IETF Logo Mail Archive

Re: [DNSOP] Implementation status for ZONEMD?

Benno Overeinder <benno@NLnetLabs.nl> Wed, 23 December 2020 14:03 UTC

Return-Path: <benno@NLnetLabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 648603A0FDF for <dnsop@ietfa.amsl.com>; Wed, 23 Dec 2020 06:03:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZaFsmYzmLYX for <dnsop@ietfa.amsl.com>; Wed, 23 Dec 2020 06:03:41 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87B8C3A0FDC for <dnsop@ietf.org>; Wed, 23 Dec 2020 06:03:41 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 9572F60157 for <dnsop@ietf.org>; Wed, 23 Dec 2020 14:03:38 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.142]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1608732218; bh=7GDAKjUdYvXvPuAY90xxJ/VOTu2y191qq9i8kbGdYwM=; h=To:References:From:Subject:Date:In-Reply-To:From; b=UI7+Kxm4JB2qOjex/DSh8XeJLhvJ5d/UD856gfBZMUddYMBsWl/26EYN+lNA4MB2+ puBDZ4HdFZhx1obkjPucr2vywPGssbDyIzTNXM/YhjE+iCmY1V8zgQdacRhaCaWdF9 8LpbCS5VgRfuA4o6OWu5rcSC8pSoEtNBrKYzeYwP+9cLhtxBC98cj33Xe8i1J9tn4y osUYBiFBQFFFHIuAYvuSoecPWRNmQXVoBuBMxAbHTLWwUTGEf85wc/zZJQDOb8MtHx r6H+a2rf/mafMa0yS8p9Or7urx4Jb34QU0oQ9qtUXtU4Wn3+sAmQqkMlMZp8pTRmKd EcgqPQufZhFgw==
To: dnsop@ietf.org
References: <ED068CDB-A808-457D-8A99-A834B4E5FA19@icann.org> <8327f72a-295a-44f4-4f50-84485f47df4a@NLnetLabs.nl>
From: Benno Overeinder <benno@NLnetLabs.nl>
Message-ID: <c600b1e4-c5eb-c044-55e5-ab10d224b42e@NLnetLabs.nl>
Date: Wed, 23 Dec 2020 15:03:34 +0100
MIME-Version: 1.0
In-Reply-To: <8327f72a-295a-44f4-4f50-84485f47df4a@NLnetLabs.nl>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/btcRs1sEBmge5pgVtUxhxGKAOVE>
Subject: Re: [DNSOP] Implementation status for ZONEMD?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2020 14:03:43 -0000

Hi,

On 22/12/2020 01:07, Benno Overeinder wrote:
> Hi Paul,
> 
> On 18/12/2020 22:57, Paul Hoffman wrote:
>> Greetings. Now that ZONEMD is waiting in the RFC Editor's queue, I was 
>> wondering how the developers are coming with implementation. The 
>> protocol is ripe for two-party testing.
> 
> <NLnet Labs hat on>
> 
> We have implemented ZONEMD (verification and DNSSEC validation) in 
> Unbound, ready to be merged into the main branch and released early next 
> year.

Forgot to mention that we tested this with the implementation by Duane 
Wessels, as mentioned in the draft Appendix B.1.  Note that this 
implementation differs from the implementation that Willem mentioned in 
his email to the mailing list.

Cheers,

-- Benno

-- 
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/

v2.23.0 | Report a Bug | By Email