Re: [IPsec] Comments to the draft-ietf-ipsecme-split-dns-04.txt
Paul Wouters <paul@nohats.ca> Tue, 06 February 2018 16:21 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76CBF12D84B for <ipsec@ietfa.amsl.com>; Tue, 6 Feb 2018 08:21:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFAw0mO95HUZ for <ipsec@ietfa.amsl.com>; Tue, 6 Feb 2018 08:21:30 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45C7127078 for <ipsec@ietf.org>; Tue, 6 Feb 2018 08:21:29 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3zbV872wtrz1cV; Tue, 6 Feb 2018 17:21:27 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1517934087; bh=Emd8ZsBfTvSjf5E/M/u4E9CqQvKLDcsDFCDwyDPYuYk=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=kj9zmmU8O9HPKqOxQ7u9OyH4JBYCrRRNmJqxjJk24P6AJtTQ5Q829KpeMMwdDJM7b xWW1HwA1CwoDvn2I+biUCAPJ/F4MqIPz1g9BH0JXdaNNOAnjK+/7cwMlyYfjLJnOZS zlKO9q1pQ/Z8NxE+d+Tz1+TGJjvRKQnRZquG3jsE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id l29BNPSk2F8b; Tue, 6 Feb 2018 17:21:21 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 6 Feb 2018 17:21:20 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 23EF630B3F6; Tue, 6 Feb 2018 11:21:19 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 23EF630B3F6
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 179BA4505806; Tue, 6 Feb 2018 11:21:19 -0500 (EST)
Date: Tue, 06 Feb 2018 11:21:19 -0500
From: Paul Wouters <paul@nohats.ca>
To: Tero Kivinen <kivinen@iki.fi>, Tommy Pauly <tpauly@apple.com>
cc: "ipsec@ietf.org WG" <ipsec@ietf.org>
In-Reply-To: <23161.44491.871182.608585@fireball.acr.fi>
Message-ID: <alpine.LRH.2.21.1802061040590.28057@bofh.nohats.ca>
References: <23161.44491.871182.608585@fireball.acr.fi>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/CE_36P1CGVxkqm9AMDqZqnkQrVU>
Subject: Re: [IPsec] Comments to the draft-ietf-ipsecme-split-dns-04.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 16:21:32 -0000
On Tue, 6 Feb 2018, Tero Kivinen wrote: > While approving the IANA allocations I re-read the document again, and > I have some more comments that might make the document more > understandable. Thanks! > In section 4.1 there is example of example.com, but it would be better > to put quotes around it it Fixed in -05 > In section 4.2 there is "Digest Type" in the figure, but the > list has only item for "DS algorithm". Make those same. Fixed. > It is bit misleading to say that "Key Tag", "Algorithm", "DS algoritm" > etc can either be 0 or 2/1/1 etc octets long. How does the receiver > know what is going to be the length of the "Key Tag" value for > example? It was actually a mistake (partially induced by my memory of rfc-8078 work and its errata). Those fields are all fixed length. Only the digest itself is variable length, and as per 8078 errata, the shortest representation would be "00", so two octets. > I assume the intent has been to say that either all the fields are > there with fixed lengths, or they are all omitted, meaning the length > is 0 for all of them. That was not at all the intent :) I've submitted -05. My only question now is what to do with the length field of both records. It now says "2 octects, unsigned integer" but perhaps it should say "2 octets in network order" ? https://tools.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-split-dns-05.txt Paul
- [IPsec] Comments to the draft-ietf-ipsecme-split-… Tero Kivinen
- Re: [IPsec] Comments to the draft-ietf-ipsecme-sp… Paul Wouters
- Re: [IPsec] Comments to the draft-ietf-ipsecme-sp… Tero Kivinen
- Re: [IPsec] Comments to the draft-ietf-ipsecme-sp… Paul Wouters
- Re: [IPsec] Comments to the draft-ietf-ipsecme-sp… Paul Wouters