IETF Logo Mail Archive

[DNSOP] [Errata Rejected] RFC8624 (6227)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 02 June 2025 05:22 UTC

Return-Path: <wwwrun@rfcpa.rfc-editor.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from rfcpa.rfc-editor.org (unknown [167.172.21.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8A77E2F8B3FB; Sun, 1 Jun 2025 22:22:15 -0700 (PDT)
Received: by rfcpa.rfc-editor.org (Postfix, from userid 461) id 5592227BA35; Sun, 1 Jun 2025 22:22:15 -0700 (PDT)
To: mats.dufberg@internetstiftelsen.se, pwouters@redhat.com, ondrej@isc.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20250602052215.5592227BA35@rfcpa.rfc-editor.org>
Date: Sun, 01 Jun 2025 22:22:15 -0700
Message-ID-Hash: 5WPQ3T2IMEPRY7KZ32LODNXG4SBUCYD4
X-Message-ID-Hash: 5WPQ3T2IMEPRY7KZ32LODNXG4SBUCYD4
X-MailFrom: wwwrun@rfcpa.rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: mohamed.boucadair@orange.com, iesg@ietf.org, dnsop@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] [Errata Rejected] RFC8624 (6227)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kg3pJb_rIHjyL_dxN5h8KMmIMBg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

The following errata report has been rejected for RFC8624,
"Algorithm Implementation Requirements and Usage Guidance for DNSSEC".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6227

--------------------------------------
Status: Rejected
Type: Technical

Reported by: Mats Dufberg <mats.dufberg@internetstiftelsen.se>
Date Reported: 2020-07-10
Rejected by: Mohamed Boucadair (IESG)

Section: 6

Original Text
-------------
   This document has no IANA actions.


Corrected Text
--------------
   This document updates the IANA registry "Delegation Signer (DS) Resource 
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   +--------+-----------------+-------------------+-------------------+

   [*] - This is a special type of CDS record signaling removal of DS at
         the parent in [RFC8078].


   This document updates the IANA registry "DNS Security Algorithm Numbers". 
   The registry has been updated by the following table from section 3.1:

   +--------+--------------------+-----------------+-------------------+
   | Number | Mnemonics          | DNSSEC Signing  | DNSSEC Validation |
   +--------+--------------------+-----------------+-------------------+
   | 1      | RSAMD5             | MUST NOT        | MUST NOT          |
   | 3      | DSA                | MUST NOT        | MUST NOT          |
   | 5      | RSASHA1            | NOT RECOMMENDED | MUST              |
   | 6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT          |
   | 7      | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | MUST              |
   | 8      | RSASHA256          | MUST            | MUST              |
   | 10     | RSASHA512          | NOT RECOMMENDED | MUST              |
   | 12     | ECC-GOST           | MUST NOT        | MAY               |
   | 13     | ECDSAP256SHA256    | MUST            | MUST              |
   | 14     | ECDSAP384SHA384    | MAY             | RECOMMENDED       |
   | 15     | ED25519            | RECOMMENDED     | RECOMMENDED       |
   | 16     | ED448              | MAY             | RECOMMENDED       |
   +--------+--------------------+-----------------+-------------------+



Notes
-----
The document clearly has the intention to update the IANA registers, which is also stated in the document, but not in section 6 ("IANA Considerations").
 --VERIFIER NOTES-- 
This document does not have the intention indicated in the erratum. Please see
* https://mailarchive.ietf.org/arch/msg/dnsop/KXEI6RgnkN-S4uKL8DvhwGEsYrI/
* https://mailarchive.ietf.org/arch/msg/dnsop/GdpzvW7nqQ20BkKAchg74Wm398M/

FWIW, an update of RFC8624 is being finalized (draft-ietf-dnsop-rfc8624-bis) with a set of IANA actions to reflect the changes made in the bis itself, not the original RFC8624. 

--------------------------------------
RFC8624 (draft-ietf-dnsop-algorithm-update-10)
--------------------------------------
Title               : Algorithm Implementation Requirements and Usage Guidance for DNSSEC
Publication Date    : June 2019
Author(s)           : P. Wouters, O. Sury
Category            : PROPOSED STANDARD
Source              : Domain Name System Operations
Stream              : IETF
Verifying Party     : IESG

v2.43.4 | Report a Bug | By Email | System Status