[DNSOP] [Technical Errata Reported] RFC6781 (5273)

RFC Errata System <rfc-editor@rfc-editor.org> Sat, 03 March 2018 14:03 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 23272127873 for <dnsop@ietfa.amsl.com>; Sat, 3 Mar 2018 06:03:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Ax3xKx7AttYB for <dnsop@ietfa.amsl.com>; Sat, 3 Mar 2018 06:03:48 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB228120721 for <dnsop@ietf.org>; Sat, 3 Mar 2018 06:03:48 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 59022B80C97; Sat, 3 Mar 2018 06:03:35 -0800 (PST)
To: olaf@nlnetlabs.nl, matthijs@nlnetlabs.nl, miek.gieben@sidn.nl, bclaise@cisco.com, warren@kumari.net, suzworldwide@gmail.com, tjw.ietf@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: rfceditor@centroid.eu, dnsop@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20180303140335.59022B80C97@rfc-editor.org>
Date: Sat, 3 Mar 2018 06:03:35 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uQtol0dWB6Fp731jewWk2NBp2Tc>
Subject: [DNSOP] [Technical Errata Reported] RFC6781 (5273)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Mar 2018 14:03:50 -0000

The following errata report has been submitted for RFC6781,
"DNSSEC Operational Practices, Version 2".

You may review the report below and at:

Type: Technical
Reported by: Peter J. Philipp <rfceditor@centroid.eu>

Section: 4.1.4

Original Text
Figure 8 on page 30.

Corrected Text
The figure should have the second ZSK DNSKEY, called DNSKEY_Z_10 under 
DNSKEY removal because SOA_3 is doubly signed.


The figure should not have the second RRSIG for SOA_3 that is derived 
from DNSKEY_Z_10.

because:  I just don't think you can sign a zone without the 
corresponding ZSK's.

It looks wrong to me.  A small technicality.  I'll let the authors decide if it's really wrong.

This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

RFC6781 (draft-ietf-dnsop-rfc4641bis-13)
Title               : DNSSEC Operational Practices, Version 2
Publication Date    : December 2012
Author(s)           : O. Kolkman, W. Mekking, R. Gieben
Category            : INFORMATIONAL
Source              : Domain Name System Operations
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG