IETF Logo Mail Archive

Re: [dnsext] downcasing of names in IPSECKEY and HIP?

Mark Andrews <marka@isc.org> Thu, 23 February 2012 11:19 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A0421F8549; Thu, 23 Feb 2012 03:19:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1329995953; bh=PibsQ78uZizlls/4IiG5JLmnpjSHrqQplgk1WFqHE7M=; h=To:From:References:In-reply-to:Date:Message-Id:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: MIME-Version:Content-Type:Content-Transfer-Encoding:Sender; b=dh2mh0AXIZnV0VHArEmc5fRym1oqrbHSIzAluLildCpuyl8xI7qnqPvog7MynGiQp vv6pQehSj9JuXMfOQC23sd1HrXyABst9DJ9ao+vI2GXAToXFYkca7Oip/UcIpBMun3 UDEcK1tGF1382g4vsxlOJygwb7wZSTDGyuU60gZE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70DA21F8532 for <dnsext@ietfa.amsl.com>; Thu, 23 Feb 2012 03:19:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.541
X-Spam-Level:
X-Spam-Status: No, score=-2.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zERv6EpjM39v for <dnsext@ietfa.amsl.com>; Thu, 23 Feb 2012 03:19:11 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id E1E1B21F8528 for <dnsext@ietf.org>; Thu, 23 Feb 2012 03:19:10 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS id 80EDCC9427; Thu, 23 Feb 2012 11:18:56 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:40e7:ce67:65b9:bb72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 23431216C31; Thu, 23 Feb 2012 11:18:56 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id DFDA81DC1B7B; Thu, 23 Feb 2012 22:18:47 +1100 (EST)
To: Peter van Dijk <peter.van.dijk@netherlabs.nl>
From: Mark Andrews <marka@isc.org>
References: <7D06DD86-7FF8-467E-B320-32B525C72B9C@netherlabs.nl>
In-reply-to: Your message of "Thu, 23 Feb 2012 11:39:01 BST." <7D06DD86-7FF8-467E-B320-32B525C72B9C@netherlabs.nl>
Date: Thu, 23 Feb 2012 22:18:47 +1100
Message-Id: <20120223111847.DFDA81DC1B7B@drugs.dv.isc.org>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] downcasing of names in IPSECKEY and HIP?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

In message <7D06DD86-7FF8-467E-B320-32B525C72B9C@netherlabs.nl>, Peter van Dijk
 writes:
> Dear colleagues,
> 
> working from dnssec-bis-updates-16 section 5.1, and 6.2 of 4034, I gather tha
> t the rule for downcasing names in RDATA is not simply "downcase everything t
> hat is a name", but that the RRtypes listed have been selected for a reason. 

To make those types work as the rdata can be compressed and there is no
requirement for the compression to preserve case.

> I am also under the impression that new RRtypes are excluded from the downcas
> ing rules.
> 
> Now, types like IPSECKEY and HIP have appeared during , and their RFCs do not
> explicitly state whether the names appearing in their RDATA should be lowerc
> ased in their canonical form for DNSSEC. 
> 
> My questions:
> - is the exclusion of newer types from these rules intentional? (I could thin
> k of a few reasons)
> - shouldn't we expect RFCs/drafts for new RRtypes to be explicit about downca
> sing and perhaps other aspects of canonicalisation?

No.  We have rules for how to validate data that you don't know the
internal structure of.  All new RR 's need to be compatible with
those rules.  That is the *entire* system needs to preserve case
of domain names in all new records.  If compression is used it MUST
be done in a case preserving manner.  It would also require signaling
that the client understands the internal structure of the record.
This could be done with EDNS.

> My apologies if answers to these questions are in the archives; I did a curso
> ry search but did not find anything.

The answers are in the RFCs.  http://www.ietf.org/rfc/rfc3597.txt
 
The discussion about downcasing was triggered because the new rules were not
followed and as they were DNSSEC records it wasn't noticed.

> Kind regards,
> Peter van Dijk
> 
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email