Re: DNSSECbis Q-17: typecode change and TKEY
"Scott Rose" <scottr@nist.gov> Thu, 09 October 2003 12:26 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA17374 for <dnsext-archive@lists.ietf.org>; Thu, 9 Oct 2003 08:26:33 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 4.24; FreeBSD 4.9) id 1A7Zi1-000IM5-1y for namedroppers-data@psg.com; Thu, 09 Oct 2003 12:15:57 +0000
Received: from [129.6.16.92] (helo=postmark.nist.gov) by psg.com with esmtp (Exim 4.24; FreeBSD 4.9) id 1A7ZhV-000IL2-DS for namedroppers@ops.ietf.org; Thu, 09 Oct 2003 12:15:25 +0000
Received: from barnacle (barnacle.antd.nist.gov [129.6.55.185]) by postmark.nist.gov (8.12.5/8.12.5) with SMTP id h99CFJe7022764 for <namedroppers@ops.ietf.org>; Thu, 9 Oct 2003 08:15:20 -0400 (EDT)
Message-ID: <017a01c38e5f$02f84c10$b9370681@barnacle>
From: Scott Rose <scottr@nist.gov>
To: namedroppers@ops.ietf.org
References: <Pine.LNX.4.58.0310090922070.2350@elektron.atoom.net>
Subject: Re: DNSSECbis Q-17: typecode change and TKEY
Date: Thu, 09 Oct 2003 08:15:20 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
x-mimeole: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Status: No, hits=0.5 required=5.0 tests=QUOTED_EMAIL_TEXT,RCVD_IN_OSIRUSOFT_COM,REFERENCES version=2.55
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
Personally, I agree with 1). KEY could be used for transaction authentication and DNSKEY used for generating RRSIGs only. That way, KEY can retain the use of the DH algorithm code, and DNSKEY may not need it. Scott ----- Original Message ----- From: "Roy Arends" <roy@logmess.com> To: <namedroppers@ops.ietf.org> Sent: Thursday, October 09, 2003 4:00 AM Subject: DNSSECbis Q-17: typecode change and TKEY > TKEY (2930) provisions key agreement methods. One method for a resolver > and a server to agree about shared secret keying material for use in TSIG > (2845) is through DNS requests using, for example, Diffie-Hellman (DH) > Exchanged Keying. > > Essentially, a resolver sends a query accompanied by a KEY RR in the > additional section specifying a resolver DH key (2539), or, a KEY > accompanied by its SIG(KEY). > > The issue at hand is the accompanied KEY RR (and SIG) in light of the > recent type-code rollover, which leaves the KEY RR for the use of SIG(0) > only. > > There are a few ways out: > > 1) retain KEY, SIG RR for the use of TKEY as well as SIG(0). > 2) Have draft-ietf-dnsext-dnssec-2535typecode-change update RFC 2930 as > well. > > Either way, draft-ietf-dnsext-dnssec-2535typecode-change, and 2535bis > accordingly, has to include some text on this. > > Regards, > > Roy > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> > -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- DNSSECbis Q-17: typecode change and TKEY Roy Arends
- Re: DNSSECbis Q-17: typecode change and TKEY Scott Rose