Re: [dnsext] [Technical Errata Reported] RFC6944 (4932)

Petr Špaček <petr.spacek@nic.cz> Mon, 13 February 2017 21:14 UTC

Return-Path: <petr.spacek@nic.cz>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 804421298CF for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2017 13:14:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id veB_Lo9KjhXB for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2017 13:14:00 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7871298C8 for <dnsext@ietf.org>; Mon, 13 Feb 2017 13:13:59 -0800 (PST)
Received: from [192.168.3.170] (unknown [95.82.146.6]) by mail.nic.cz (Postfix) with ESMTPSA id 13CD8600D2; Mon, 13 Feb 2017 22:13:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1487020438; bh=ILxb9X1lxYTa5yo2qMOy0E8WCGkXY/KucrY91gQ1FRc=; h=To:From:Date; b=wwtTJ3MA+yF9ou8XDmcC2H+FYwy9YbNeErRaE3uJvEB+p+JvX+Vsa8gymnSNxbdHG 1SYbStw69a1HdEl4TETogsJSlAcXsY3MNFruuf1XddyH5tiBisW24NHUPyxJ4tRO2x TF0eL0DOyFzmUlbV+Dd/aDof37CEzlIjGIsQJpDg=
To: "Rose, Scott" <scott.rose@nist.gov>, RFC Errata System <rfc-editor@rfc-editor.org>
References: <20170212134703.00224B80258@rfc-editor.org> <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov>
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Organization: CZ.NIC
Message-ID: <6c10c482-d7c5-d0b0-c11f-e2ac4da53065@nic.cz>
Date: Mon, 13 Feb 2017 22:13:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <612D3507-7A11-4A6D-8A13-C18460995218@nist.gov>
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/rgQqVD2BN3CuUdkf-QKA2JaTano>
Cc: dnsext@ietf.org, suresh.krishnan@ericsson.com, charset=UTF-8@rfc-editor.org, ogud@ogud.com
Subject: Re: [dnsext] [Technical Errata Reported] RFC6944 (4932)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 21:14:02 -0000

The reference right in the entry would be helpful. I'm sorry for not
being clear.

Petr Špaček  @  CZ.NIC

On 02/13/2017 05:42 PM, Rose, Scott wrote:
> A reference to RFC 6944 to the whole registry, or the entry for RSA/MD5?
>  There is a ref for the whole table, but not the entry. If this a
> proposed change to the entry, I agree with the change.
> 
> Scott
> 
> 
> 
> On 12 Feb 2017, at 8:47, RFC Errata System wrote:
> 
>> The following errata report has been submitted for RFC6944,
>> "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm
>> Implementation Status".
>>
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata_search.php?rfc=6944&eid=4932
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Petr Spacek <petr.spacek@nic.cz>
>>
>> Section: 3
>>
>> Original Text
>> -------------
>>    This document lists the implementation status of cryptographic
>>    algorithms used with DNSSEC.  These algorithms are maintained in an
>>    IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
>>    Because this document establishes the implementation status of every
>>    algorithm, it has been listed as a reference for the registry itself.
>>
>> Corrected Text
>> --------------
>>    This document lists the implementation status of cryptographic
>>    algorithms used with DNSSEC.  These algorithms are maintained in an
>>    IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
>>    Because this document establishes the implementation status of every
>>    algorithm, it has been listed as a reference for the registry itself.
>>
>>    Given significance of status change of RSAMD5 algorithm, a reference
>>    to this RFC should be added to the registry.
>>
>> Notes
>> -----
>> "RSAMD5 has an implementation status of Must Not Implement because of
>> known weaknesses in MD5."
>>
>> This is very important. An additional reference would lower likelihood
>> that DNS Implementors will overlook the important piece of information.
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC6944 (draft-ietf-dnsext-dnssec-algo-imp-status-04)
>> --------------------------------------
>> Title               : Applicability Statement: DNS Security (DNSSEC)
>> DNSKEY Algorithm Implementation Status
>> Publication Date    : April 2013
>> Author(s)           : S. Rose
>> Category            : PROPOSED STANDARD
>> Source              : DNS Extensions
>> Area                : Internet
>> Stream              : IETF
>> Verifying Party     : IESG
> 
> 
> ==================================
> Scott Rose, NIST
> scottr@nist.gov
> ph: +1-301-975-8439
> Google Voice: +1-571-249-3671