WG LC results summary: draft-ietf-dnsext-ds-sha256-03.txt
Wes Hardaker <hardaker@tislabs.com> Fri, 13 January 2006 15:58 UTC
From: Wes Hardaker <hardaker@tislabs.com>
Subject: WG LC results summary: draft-ietf-dnsext-ds-sha256-03.txt
Date: Fri, 13 Jan 2006 07:58:50 -0800
Organization: Sparta
Lines: 56
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-From: owner-namedroppers@ops.ietf.org Fri Jan 13 17:14:33 2006
Return-path: <owner-namedroppers@ops.ietf.org>
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.0
To: DNSEXT WG <namedroppers@ops.ietf.org>
User-Agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4 (Jumbo Shrimp, linux)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Message-ID:
Message-ID: <20140418072125.2560.20310.ARCHIVE@ietfa.amsl.com>
At the end of the WG last call for draft-ietf-dnsext-ds-sha256-03.txt I determined the following issues needed to be fixed based on comments submitted to the WG and have made changes accordingly: 1) draft-eastlake-sha2 should be referenced information-ally. action: informational reference added. Note that the suggestion was made by eastlake, I didn't disagree and there were no other opinions submitted. 2) The implementation requirements stating that implementations had to be configurable with respect to preferring one algorithm over another was disagreed over. At best, it doesn't meet consensus. At worst, it's disliked. Unfortunately two conversations have taken place with different results (one before last call, and one after) and the upshot is that at least consensus wasn't reached so the words have been removed and replaced with a single SHOULD that specifies SHA-256 DS records SHOULD be preferred by validates over SHA-1 DS records. 3) Security wording was added to the security section to reference how downgrade attacks can happen without preference of SHA-256 over SHA-1 (it was stated more generically). 4) minor typos and grammatical fixes. A complete comparison of changes from -02 to -03 can be found at: http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-ds-sha256/draft-ietf-dnsext-ds-sha256-03-from-02.diff.html There are no outstanding issues left with the document that have been brought to my attention (aside from what's mentioned below) and the document is ready to be given to the ADs for IETF last call. ---------- mail since the WG last call was closed officially was received from David Blacka preferring the wording "The DS record with the SHA-256 digest fails to match the digest computed using the child zone's DNSKEY." over "The DS record with the SHA-256 digest fails to match the signature computed using the child zone's DNSKEY". Technically this is beyond last call, but I've changed it in my local copy since we have IETF last call to go through anyway. I'd be happy to a) publish a -04 if the chairs wish; b) remove it until it's re-brought up in ietf last call; c) leave it in my local copy. I'll do c by default unless told otherwise by the chairs. -- Wes Hardaker Sparta, Inc. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- WG LC results summary: draft-ietf-dnsext-ds-sha25… Wes Hardaker
- Re: WG LC results summary: draft-ietf-dnsext-ds-s… Ólafur Guðmundsson /DNSEXT co-chair
- Re: WG LC results summary: draft-ietf-dnsext-ds-s… Wes Hardaker