Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
Jelte Jansen <jelte@NLnetLabs.nl> Tue, 29 July 2008 11:02 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 540873A6AB1; Tue, 29 Jul 2008 04:02:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.288
X-Spam-Level:
X-Spam-Status: No, score=-102.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_NET=0.311, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pABOyqVG+oD; Tue, 29 Jul 2008 04:02:57 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6D0573A6A39; Tue, 29 Jul 2008 04:02:57 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KNmuG-000BYm-1s for namedroppers-data@psg.com; Tue, 29 Jul 2008 10:58:16 +0000
Received: from [2001:7b8:206:1:7200:ff:fe00:28e3] (helo=sol.nlnetlabs.nl) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jelte@NLnetLabs.nl>) id 1KNmu9-000BXW-TP for namedroppers@ops.ietf.org; Tue, 29 Jul 2008 10:58:12 +0000
Received: from jelte (vhe-520087.sshn.net [195.169.221.157]) by sol.nlnetlabs.nl (Postfix) with ESMTP id 599DE13002C for <namedroppers@ops.ietf.org>; Tue, 29 Jul 2008 12:58:08 +0200 (CEST)
Received: from [192.168.8.11] (dragon [192.168.8.11]) by jelte (Postfix) with ESMTP id 24757CF982 for <namedroppers@ops.ietf.org>; Tue, 29 Jul 2008 12:58:08 +0200 (CEST)
Message-ID: <488EF7BF.8050709@NLnetLabs.nl>
Date: Tue, 29 Jul 2008 12:58:07 +0200
From: Jelte Jansen <jelte@NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: namedroppers@ops.ietf.org
Subject: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
References: <20080729104502.18E4E3A6A71@core3.amsl.com>
In-Reply-To: <20080729104502.18E4E3A6A71@core3.amsl.com>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the DNS Extensions Working Group of the IETF. > > > Title : Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC > Author(s) : J. Jansen > Filename : draft-ietf-dnsext-dnssec-rsasha256-05.txt > Pages : 9 > Date : 2008-07-29 > > This document describes how to produce RSA/SHA-256 and RSA/SHA-512 > DNSKEY and RRSIG resource records for use in the Domain Name System > Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsasha256-05.txt > As discussed here on namedroppers, I removed the section about how SHA1 signatures should be ignored, and only refer to RFC4035 section 2.2 as protection against downgrade attacks, which should be enough. I also removed the informational reference to NIST SP 800-57 part 3, which unfortunately has not been released in time. Instead I just made that reference to SP 800-57 in general. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIjve/4nZCKsdOncURAtpRAJ9iZXS3CPzlwRs9XVWJPqN0faKuXQCghBrU P+fl+MyP0ls++8/fqVO1gLk= =2Agf -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.… Internet-Drafts
- Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256… Jelte Jansen
- RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256… Scott Rose