8-9BDF-BD67A26DF998@nist.gov>
In-Reply-To: <A1D2718C-186F-4D80-A148-C4A9973F78B6@hactrn.net>
References: <20240718154431.808BD7FA60@rfcpa.rfc-editor.org> <A1D2718C-186F-4D80-A148-C4A9973F78B6@hactrn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 18 Jul 2024 17:03:50.0845 (UTC) FILETIME=[76610ED0:01DAD934]
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS4PEPF00000172:EE_|BLAPR09MB7282:EE_
X-MS-Office365-Filtering-Correlation-Id: 46402931-6034-4aaa-ee45-08dca74b9978
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013;
X-Microsoft-Antispam-Message-Info: D8ReqXSkbAPkR6DhxxM3lfw1irYHMXbjvAJfcuD0zZnYO+xP2aCmJ7dzwu8nz93wQhbSew/ICSHoG0f2zjRHfy57n5mE2SEWlJExdIMu1OXvZi8r0SNSaHA3oYmuf8tNxIuDd5LSCVJTuURN150E9RA0RN/5c+rToj2AUDyDq5eH3Y2Fyri7lHyolguKJ8zuefXPFxPT4focVZl6TY2RWy/b2dYUXSuo5CLmcKCIhEalXdlSyOm/PQZdSLK2fk59eOeCc0il12Q67BnQ+gVXkSHL6eQOp62UP+A12iSW91gacJOi4qKYWWusK2ZPFRAAdJQ8S9rwUs9wpOcv6u/8JwncItgePL9E5sZbczLGfOJEddO+5zC5VxsPAbHF0UbSyhXR+3I8NtIbi9pBuuzxCOMUbQ0x+7xL77gFBLPIzRneljSCJRB9yyP/aKj4pFoifr6r7OCObqCu6SZmMglzQaxCAqV6yr+LtSocWYI3a0SAlgS4MoeShv0YFw06mjEUb3dYfNOWHP0El3KeWFH3qktjJ3W0P2YrwX+E0ExliZfqRTKni+Bs7l6zUj3HcgJKYmQmO9IOpmScmc19Yoog/hmeHyLHscii46prpL9cKC8KByI2dwx1R6hZ0+3cRcBI1EiATI4X0cxXK+acv+cFtZWH6JV7WVaMkRM9Z4AKmfarWc1JFP39Mm4RXy5+SKLnUm0he/WBoVTxkUn2+GGZ6NRqgEhJ12SRMTbrDkAxouZP7rlWnBZdTKzSEwV/6NWzjxU2qy0ZbwqtES3/6F0mahwiC2UC4o7lEA9HNerzTNSHHqWc1WUFG/poN8IhPPT8Sd9YB5Nht3JXUBa6EZmhLIwi0oNRt8obpXUOFRyldZs0n/3Rp9emL0pu3P+boJ7EdkRYK+XAdoe6ldLKDkCS0Lzib6eFTr+rbt8Y0qUU8SjxtNxafJ3f2PIjidCisQFBp72R6CHTW5phMlccVx+VqYnBYrsQ+S/1lfbcFWZK3q+HnH/N5oSDwHnxYgo5FrzfALG2RoSe50Rt51rvISv1PC9VzHn8d7GElcPNH9lDA1aeu+Chz/H/SLgGzFW4oM1a3Q1cKDOWKQ1/68i93+DRrUGiH+vUOu1D9dw5NEUW/oBiGeof4WJ2aEbhDYvaRHcuWmEcxrUbsPDm5DxZlHPgRwKLiC4ht1eUGWZkW2KXi3ZoGTMZT8vWRVr/H0e49nRTKTzP+9xr+dMbt1liW2hT+q3cEntH445sMUr4NRQVWtcLWtgxXZpXJIb2pXjalW0O77ND8NgIA+nuuVmDWGuOQZFq1Ve+kfyzKjVk6I5jwHnM+wqBbPXhksRyRFyDz6XkqnPIICXGEz+cLGZoFDFuRfV/whBCU8IVNl9w07ZgF/led2OIDVqYQtkwyD4uijCsh5CZ5kkNKZbiY7FIASHseydsJE/P8f96L2jPBPagMG0=
X-Forefront-Antispam-Report: CIP:129.6.18.29;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:smtp1.nist.gov;PTR:smtp1.nist.gov;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jul 2024 17:03:51.8211 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 46402931-6034-4aaa-ee45-08dca74b9978
X-MS-Exchange-CrossTenant-Id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2ab5d82f-d8fa-4797-a93e-054655c61dec;Ip=[129.6.18.29];Helo=[smtp1.nist.gov]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-DS4PEPF00000172.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR09MB7282
X-MailFrom: scott.rose@nist.gov
X-Mailman-Rule-Hits: max-recipients
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-size; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: S2RZRWUBE3TWUXSPXWIDM3GILNW4F5FR
X-Message-ID-Hash: S2RZRWUBE3TWUXSPXWIDM3GILNW4F5FR
X-Mailman-Approved-At: Thu, 18 Jul 2024 12:11:41 -0700
CC: RFC Errata System <rfc-editor@rfc-editor.org>, roy.arends@telin.nl, sra@isc.org, mlarson@verisign.com, massey@cs.colostate.edu, ek.ietf@gmail.com, evyncke@cisco.com, ogud@ogud.com, elias.heftrig@sit.fraunhofer.de, dnsext@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [dnsext] Re: [Technical Errata Reported] RFC4035 (8037)
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/TPf7RnsZQxhqFgYyjfO5gAdrTDw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Owner: <mailto:dnsext-owner@ietf.org>
List-Post: <mailto:dnsext@ietf.org>
List-Subscribe: <mailto:dnsext-join@ietf.org>
List-Unsubscribe: <mailto:dnsext-leave@ietf.org>

So would the process here be to have an update to RFC 4045?  It sounds like it.  Plus that gives space to provide more guidance to implementors that just “SHOULD”.  For instance - is there an upper bound on the number of keys tried?

I know that sounds like a lot of overhead for changing what is one keyword at first, but I think this might deserve more than just changing a MUST to a SHOULD.

Scott

On 18 Jul 2024, at 12:39, Rob Austein wrote:

> This is interesting, but I don't think it's an erratum. The text says what the WG intended: if one is attempting to validate the signature, one MUST try them all until one succeeds or one runs out of keys to try.  I believe the reporter is requesting a technical change based on recent analysis, which is a worthy topic for discussion but is not an erratum. Take it to the WG.
> -- 
> Sent from a phone, please excuse typos and brevity


=====================================
Scott Rose
NIST/CTL/WND
scott.rose@nist.gov
ph: 301-975-8439
GoogleVoice: 571-249-3671
=====================================

v2.38.3 | Report a Bug | By Email | System Status