Re: [DNSOP] [Technical Errata Reported] RFC8976 (6425)
"Wessels, Duane" <dwessels@verisign.com> Thu, 11 February 2021 18:25 UTC
Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36933A1831 for <dnsop@ietfa.amsl.com>; Thu, 11 Feb 2021 10:25:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xO_gJOhmwxte for <dnsop@ietfa.amsl.com>; Thu, 11 Feb 2021 10:25:57 -0800 (PST)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C95A3A1830 for <dnsop@ietf.org>; Thu, 11 Feb 2021 10:25:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=9887; q=dns/txt; s=VRSN; t=1613067958; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=qYjof9xKgHBE2Xd8YTGAfq3Tbw259OHY5Jl/pWtjpTM=; b=HAtYOkqBqoftKWt+w1o2qtwtXwyq1gdaye16eBrE735GjFSPaMIRwCmW LHzwz1X/xF4lBTVCxHLCRcia4q/9DzzqxBWVoWoEebc8ZU72lHS3VSJJY wcMlNevE+ZL34ENun/s2POIFOs3XFg9QftaEr60yFAxWtRLfqFuVVVgwM 0QYdDxlgRSMSRi9GjDnKA4I42y78ijh1G4P0BpnCSi0RBEqRw8HDLzXV6 xkTTrWuXPlUYOB2dcjVQiPajV830uW+tBo2Rxlv2+2GzC0rpv9kcu6lXu +4DLiXt5i/TrKzn8aQSa0j4FhDjhv4X/fhhKso6Omc7b1OQ4BGJpdj8tg Q==;
IronPort-SDR: Q8NXsBWHprB/yBPY8gIBa1X4xBLY7wgIbSzgbnxFh8595tjFLr3y/Ixw2lwxVfx1BkbLvK+23z zFk9lKoqPTUJCidZ7Vvg2UOo1GnuwhDsh+MkLnaKIIqUYYH/YL7RTC46nwKFVi+qbkVKAfp0YC rDFx0BTxC4l3Lr17KhETpdq5M4dXwuSQnAHfcFphxASEuxLIO34hDtcCrfxWcQ610UU5Pg53YK DbcbCTwzoy3GTbtMEhaIuo8eTmTfiYY30VoM6b3U7+9MJZyUxHd+mE4h8iKgzqvtAGTvKxEB7o A5M=
X-IronPort-AV: E=Sophos; i="5.81,171,1610427600"; d="p7s'?scan'208"; a="5124260"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Thu, 11 Feb 2021 13:25:55 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2176.002; Thu, 11 Feb 2021 13:25:55 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
CC: "Barber, Piet" <pbarber@verisign.com>, "Weinberg, Matt" <matweinb@amazon.com>, Warren Kumari <warren@kumari.net>, Wes Hardaker <ietf@hardakers.net>, "rwilton@cisco.com" <rwilton@cisco.com>, "<benno@nlnetlabs.nl>" <benno@NLnetLabs.nl>, "suzworldwide@gmail.com" <suzworldwide@gmail.com>, "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>, "bwelling@akamai.com" <bwelling@akamai.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] [Technical Errata Reported] RFC8976 (6425)
Thread-Index: AQHW//aIZSO/esji1E6FJ5MGQquFtqpTmo8A
Date: Thu, 11 Feb 2021 18:25:55 +0000
Message-ID: <D944A6A0-C2F8-4AC7-8327-47EF396D849F@verisign.com>
References: <20210210214825.C81B9F4073F@rfc-editor.org>
In-Reply-To: <20210210214825.C81B9F4073F@rfc-editor.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_AC12EE6A-1E3C-4C0F-9F51-E3DED8B2618B"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8JdDC4cXW-iAUhoZYCXZf4QLJXc>
Subject: Re: [DNSOP] [Technical Errata Reported] RFC8976 (6425)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 18:25:59 -0000
Brian,
Thank you for reporting this. Indeed this example SHA384 digest should have 48 octets, although the A.3 example zone as a whole is still valid because a verifier will either exclude the ZONEMD RR in question either because of the private-use scheme or because it is truncated. Since the example wasn't intended to include a truncated digest, we think the errata should be accepted and corrected. Proposed correction:
example. 86400 IN ZONEMD 2018031900 241 1 (
e1846540e33a9e41
89792d18d5d131f6
05fc283e8136a8ed
924937852d0076a3
fd5cd859c4265eaf
a8dd75c61e3dc079 )
DW
> On Feb 10, 2021, at 1:48 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
>
> Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> The following errata report has been submitted for RFC8976,
> "Message Digest for DNS Zones".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6425
>
> --------------------------------------
> Type: Technical
> Reported by: Brian Wellington <bwelling@akamai.com>
>
> Section: A.3
>
> Original Text
> -------------
> example. 86400 IN ZONEMD 2018031900 241 1 (
> e1846540e33a9e41
> 89792d18d5d131f6
> 05fc283e )
>
>
> Corrected Text
> --------------
> <A ZONEMD record with a digest of length 48>
>
> Notes
> -----
> 2.2.3 defines Hash Algorithm 1 as SHA384, and says that "the size of the Digest field is 48 octets". There is nothing in 2.2.3 (or 2.2.2, where Scheme is defined) that indicates that Scheme and Hash Algorithm are dependent on each other, so the fact that the Scheme value (241) is private should have no effect on the digest computed by Hash Algorithm 1.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC8976 (draft-ietf-dnsop-dns-zone-digest-14)
> --------------------------------------
> Title : Message Digest for DNS Zones
> Publication Date : February 2021
> Author(s) : D. Wessels, P. Barber, M. Weinberg, W. Kumari, W. Hardaker
> Category : PROPOSED STANDARD
> Source : Domain Name System Operations
> Area : Operations and Management
> Stream : IETF
> Verifying Party : IESG
- [DNSOP] [Technical Errata Reported] RFC8976 (6425) RFC Errata System
- Re: [DNSOP] [Technical Errata Reported] RFC8976 (… Wessels, Duane
- Re: [DNSOP] [Technical Errata Reported] RFC8976 (… Wellington, Brian
- Re: [DNSOP] [Technical Errata Reported] RFC8976 (… Wessels, Duane