DNSSECbis Q-17: typecode change and TKEY
Roy Arends <roy@logmess.com> Thu, 09 October 2003 08:08 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10982 for <dnsext-archive@lists.ietf.org>; Thu, 9 Oct 2003 04:08:57 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 4.24; FreeBSD 4.9) id 1A7VjA-000O5q-Il for namedroppers-data@psg.com; Thu, 09 Oct 2003 08:00:52 +0000
Received: from [80.56.52.166] (helo=elektron.atoom.net) by psg.com with esmtp (Exim 4.24; FreeBSD 4.9) id 1A7Vic-000O4O-7g for namedroppers@ops.ietf.org; Thu, 09 Oct 2003 08:00:18 +0000
Received: from elektron.atoom.net (localhost [127.0.0.1]) by elektron.atoom.net (8.12.10/8.12.10/Debian-4) with ESMTP id h99808Yb002952 for <namedroppers@ops.ietf.org>; Thu, 9 Oct 2003 10:00:11 +0200
Received: from localhost (roy@localhost) by elektron.atoom.net (8.12.10/8.12.10/Debian-4) with ESMTP id h99807Mm002949 for <namedroppers@ops.ietf.org>; Thu, 9 Oct 2003 10:00:08 +0200
X-Authentication-Warning: elektron.atoom.net: roy owned process doing -bs
Date: Thu, 09 Oct 2003 10:00:07 +0200
From: Roy Arends <roy@logmess.com>
X-X-Sender: roy@elektron.atoom.net
To: namedroppers@ops.ietf.org
Subject: DNSSECbis Q-17: typecode change and TKEY
Message-ID: <Pine.LNX.4.58.0310090922070.2350@elektron.atoom.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Virus-Scanned: by amavisd-new
X-Spam-Status: No, hits=-3.0 required=5.0 tests=BAYES_20,USER_AGENT_PINE,X_AUTH_WARNING version=2.55
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
TKEY (2930) provisions key agreement methods. One method for a resolver and a server to agree about shared secret keying material for use in TSIG (2845) is through DNS requests using, for example, Diffie-Hellman (DH) Exchanged Keying. Essentially, a resolver sends a query accompanied by a KEY RR in the additional section specifying a resolver DH key (2539), or, a KEY accompanied by its SIG(KEY). The issue at hand is the accompanied KEY RR (and SIG) in light of the recent type-code rollover, which leaves the KEY RR for the use of SIG(0) only. There are a few ways out: 1) retain KEY, SIG RR for the use of TKEY as well as SIG(0). 2) Have draft-ietf-dnsext-dnssec-2535typecode-change update RFC 2930 as well. Either way, draft-ietf-dnsext-dnssec-2535typecode-change, and 2535bis accordingly, has to include some text on this. Regards, Roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- DNSSECbis Q-17: typecode change and TKEY Roy Arends
- Re: DNSSECbis Q-17: typecode change and TKEY Scott Rose