[dnsext] [Errata Verified] RFC6944 (4932)

RFC Errata System <rfc-editor@rfc-editor.org> Wed, 01 March 2017 01:40 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC7F9129677; Tue, 28 Feb 2017 17:40:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_wN0U5fIGjO; Tue, 28 Feb 2017 17:40:34 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F22C21293DA; Tue, 28 Feb 2017 17:40:33 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id E8FDAB82167; Tue, 28 Feb 2017 17:40:33 -0800 (PST)
To: petr.spacek@nic.cz, scottr.nist@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20170301014033.E8FDAB82167@rfc-editor.org>
Date: Tue, 28 Feb 2017 17:40:33 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/W76-4F2AgbGJ1M4VoEWtZw_jQcE>
Cc: text/plain@rfc-editor.org, dnsext@ietf.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org
Subject: [dnsext] [Errata Verified] RFC6944 (4932)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 01:40:38 -0000

The following errata report has been verified for RFC6944,
"Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status". 

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932

--------------------------------------
Status: Verified
Type: Technical

Reported by: Petr Spacek <petr.spacek@nic.cz>
Date Reported: 2017-02-12
Verified by: Terry Manderson (IESG)

Section: 3

Original Text
-------------
   This document lists the implementation status of cryptographic
   algorithms used with DNSSEC.  These algorithms are maintained in an
   IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
   Because this document establishes the implementation status of every
   algorithm, it has been listed as a reference for the registry itself.

Corrected Text
--------------
   This document lists the implementation status of cryptographic
   algorithms used with DNSSEC.  These algorithms are maintained in an
   IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
   Because this document establishes the implementation status of every
   algorithm, it has been listed as a reference for the registry itself.

   Given significance of status change of RSAMD5 algorithm, a reference
   to this RFC should be added to the registry.

Notes
-----
"RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5."

This is very important. An additional reference would lower likelihood that DNS Implementors will overlook the important piece of information.

--------------------------------------
RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04)
--------------------------------------
Title               : Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status
Publication Date    : April 2013
Author(s)           : S. Rose
Category            : PROPOSED STANDARD
Source              : DNS Extensions
Area                : Internet
Stream              : IETF
Verifying Party     : IESG