IETF Logo Mail Archive

[dnsext] SIG inception/expiration

Miek Gieben <miek@miek.nl> Mon, 02 January 2012 10:46 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C66D21F8EFA; Mon, 2 Jan 2012 02:46:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1325501184; bh=DktJW6sARDUY/ASh8AZlNfI4l0KiL1teLCPnyjRb2F8=; h=Date:From:To:Message-ID:MIME-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Sender; b=uW3jKsfT4EvtORIhQvGgjKU/wH8Nxd0r+at/8ZMR8xc9ehkaF9xTwH4IqvSVZqeW0 dHK76bYYU3EldQXQ3LmbU+BpFZzrut6BhuUUk2Ms7qL3l2jcBxvEGbEeS6Iaw4sWMr qOAD8hJ75pF9S61UCVDKXvZ2Crp2e45kDihIkSjM=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D2A921F8EFA for <dnsext@ietfa.amsl.com>; Mon, 2 Jan 2012 02:46:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.186
X-Spam-Level:
X-Spam-Status: No, score=-0.186 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghkN5AROYIJE for <dnsext@ietfa.amsl.com>; Mon, 2 Jan 2012 02:46:22 -0800 (PST)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1AE21F8D54 for <dnsext@ietf.org>; Mon, 2 Jan 2012 02:46:21 -0800 (PST)
Received: by elektron.atoom.net (Postfix, from userid 1000) id B8EEB3FF5D; Mon, 2 Jan 2012 11:46:13 +0100 (CET)
Date: Mon, 02 Jan 2012 11:46:13 +0100
From: Miek Gieben <miek@miek.nl>
To: dnsext list <dnsext@ietf.org>
Message-ID: <20120102104613.GB12764@miek.nl>
Mail-Followup-To: dnsext list <dnsext@ietf.org>
MIME-Version: 1.0
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: [dnsext] SIG inception/expiration
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0702713019436455844=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

Hello list,

A recent dnssec-deployment discussion led to the question on why the
expiration/inception time in the RRSIG are in the "wrong" order.

I did some digging in the archives and the closest I found was this:

In the drafts leading up to RFC 2065, the SIG RDATA is defined:
http://tools.ietf.org/html/draft-ietf-dnssec-secext-00#section-5.1

In there it is: "time signed", "signature expiration"

And then in -02 (there is no -01)
http://tools.ietf.org/html/draft-ietf-dnssec-secext-02#section-4.1

It is: "signature expiration", "time signed". Where is stays up to RFC 2065.

In RFC 2535 "time signed" is renamed to "signature inception", but the
ordering isn't changed. So it's "signature expiration", "signature inception".

Does anybody know (remember?) why the switch was made during 
draft-ietf-dnssec-secext-00 and -02?

 grtz,

-- 
    Miek

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email