[dnsext] [Technical Errata Reported] RFC4034 (4552)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 04 December 2015 12:03 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 396461A6FCF for <dnsext@ietfa.amsl.com>; Fri, 4 Dec 2015 04:03:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.912
X-Spam-Status: No, score=-101.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id WDr8lZEGd0j9 for <dnsext@ietfa.amsl.com>; Fri, 4 Dec 2015 04:03:53 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id CEEE21A870E for <dnsext@ietf.org>; Fri, 4 Dec 2015 04:03:48 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 2EB03180016; Fri, 4 Dec 2015 04:01:59 -0800 (PST)
To: roy.arends@telin.nl, sra@isc.org, mlarson@verisign.com, massey@cs.colostate.edu, scott.rose@nist.gov, brian@innovationslab.net, terry.manderson@icann.org, ogud@ogud.com, ajs@anvilwalrusden.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20151204120159.2EB03180016@rfc-editor.org>
Date: Fri, 4 Dec 2015 04:01:59 -0800 (PST)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsext/dzv3H1AvqXzA0R0kkG_Pv7BqQLs>
X-Mailman-Approved-At: Sun, 13 Dec 2015 12:36:55 -0800
Cc: dnsext@ietf.org, rfc-editor@rfc-editor.org
Subject: [dnsext] [Technical Errata Reported] RFC4034 (4552)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 12:03:58 -0000

The following errata report has been submitted for RFC4034,
"Resource Records for the DNS Security Extensions".

You may review the report below and at:

Type: Technical
Reported by: Ben Laurie <benl@google.com>

Section: Appendix B

Original Text
These groups are then added together, ignoring any carry bits.

Corrected Text
These groups are then added together with at least 32-bit precision,
retaining any carry bits.
The carry bits are then added to the result, and finally, only the lower
16 bits of the result are used as the key tag. Note that this means any
carries generated during the addition of the carry bits are ignored.
This, in turn, means that the keytag calculation is often the same as
reduction modulo 65535, but not always.

Errata 2681 already proposes a fix to Appendix B, however the proposed fix is not quite clear. The first part of the corrected text is from 2681.

Its worth pointing this out because a naive analysis says in fact the keytag is exactly the same as reduction modulo 65535, and this has already wasted a fair amount of time.

It is also worth pointing out, perhaps, that this is a poor choice of algorithm for this particular application as it interacts badly with the properties of keys.

This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

RFC4034 (draft-ietf-dnsext-dnssec-records-11)
Title               : Resource Records for the DNS Security Extensions
Publication Date    : March 2005
Author(s)           : R. Arends, R. Austein, M. Larson, D. Massey, S. Rose
Category            : PROPOSED STANDARD
Source              : DNS Extensions
Area                : Internet
Stream              : IETF
Verifying Party     : IESG