IETF Logo Mail Archive

Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt

"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Wed, 05 January 2011 19:23 UTC

Return-Path: <jwkckid1@ix.netcom.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D5A63A6C69 for <dnsext@core3.amsl.com>; Wed, 5 Jan 2011 11:23:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.164
X-Spam-Level:
X-Spam-Status: No, score=-2.164 tagged_above=-999 required=5 tests=[AWL=0.435, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IUwZHKAhR2k2 for <dnsext@core3.amsl.com>; Wed, 5 Jan 2011 11:23:54 -0800 (PST)
Received: from elasmtp-scoter.atl.sa.earthlink.net (elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]) by core3.amsl.com (Postfix) with ESMTP id 840093A6C17 for <dnsext@ietf.org>; Wed, 5 Jan 2011 11:23:54 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=qk/nMRr/gzXgo2a4Fe0RslLwHRRTdmsK2ha0h+XicOCuqXJ4nZ7LxYoeI8ITvwj0; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.36] (helo=elwamui-hybrid.atl.sa.earthlink.net) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1PaYzh-0006nP-2X for dnsext@ietf.org; Wed, 05 Jan 2011 14:26:01 -0500
Received: from 99.93.224.206 by webmail.earthlink.net with HTTP; Wed, 5 Jan 2011 14:26:00 -0500
Message-ID: <26133275.1294255561010.JavaMail.root@elwamui-hybrid.atl.sa.earthlink.net>
Date: Wed, 05 Jan 2011 13:26:00 -0600
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
To: dnsext@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688677a080fb5fa1ce428211b39f1f998df350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.36
Subject: Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 19:23:56 -0000

Paul and all,


-----Original Message-----
>From: Paul Hoffman <paul.hoffman@vpnc.org>
>Sent: Jan 5, 2011 12:56 PM
>To: dnsext@ietf.org
>Subject: Re: [dnsext] Adopting draft:  draft-hoffman-dnssec-ecdsa-04.txt
>
>On 1/5/11 10:39 AM, Chris Thompson wrote:
>> On Jan 5 2011, Edward Lewis wrote:
>>
>>> I'd like to see this stated in DNS terms - i.e., the notion of
>>> strength is not one of them.
>>>
>>> I would suggest that
>>>
>>> - the authoritative set of the DS record SHOULD include a DS RR for
>>> each key that is of the same hash algorithm as is used in the key and
>>> MAY have other hashes (and MAY even have only other hashes[1])
>>>
>>> [1] The parenthetical comment is redundant, put it there for emphasis.
>>>
>>> - a validator SHOULD prefer the DS record of the same hash algorithm
>>> over other hash algorithms for a key.
>>
>> You mean that a validator should prefer a digest type 1 (SHA-1) DS over
>> a type 2 (SHA-256) DS if the key to be validated uses algorithm RSASHA1?
>> This directly contradicts the SHOULD in RFC 4509 section 3, and also
>> doesn't seem too sensible to me.
>
>Thank you, Chris. I knew that someone had said something about strengths 
>in an RFC, but I could not remember where. You nailed it.
>
>That's not to say that we should have equivalent wording in this 
>document, just that the "cannot say anything about strength" is a new 
>requirement that is not met by earlier standards-track documents from 
>this WG.

  Why cannot there be anything about strength as a new requirement that
is not yet met by earlier standards-track diocuments?  
>_______________________________________________
>dnsext mailing list
>dnsext@ietf.org
>https://www.ietf.org/mailman/listinfo/dnsext

Kindest regards,
Jeffrey A. Williams
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
Network security Eng. SR. Eng. Network data security,
IT/information security.
ABA member in good standing member ID 01257402 
E-Mail jwkckid1@ix.netcom.com
Phone: 214-244-4827

v2.23.0 | Report a Bug | By Email