Re: [DNSOP] [Technical Errata Reported] RFC6781 (5174)

Warren Kumari <warren@kumari.net> Mon, 30 October 2017 21:09 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3D213FB75 for <dnsop@ietfa.amsl.com>; Mon, 30 Oct 2017 14:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3H-Lk-DutUr for <dnsop@ietfa.amsl.com>; Mon, 30 Oct 2017 14:09:24 -0700 (PDT)
Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 018FA13FB90 for <dnsop@ietf.org>; Mon, 30 Oct 2017 14:09:02 -0700 (PDT)
Received: by mail-wr0-x22a.google.com with SMTP id y39so14018814wrd.4 for <dnsop@ietf.org>; Mon, 30 Oct 2017 14:09:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bXv0EgBrxvnzVYwhMBNbHIw/iu1Z90F1hu6wOEFa2gY=; b=Tsf8yPYIZmrufUWZ1JQOXCxbYqhoqS4bILJH+Ws6xnecZEZTQsueOS4xo+3iidSKoA 9cEy+LDYAy2iQhh8+LfmGzzzdDLWflCre+2dGxSr3GQ/IDNghWRUVp/Fo1yzHRgXdowD EUlQUUK56MuHW76wrg98NcLGB7ZC93EEPzx47v/t7axUDxnlD+/6MDcUsEuYq3IjXozO 5yGGoimciaoH46mXckaRRGjs09DaSYV0GX+Dw/+TYxK7ShzVoGCcRJeqLzKHzmNpmORM neX2Bdq6uo1bqHNELmHAGty82I20WJM3F4qjqi+ObPGm6soymQV7a2LBRGuheyCGfHkv 87CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bXv0EgBrxvnzVYwhMBNbHIw/iu1Z90F1hu6wOEFa2gY=; b=HuBd9+mvEII69q5vH5kBnlV1kYgcnhyU7vhE0eP0uaKbamX+x9dvvgqbxRZmoFZey4 5Ce6FOIwI2pMkSdI0wX9N89yo8uXTiQFkQOZhFrwrxQCkmvJ1rxh2X3iw4R58T5cN2+V sKTh/ozaoWQSV1ouXiUnurSccxbaFvTz14mbnQrrwzsgmXtjTMftMo3Y9r7ylcVKbXz1 MGTGGv/ZiSo2iyJtuMgJyNzp3icP9+Gr/cQBpiui7ohqEY4JsJ3kosJWZMhI7kbng1Md J4zqBo6obWhyAJQoR79SnUuK+zhgBSJk9ceVr97o3anxCU9iLnI+WX7FBxaTd0Ay1Qcw ufjw==
X-Gm-Message-State: AMCzsaWWYMVUoPLC9a9wVdU/A47nsksbLNPEj6R/N9Ccb/j3S/93cKdL +Qia8IMKhlaUNamGVDUl6JS7Ux4FG/JWqPec5rP3DG6L
X-Google-Smtp-Source: ABhQp+SthPHwoJWwtDs2RYE3byD+mz/xdvpvBavff9x0d4xa4epHaH7zkXzURVfUb2x0gT3Lx1KpLeLQtBoNBGqFcuA=
X-Received: by 10.223.133.242 with SMTP id 47mr9261685wru.170.1509397741227; Mon, 30 Oct 2017 14:09:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.187.12 with HTTP; Mon, 30 Oct 2017 14:08:20 -0700 (PDT)
In-Reply-To: <b1dec51f-6b58-9e24-9e87-9cfb89781a77@pletterpet.nl>
References: <20171029121247.31F02B817AB@rfc-editor.org> <b1dec51f-6b58-9e24-9e87-9cfb89781a77@pletterpet.nl>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 30 Oct 2017 17:08:20 -0400
Message-ID: <CAHw9_i+pb-pf=5U8a0XqHZpnY66F2JsGeF8-6keQ7RGNvSA75g@mail.gmail.com>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/L2d0AZgGUFJSLlQYmZedEdnwyEc>
Subject: Re: [DNSOP] [Technical Errata Reported] RFC6781 (5174)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 21:09:26 -0000

Thanks! Verified.

W

On Mon, Oct 30, 2017 at 2:24 AM, Matthijs Mekking
<matthijs@pletterpet.nl> wrote:
> Hi,
>
> This errata appears to be valid. In addition, the following text must also
> be corrected, from:
>
>    The rest of the zone data has the same signature as the SOA record,
>    i.e., an RRSIG created with DNSKEY_K_14.
>
> to:
>
>    The rest of the zone data has the same signature as the SOA record,
>    i.e., an RRSIG created with DNSKEY_K_15.
>
> Best regards,
>   Matthijs
>
>
> On 29-10-17 13:12, RFC Errata System wrote:
>>
>> The following errata report has been submitted for RFC6781,
>> "DNSSEC Operational Practices, Version 2".
>>
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5174
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Andreas Cudok <andreas.cudok@googlemail.com>
>>
>> Section: Appendix B.
>>
>> Original Text
>> -------------
>>     is reduced to the following representation:
>>
>>              SOA_2005092303
>>              RRSIG_Z_14(SOA_2005092303)
>>              DNSKEY_K_14
>>              DNSKEY_Z_15
>>              RRSIG_K_14(DNSKEY)
>>              RRSIG_Z_15(DNSKEY)
>>
>> Corrected Text
>> --------------
>>     is reduced to the following representation:
>>
>>              SOA_2005092303
>>              RRSIG_Z_14(SOA_2005092303)
>>              DNSKEY_Z_14
>>              DNSKEY_K_15
>>              RRSIG_Z_14(DNSKEY)
>>              RRSIG_K_15(DNSKEY)
>>
>> Notes
>> -----
>>
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC6781 (draft-ietf-dnsop-rfc4641bis-13)
>> --------------------------------------
>> Title               : DNSSEC Operational Practices, Version 2
>> Publication Date    : December 2012
>> Author(s)           : O. Kolkman, W. Mekking, R. Gieben
>> Category            : INFORMATIONAL
>> Source              : Domain Name System Operations
>> Area                : Operations and Management
>> Stream              : IETF
>> Verifying Party     : IESG
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf