Re: Keeping the KEY and SIG typecodes active
"Scott Rose" <scottr@nist.gov> Wed, 18 June 2003 12:54 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02268 for <dnsext-archive@lists.ietf.org>; Wed, 18 Jun 2003 08:54:13 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 4.14) id 19ScNq-0006qk-42 for namedroppers-data@psg.com; Wed, 18 Jun 2003 12:49:50 +0000
Received: from [129.6.16.92] (helo=postmark.nist.gov) by psg.com with esmtp (Exim 4.14) id 19ScNn-0006qM-OY for namedroppers@ops.ietf.org; Wed, 18 Jun 2003 12:49:47 +0000
Received: from barnacle (barnacle.antd.nist.gov [129.6.55.185]) by postmark.nist.gov (8.12.5/8.12.5) with SMTP id h5ICnQbd024332; Wed, 18 Jun 2003 08:49:26 -0400 (EDT)
Message-ID: <005201c33598$0e3d5ef0$b9370681@barnacle>
From: Scott Rose <scottr@nist.gov>
To: Sam Weiler <weiler@tislabs.com>
Cc: namedroppers@ops.ietf.org
References: <Pine.GSO.4.33.0306171825330.11723-100000@raven>
Subject: Re: Keeping the KEY and SIG typecodes active
Date: Wed, 18 Jun 2003 08:49:28 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Status: No, hits=-11.9 required=5.0 tests=BAYES_30,QUOTED_EMAIL_TEXT,QUOTE_TWICE_1,REFERENCES autolearn=ham version=2.53
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
As long as the KEY RR does not have the zone key flag bit set, it should be alright. However, the KEY will be signed by a RRSIG in the zone, which would cause old (RFC2535) validators to consider it unsigned. As for SIG(0) clients, if they don't now, that doesn't mean they won't later, especially since that was the idea of SIG(0). Scott ----- Original Message ----- From: "Sam Weiler" <weiler@tislabs.com> To: "Scott Rose" <scottr@nist.gov> Cc: <namedroppers@ops.ietf.org> Sent: Tuesday, June 17, 2003 6:32 PM Subject: Re: Keeping the KEY and SIG typecodes active > > Topic: Keeping the KEY (typcode 24) and SIG (25) for transaction > > authentication only. > > draft-ietf-dnsext-dnssec-2535typecode-change-02.txt (which finally > cleared the i-d editor queue late this afternoon after being sent in > on Thursday morning) keeps SIG for SIG(0), but still deprecates KEY. > I'd appreciate it if folks would review the new sections of the draft > -- there's a change list at the top of the document. > > Keeping KEY worries me a bit more, since it will appear in-zone and > some 2535-aware things pay attention to it. Must we really keep it? > Do any of the SIG(0) _clients_ actually look at KEYs? > > -- Sam -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: Keeping the KEY and SIG typecodes active Sam Weiler
- Re: Keeping the KEY and SIG typecodes active Scott Rose
- Re: Keeping the KEY and SIG typecodes active Scott Rose
- Re: Keeping the KEY and SIG typecodes active Sam Weiler
- Re: Keeping the KEY and SIG typecodes active Edward Lewis
- Re: Keeping the KEY and SIG typecodes active Sam Weiler