Re: [dnsext] An 5155 inconvenience
Matthijs Mekking <matthijs@nlnetlabs.nl> Fri, 20 January 2012 15:27 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D306221F8510; Fri, 20 Jan 2012 07:27:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1327073231; bh=Bnj8uEFDDxDg3+avMlPM+Td63fNo/1IH9pTSeQ+OS+I=; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=JIR6/zUaRFOEI4d/DNRGAD7kSqpXem/nx2ToPKNE6wKDd+xTNETOiAJGiOgT3VArF dlcfvA1x+E9HruyIW7eIa5YTeHQm0NoNBLQ35WfhseNxnvQoV6/ETR/cATwjGIAzsb k6f2HyzmJvd5H69XDCgc+NLRR+mB4aLGXiYg9tp4=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 280B021F850D for <dnsext@ietfa.amsl.com>; Fri, 20 Jan 2012 07:27:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.539
X-Spam-Level:
X-Spam-Status: No, score=-102.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqPRL37IxQCq for <dnsext@ietfa.amsl.com>; Fri, 20 Jan 2012 07:27:10 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2777B21F84FC for <dnsext@ietf.org>; Fri, 20 Jan 2012 07:27:09 -0800 (PST)
Received: from [192.168.178.27] (a83-160-139-153.adsl.xs4all.nl [83.160.139.153]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.4) with ESMTP id q0KFR6FL036889 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 20 Jan 2012 16:27:07 +0100 (CET) (envelope-from matthijs@nlnetlabs.nl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1327073228; bh=Gb7g+ZUhloDo8tj1gX/97Na5NcJ5EACgALD8dzGqFAs=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=qpys3y0e91bvlZsTqTYeo9a9VZk5ldk8yLwejWE3zygNRnuFBHkGHZ35j18vXbsqs fqz9ilpVNbo+CYg9a1PQjXqnfDlprxKtozBk11Dilm9IZZvxJPQSr+fosH1Do3Pd9X FDVg7ITjg/b4sfICTJDRDkb3WtkP6StOMe5kwQaI=
Message-ID: <4F1987CB.9060502@nlnetlabs.nl>
Date: Fri, 20 Jan 2012 16:27:07 +0100
From: Matthijs Mekking <matthijs@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111109 Thunderbird/3.1.16
MIME-Version: 1.0
To: Edward Lewis <Ed.Lewis@neustar.biz>
References: <4F197760.5030809@nlnetlabs.nl> <a06240801cb3f29fb11dc@[192.168.129.98]>
In-Reply-To: <a06240801cb3f29fb11dc@[192.168.129.98]>
X-Enigmail-Version: 1.1.2
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (open.nlnetlabs.nl [213.154.224.1]); Fri, 20 Jan 2012 16:27:07 +0100 (CET)
Cc: dnsext list <dnsext@ietf.org>
Subject: Re: [dnsext] An 5155 inconvenience
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If bit 0-6 must be zero, what's the point of having them available for assignment? Best regards, Matthijs On 01/20/2012 03:30 PM, Edward Lewis wrote: > My reading of this is - if a validator is built with RFC 5155 in mind > and it sees an NSEC3 RR with a flag field "other than 0 or 1" the record > has been created by a signer that conforms to a more modern > specification, say, RFC 17234. (Or the signer is buggy, etc.) As such, > the validator is not equipped to deal with the situation and should > complain somehow instead of proceeding. > > At 15:17 +0100 1/20/12, Matthijs Mekking wrote: > Hi, > > Section 8.2 of RFC 5155 states that a validator MUST ignore NSEC3 RRs > with a Flag fields value other than zero or one. But in the IANA > Considerations section, bits 0-6 are available for assignment. > > Could it be that Section 8.2 actually says that a validator MUST ignore > bit 0-6 of the NSEC3 Flags field? Do you think this clarification is > suitable for an errata or as text in dnssec-bis-updates? > > Best regards, > Matthijs _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGYfKAAoJEA8yVCPsQCW5XzAH/A6SoczYxU1FCMynyQSZPzvT 6nXtA89SYsB1dmEB3QRfVONmhXaRI2Ahzcvc5oqUtiMOXuFCC5Dqtu5TadKsU/+m tJv6qeUrzeqBBAjl3MmRno8wPfoCbSoQHc+H9jTCOIlDrGPaauiBVowg4zjES9eK TecyfsSrSfzmGseodp/PAXZf6fJgvFFeDRusdA8gL20P0TUzsyMB+AbvBTdfs3xk ZkMJx0xWm96rSSVtvx/CwMD4cjyQyMh/2gjHwKQZRbFiyetEgcJf2D+70TmEaPGp Y+eZ3p9CkbHB422sAk94zkhjffq/DyFjc5IiNuKlDApGuMwbW+c6jtrVGjCvbsk= =yHM2 -----END PGP SIGNATURE----- _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] An 5155 inconvenience Matthijs Mekking
- Re: [dnsext] An 5155 inconvenience Edward Lewis
- Re: [dnsext] An 5155 inconvenience Matthijs Mekking
- Re: [dnsext] An 5155 inconvenience Edward Lewis
- Re: [dnsext] An 5155 inconvenience Ben Laurie