[DNSOP] [Technical Errata Reported] RFC6781 (5273)

RFC Errata System <rfc-editor@rfc-editor.org> Sat, 03 March 2018 14:03 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23272127873 for <dnsop@ietfa.amsl.com>; Sat, 3 Mar 2018 06:03:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ax3xKx7AttYB for <dnsop@ietfa.amsl.com>; Sat, 3 Mar 2018 06:03:48 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB228120721 for <dnsop@ietf.org>; Sat, 3 Mar 2018 06:03:48 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 59022B80C97; Sat, 3 Mar 2018 06:03:35 -0800 (PST)
To: olaf@nlnetlabs.nl, matthijs@nlnetlabs.nl, miek.gieben@sidn.nl, bclaise@cisco.com, warren@kumari.net, suzworldwide@gmail.com, tjw.ietf@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: rfceditor@centroid.eu, dnsop@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20180303140335.59022B80C97@rfc-editor.org>
Date: Sat, 3 Mar 2018 06:03:35 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uQtol0dWB6Fp731jewWk2NBp2Tc>
Subject: [DNSOP] [Technical Errata Reported] RFC6781 (5273)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Mar 2018 14:03:50 -0000

The following errata report has been submitted for RFC6781,
"DNSSEC Operational Practices, Version 2".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5273

--------------------------------------
Type: Technical
Reported by: Peter J. Philipp <rfceditor@centroid.eu>

Section: 4.1.4

Original Text
-------------
Figure 8 on page 30.

Corrected Text
--------------
The figure should have the second ZSK DNSKEY, called DNSKEY_Z_10 under 
DNSKEY removal because SOA_3 is doubly signed.

or

The figure should not have the second RRSIG for SOA_3 that is derived 
from DNSKEY_Z_10.

because:  I just don't think you can sign a zone without the 
corresponding ZSK's.


Notes
-----
It looks wrong to me.  A small technicality.  I'll let the authors decide if it's really wrong.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC6781 (draft-ietf-dnsop-rfc4641bis-13)
--------------------------------------
Title               : DNSSEC Operational Practices, Version 2
Publication Date    : December 2012
Author(s)           : O. Kolkman, W. Mekking, R. Gieben
Category            : INFORMATIONAL
Source              : Domain Name System Operations
Area                : Operations and Management
Stream              : IETF
Verifying Party     : IESG