Re: [DNSOP] I-D Action: draft-wessels-dns-zone-digest-06.txt

["Wessels, Duane" <dwessels@verisign.com>]

> On May 17, 2019, at 12:14 PM, Olli Vanhoja <olli@zeit.co> wrote:
> 
> I believe this has been in a bit stall for some time. I'm finally
> trying push for some real production implementations.
> 
> I have one note that I wrote when I was initially reading the draft:
> 
> - Canonical RR Form comes from RFC 4034 s. 6.2 and it doesn't require
> require normalization of SPF and CAA records. RFC 6844 specifically
> allows any string formatting allowed by
> https://tools.ietf.org/html/rfc1035#section-5.1
> 
> Not sure if there is any real issue with this one but in theory I
> guess there could be functionally equivalent records with a digest
> mismatch. Maybe it's even desirable that those are not normalized,
> just a note.

Hi Olli,

Can you expand on this?  I'm not sure that I follow.  

ZONEMD doesn't operate on presentation format of RRs.  It only operates on canonical wire format.  Are you saying that some RRs can have different valid wire formats?  That would surprise me since DNSSEC signatures are also based on that format.

DW