IETF Logo Mail Archive

Re: [dnsext] [Editorial Errata Reported] RFC6840 (4191)

Donald Eastlake <d3e3e3@gmail.com> Tue, 02 December 2014 17:11 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790421A1EEC for <dnsext@ietfa.amsl.com>; Tue, 2 Dec 2014 09:11:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQWmNP0ZMnkI for <dnsext@ietfa.amsl.com>; Tue, 2 Dec 2014 09:11:50 -0800 (PST)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A67911A6F8E for <dnsext@ietf.org>; Tue, 2 Dec 2014 09:10:41 -0800 (PST)
Received: by mail-ob0-f181.google.com with SMTP id gq1so10171600obb.12 for <dnsext@ietf.org>; Tue, 02 Dec 2014 09:10:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=dAFOozjNYwjua1Qx1P6yWo6nyggqS0HDDo5x7ebww7A=; b=jcvIuWiwQSMGcy/dP2FuGEO6mJ+GLMu+jqzSHeBcJRO1sTN15LhZaOEQCmb7TnYsBk w84TfaRCDoa29QfvMMeKClkqGrSpKCvFGVf+7nSmPTP9Y5RZ4xTEGdW9AAjHMcavF6bg 03zUdBcf7gK/CF7lWZPsWq/QxOTw9gQ/rj/4iOfIjrNo5UoZje08HdCg5QormlVmtGHn MsDWohV6EQSmMNdKfyXhTWxQw15FJANAv7TpbkUP3WU70ff0Bf+bEJ6wgW3IVl1YiufV NOa+bsx/G3pS45bmR6xLfhTMMj3zlPZYUkTd1zCsTm6KNE+kRdfnbA99wNT9a1iZP8m6 kH9w==
X-Received: by 10.182.120.10 with SMTP id ky10mr241928obb.68.1417540240165; Tue, 02 Dec 2014 09:10:40 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.147.105 with HTTP; Tue, 2 Dec 2014 09:10:19 -0800 (PST)
In-Reply-To: <20141202163646.E4BFC18123F@rfc-editor.org>
References: <20141202163646.E4BFC18123F@rfc-editor.org>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Tue, 02 Dec 2014 12:10:19 -0500
Message-ID: <CAF4+nEFms4V6VOL=QmE=x9q7wZXog6KkDdu71DrmRbD-1vSp0Q@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsext/UcI860eDqeV4w6GmXoJsjX3FIUk
Cc: edward.lewis@icann.org, Brian Haberman <brian@innovationslab.net>, IETF DNSEXT WG <dnsext@ietf.org>, Ted Lemon <ted.lemon@nominum.com>, Ólafur Guðmundsson <ogud@ogud.com>
Subject: Re: [dnsext] [Editorial Errata Reported] RFC6840 (4191)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 17:11:52 -0000

While the new text is OK, I do not think the old text is wrong.
"signing a zone" is a well known term of art for signing the
authoritative RRsets in the zone.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com


On Tue, Dec 2, 2014 at 11:36 AM, RFC Errata System
<rfc-editor@rfc-editor.org> wrote:
> The following errata report has been submitted for RFC6840,
> "Clarifications and Implementation Notes for DNS Security (DNSSEC)".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6840&eid=4191
>
> --------------------------------------
> Type: Editorial
> Reported by: Edward Lewis <edward.lewis@icann.org>
>
> Section: 5.11
>
> Original Text
> -------------
> ...
>
> A signed zone MUST include a DNSKEY for each algorithm present in
>       the zone's DS RRset and expected trust anchors for the zone.  The
>       zone MUST also be signed with each algorithm (though not each key)
>       present in the DNSKEY RRset.
>
> Corrected Text
> --------------
> A signed zone MUST include a DNSKEY for each algorithm present in
>       the zone's DS RRset and expected trust anchors for the zone.  Each
>       authoritative RRset in the zone MUST be signed with each
>       algorithm (though not each key) present in the DNSKEY RRset.
>
> Notes
> -----
> Zones aren't signed (per se), the data sets within them are.  But not cut point (NS) and glue.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC6840 (draft-ietf-dnsext-dnssec-bis-updates-20)
> --------------------------------------
> Title               : Clarifications and Implementation Notes for DNS Security (DNSSEC)
> Publication Date    : February 2013
> Author(s)           : S. Weiler, Ed., D. Blacka, Ed.
> Category            : PROPOSED STANDARD
> Source              : DNS Extensions
> Area                : Internet
> Stream              : IETF
> Verifying Party     : IESG
>
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email