Re: [keyassure] Opening issue #21: "Need to specify which crypto algorithms and certificate types are mandatory to implement"

"George Barwood" <george.barwood@blueyonder.co.uk> Sat, 05 March 2011 16:25 UTC

Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC6813A6A96 for <keyassure@core3.amsl.com>; Sat, 5 Mar 2011 08:25:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.728
X-Spam-Level:
X-Spam-Status: No, score=0.728 tagged_above=-999 required=5 tests=[AWL=0.133, BAYES_00=-2.599, HELO_EQ_BLUEYON=1.4, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dq3vKM3AwvNR for <keyassure@core3.amsl.com>; Sat, 5 Mar 2011 08:25:38 -0800 (PST)
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by core3.amsl.com (Postfix) with ESMTP id 2CEBA3A6A95 for <keyassure@ietf.org>; Sat, 5 Mar 2011 08:25:37 -0800 (PST)
Received: from [172.23.170.147] (helo=anti-virus03-10) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1PvuJb-00062t-Bs; Sat, 05 Mar 2011 16:26:47 +0000
Received: from [92.238.99.235] (helo=GeorgeLaptop) by asmtp-out1.blueyonder.co.uk with smtp (Exim 4.72) (envelope-from <george.barwood@blueyonder.co.uk>) id 1PvuJL-0007Tr-Kx; Sat, 05 Mar 2011 16:26:31 +0000
Message-ID: <372FD3F6803A48078FF57645312B755D@local>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: Paul Hoffman <paul.hoffman@vpnc.org>, keyassure@ietf.org
References: <9933A160-3DAF-42FA-B5FA-DDF185FA5C63@kumari.net> <7CDBED48-C800-4169-AF59-72075BA7EC2E@kumari.net> <AANLkTi=nKOHDajvY5Sd48p9kSbk5DUaLPFU_OE8f7Mck@mail.gmail.com><8A18EE8A-EA0B-4AB5-A222-5D572458E9F1@kirei.se> <4D725DF4.5000806@vpnc.org>
Date: Sat, 05 Mar 2011 16:26:29 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto algorithms and certificate types are mandatory to implement"
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Mar 2011 16:25:39 -0000

----- Original Message ----- 
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: <keyassure@ietf.org>
Sent: Saturday, March 05, 2011 3:59 PM
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto algorithms and certificate types are mandatory to implement"


> It is not correct in that DNSSEC only defines hashes as part of 
> signature algorithms, not separately. 

Not quite, there are actually three contexts where DNSSEC defines hashes.

Signature algorithms, where RSASHA256 and RSASHA512 are the most modern.

The DigestType for a DS record, where SHA1 and SHA256 are the ones defined.

And finally the NSEC3 hash function, where only SHA1 is defined.

George