[dnsext] SIG inception/expiration
Miek Gieben <miek@miek.nl> Mon, 02 January 2012 10:46 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C66D21F8EFA; Mon, 2 Jan 2012 02:46:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1325501184; bh=DktJW6sARDUY/ASh8AZlNfI4l0KiL1teLCPnyjRb2F8=; h=Date:From:To:Message-ID:MIME-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Sender; b=uW3jKsfT4EvtORIhQvGgjKU/wH8Nxd0r+at/8ZMR8xc9ehkaF9xTwH4IqvSVZqeW0 dHK76bYYU3EldQXQ3LmbU+BpFZzrut6BhuUUk2Ms7qL3l2jcBxvEGbEeS6Iaw4sWMr qOAD8hJ75pF9S61UCVDKXvZ2Crp2e45kDihIkSjM=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D2A921F8EFA for <dnsext@ietfa.amsl.com>; Mon, 2 Jan 2012 02:46:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.186
X-Spam-Level:
X-Spam-Status: No, score=-0.186 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghkN5AROYIJE for <dnsext@ietfa.amsl.com>; Mon, 2 Jan 2012 02:46:22 -0800 (PST)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1AE21F8D54 for <dnsext@ietf.org>; Mon, 2 Jan 2012 02:46:21 -0800 (PST)
Received: by elektron.atoom.net (Postfix, from userid 1000) id B8EEB3FF5D; Mon, 2 Jan 2012 11:46:13 +0100 (CET)
Date: Mon, 02 Jan 2012 11:46:13 +0100
From: Miek Gieben <miek@miek.nl>
To: dnsext list <dnsext@ietf.org>
Message-ID: <20120102104613.GB12764@miek.nl>
Mail-Followup-To: dnsext list <dnsext@ietf.org>
MIME-Version: 1.0
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: [dnsext] SIG inception/expiration
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0702713019436455844=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Hello list, A recent dnssec-deployment discussion led to the question on why the expiration/inception time in the RRSIG are in the "wrong" order. I did some digging in the archives and the closest I found was this: In the drafts leading up to RFC 2065, the SIG RDATA is defined: http://tools.ietf.org/html/draft-ietf-dnssec-secext-00#section-5.1 In there it is: "time signed", "signature expiration" And then in -02 (there is no -01) http://tools.ietf.org/html/draft-ietf-dnssec-secext-02#section-4.1 It is: "signature expiration", "time signed". Where is stays up to RFC 2065. In RFC 2535 "time signed" is renamed to "signature inception", but the ordering isn't changed. So it's "signature expiration", "signature inception". Does anybody know (remember?) why the switch was made during draft-ietf-dnssec-secext-00 and -02? grtz, -- Miek
_______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] SIG inception/expiration Miek Gieben
- Re: [dnsext] SIG inception/expiration Mark Andrews
- Re: [dnsext] SIG inception/expiration Miek Gieben
- Re: [dnsext] SIG inception/expiration bmanning
- Re: [dnsext] SIG inception/expiration Edward Lewis
- Re: [dnsext] SIG inception/expiration Donald Eastlake
- Re: [dnsext] SIG inception/expiration John Dickinson
- Re: [dnsext] SIG inception/expiration Olafur Gudmundsson
- Re: [dnsext] SIG inception/expiration bmanning
- Re: [dnsext] SIG inception/expiration Mark Andrews
- Re: [dnsext] SIG inception/expiration Miek Gieben