[dnsext] RRSIG signer name down-casing
"George Barwood" <george.barwood@blueyonder.co.uk> Tue, 21 June 2011 07:57 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B4411E81E9; Tue, 21 Jun 2011 00:57:55 -0700 (PDT)
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4D2811E80F0 for <dnsext@ietfa.amsl.com>; Tue, 21 Jun 2011 00:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.754
X-Spam-Level: *
X-Spam-Status: No, score=1.754 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKgtupVBqynk for <dnsext@ietfa.amsl.com>; Tue, 21 Jun 2011 00:57:53 -0700 (PDT)
Received: from mtaout02-winn.ispmail.ntl.com (mtaout02-winn.ispmail.ntl.com [81.103.221.48]) by ietfa.amsl.com (Postfix) with ESMTP id F397A11E80BD for <dnsext@ietf.org>; Tue, 21 Jun 2011 00:57:52 -0700 (PDT)
Received: from know-smtpout-4.server.virginmedia.net ([62.254.123.2]) by mtaout02-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20110621075744.PGZL16165.mtaout02-winn.ispmail.ntl.com@know-smtpout-4.server.virginmedia.net> for <dnsext@ietf.org>; Tue, 21 Jun 2011 08:57:44 +0100
Received: from [82.46.65.24] (helo=GeorgeLaptop) by know-smtpout-4.server.virginmedia.net with smtp (Exim 4.63) (envelope-from <george.barwood@blueyonder.co.uk>) id 1QYvqC-00035s-Oa for dnsext@ietf.org; Tue, 21 Jun 2011 08:57:44 +0100
Message-ID: <396B6F93A3774482A4DFAFD458C56BA0@local>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: dnsext@ietf.org
Date: Tue, 21 Jun 2011 08:57:29 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109
X-Cloudmark-Analysis: v=1.1 cv=R50lirqlHffDPPkwUlkuVa99MrvKdVWo//yz83qex8g= c=1 sm=0 a=3NElcqgl2aoA:10 a=8nJEP1OIZ-IA:10 a=48vgC7mUAAAA:8 a=OZkxgivlXquplG-npk8A:9 a=wPNLvfGTeEIA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
Subject: [dnsext] RRSIG signer name down-casing
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
The DNSKEY RRset for the .us. TLD currently has an upper-case signer name for one of the signatures. dig dnskey us @a.cctld.us +dnssec .. us. 518400 IN RRSIG DNSKEY 5 1 518400 20110710100000 20110610090000 2058 US. Zr6NjHuwkNyFIDgixFmpLjEtDrbPSci0YLuRqMglU9ExpuHu42B7c/5 f h7eEe909Cm9kJblmCN3GVlF3AeNpWLd1320oukfJkLw8Zi+sh63TN47v uHBZyjvHf5KyAguvL/W7+ qoQIEcfVUzhAHh4yJPmyjgmaf1yfP+fKYTx 8PDzGWrubjkIItsBVJBvX0ul2Sgd+7nFwM/o5YWf089R Thc+eU9Deo/Z 7WmYgN7UW6dTPzz+Li/bsljSkCQk6JZAkkBlMQljtvvLfqDQv37xNulS hBglDeUiat Klp9mq1hsxNCvlOcAg8E6WRrySnTSfAWzdzk9o43unjHf4 sFotGg== It seems that the signer name has to be down-cased for this signature to verify. However this is contrary to http://tools.ietf.org/html/draft-ietf-dnsext-dnssec-bis-updates-12#section-5.1 When canonicalizing DNS names, DNS names in the RDATA section of NSEC and RRSIG resource records are not downcased. But existing validators don't fail, so it seems they do down-case. Hence I'm confused. Is dnssec-bis-updates "wrong"? George _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] RRSIG signer name down-casing George Barwood
- Re: [dnsext] RRSIG signer name down-casing Edward Lewis
- Re: [dnsext] RRSIG signer name down-casing Mark Andrews
- Re: [dnsext] RRSIG signer name down-casing Sean Wells
- Re: [dnsext] RRSIG signer name down-casing Edward Lewis
- Re: [dnsext] RRSIG signer name down-casing Brian Dickson
- Re: [dnsext] RRSIG signer name down-casing Sean Wells
- Re: [dnsext] RRSIG signer name down-casing Jaap Akkerhuis
- Re: [dnsext] RRSIG signer name down-casing Edward Lewis
- Re: [dnsext] RRSIG signer name down-casing Sean Wells