Re: [dnsext] [Technical Errata Reported] RFC5155 (4993)
Alex Bligh <alex@alex.org.uk> Wed, 19 April 2017 05:16 UTC
Return-Path: <alex@alex.org.uk>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8330120724 for <dnsext@ietfa.amsl.com>; Tue, 18 Apr 2017 22:16:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.289
X-Spam-Level:
X-Spam-Status: No, score=-4.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alex.org.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MDgAvOMVsw6 for <dnsext@ietfa.amsl.com>; Tue, 18 Apr 2017 22:16:55 -0700 (PDT)
Received: from mail.avalus.com (mail.avalus.com [IPv6:2001:41c8:10:1dd::10]) by ietfa.amsl.com (Postfix) with ESMTP id 81B66131513 for <dnsext@ietf.org>; Tue, 18 Apr 2017 22:16:55 -0700 (PDT)
Received: by mail.avalus.com (Postfix) with ESMTPSA id 0B5C054F6001; Wed, 19 Apr 2017 06:16:53 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alex.org.uk; s=mail; t=1492579013; bh=p8OViFWrZy/sZSu0GbotP0d4NxyHVg3Ikt5eZfQKEpk=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=cKAZXNeuq/h4tDOI1moPEJ9Spq0W8fLZ7OTMmCRumdVbR8JmUEV16qnqH0KB6DGap WQQt+dX3nvjHl1W7+etLAQlYSeXpv1sctlfnRqPjHyHJGCNkucfrGFMIzAvG49QR7o VRAltr0e/6KMmiyizAZ33x/LdcQijggmr6n7wvFc=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alex Bligh <alex@alex.org.uk>
In-Reply-To: <20170413161207.DB84EB80A47@rfc-editor.org>
Date: Wed, 19 Apr 2017 07:16:51 +0200
Cc: Alex Bligh <alex@alex.org.uk>, Ben Laurie <ben@links.org>, geoff-s@panix.com, Roy Arends <roy@nominet.org.uk>, David Blacka <davidb@verisign.com>, suresh.krishnan@ericsson.com, terry.manderson@icann.org, Ólafur Guðmundsson /DNSEXT chair <ogud@ogud.com>, ajs@anvilwalrusden.com, "dnsext mailing dnsext@ietf.org" <dnsext@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <34C0EC89-BA95-47A0-B5DC-A6800217EB40@alex.org.uk>
References: <20170413161207.DB84EB80A47@rfc-editor.org>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/b9KjBCao80mfqC03YcYqREyHgXk>
X-Mailman-Approved-At: Fri, 28 Apr 2017 06:06:55 -0700
Subject: Re: [dnsext] [Technical Errata Reported] RFC5155 (4993)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 05:16:57 -0000
> On 13 Apr 2017, at 18:12, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The zone prior to NSEC3 signing seems to have contained an unexpected > 2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. A 192.0.2.127 > which was then lovingly included in the NSEC3 chain. > > The error is readily detectable from the list of hashes of the original owner names. The source zone prior to signing can never contain a hashed name. > The inclusion may or may not be an error, but that statement is incorrect. The source zone *can* include labels that happen to be the result of a later hashing (by coincidence) and there was much discussion at the time as to whether this would cause issues (it doesn't). Of course it's not likely in practice, but it is possible. It seems to me that whether this is in fact an error depends on whether the possibility of this is being deliberately illustrated or not; if it is, then perhaps it might be better to call this out directly. -- Alex Bligh
- [dnsext] [Technical Errata Reported] RFC5155 (499… RFC Errata System
- Re: [dnsext] [Technical Errata Reported] RFC5155 … Alex Bligh
- Re: [dnsext] [Ext] [Technical Errata Reported] RF… Roy Arends