Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
Scott Rose <scottr.nist@gmail.com> Mon, 12 March 2012 13:08 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFF321F879A; Mon, 12 Mar 2012 06:08:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331557698; bh=Nq5+ceyNSb64MqhA3JRHsBhHR8wREqeUcOjy+sibVgo=; h=Mime-Version:From:In-Reply-To:Date:Message-Id:References:To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=OnNbiqOO+8/GqOw47LwL3jfTyVy5mpmLO4acl5NmY8vNjHUwFf07WNAt61qQbJyJ8 Ej1mB3uQkqTVGKR6BIW8fO5kE1/Ak3DG209E9DKb+ugW+Wk8ixNi6xVVjaEbwncBhc vlbQp2jJWJnZkIWDlVt/2oBUuwsEReVIT38QcIZ4=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CDC21F879A for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 06:08:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGg1tQ5TYsy1 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 06:08:16 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by ietfa.amsl.com (Postfix) with ESMTP id 52E0B21F8779 for <dnsext@ietf.org>; Mon, 12 Mar 2012 06:08:16 -0700 (PDT)
Received: from 107-140.antd.nist.gov (107-140.antd.nist.gov [129.6.140.107]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id q2CD86ox019174; Mon, 12 Mar 2012 09:08:07 -0400
Mime-Version: 1.0 (Apple Message framework v1084)
From: Scott Rose <scottr.nist@gmail.com>
In-Reply-To: <20120309090748.GA20102@miek.nl>
Date: Mon, 12 Mar 2012 09:08:06 -0400
Message-Id: <3B318BC7-749C-4885-A6B9-8BE91479D0F9@gmail.com>
References: <20120306162935.4172.91398.idtracker@ietfa.amsl.com> <20120309090748.GA20102@miek.nl>
To: Miek Gieben <miek@miek.nl>
X-Mailer: Apple Mail (2.1084)
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: scottr.nist@gmail.com
Cc: dnsext@ietf.org
Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
On Mar 9, 2012, at 4:07 AM, Miek Gieben wrote: > I read a comment in the draft that this option list can get very long, which > indeed is true. > > How about the following scheme: > > A resolver indicates the highest algorithm number it understands and thus *also* > all *previous* algorithms. This way the whole option can be shortened to 4 > bytes: > > 0: OPTION-CODE > 1: DAU byte value > 2: DHU byte value > 3: N3U byte value > > And maybe this option can be renamed to Crypto Understood. > That was the layout of the previous versions, but without the NSEC3 hash understood (only added it this version). The problem was that it violated the basic format for EDNS options (Code, Length, Data). It could be: 0: OPTION-CODE 1: DATA LENGTH 2: DAU byte length 3: DHU byte length 4: N3U byte length One reason we made it three unique options was so clients could mix and match if they wanted. Especially since there is only one NSEC3 hash algorithm code assigned for now. Scott > A drawback is that a number of current specified features aren't available > with this scheme. > > Regards, > Miek Gieben > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Warren Kumari
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Patrik Fältström
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- [dnsext] FW: I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Mark Andrews
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] FW: I-D Action: draft-ietf-dnsext-dn… Scott Rose