Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-00.txt
Samuel Weiler <weiler@watson.org> Wed, 01 February 2012 14:42 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E6411E832D; Wed, 1 Feb 2012 06:42:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1328107370; bh=101eOZ/7TC5jL8ukeNrq5vt1eF6B9WFxi9hXO25BVxc=; h=Date:From:To:In-Reply-To:Message-ID:References:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Transfer-Encoding:Content-Type:Sender; b=RyHKx/yE050BOC2CPJSyp6oib2DQ9oBkDDZ9phLgjQIR84rjjlu1zTuVQ5zBFexTZ fC0EnMYnKTlqh3d4t5tI6URNOU7YT0nytV3egNYOOqw8g8HlzRVkhkaVGC9Y56Dvhp hy2tHY2KXglLUhELB8w226jQPk5tBWkv2Yo8uZiA=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3434B11E8393 for <dnsext@ietfa.amsl.com>; Wed, 1 Feb 2012 06:42:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eW-4SnSfB3C8 for <dnsext@ietfa.amsl.com>; Wed, 1 Feb 2012 06:42:46 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id D916E21F8885 for <dnsext@ietf.org>; Wed, 1 Feb 2012 06:42:18 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id q11EgH2R071567; Wed, 1 Feb 2012 09:42:17 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id q11EgG6Z071560; Wed, 1 Feb 2012 09:42:16 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Wed, 01 Feb 2012 09:42:16 -0500
From: Samuel Weiler <weiler@watson.org>
To: Edward Lewis <Ed.Lewis@neustar.biz>
In-Reply-To: <a06240800cb4dd91377e8@[10.31.203.221]>
Message-ID: <alpine.BSF.2.00.1202010936530.31256@fledge.watson.org>
References: <20120130180338.27331.28809.idtracker@ietfa.amsl.com> <a06240801cb4cadc7fcdb@[10.31.203.221]> <F12080F4-D231-46A3-8908-5C2F977CE740@vpnc.org> <a06240800cb4dd91377e8@[10.31.203.221]>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Wed, 01 Feb 2012 09:42:17 -0500 (EST)
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
On Tue, 31 Jan 2012, Edward Lewis wrote: > Not really. We only needed an NSEC3-ized RSA/SHA-1 to deal with backward > compatibility issues at the time. From here out, any "new" DNSSEC > "algorithm" will be defined for NSEC3 and NSEC. > > And - for RSASHA1-NSEC3-SHA1, the -SHA1 is there twice! The trailing -SHA1 refers to the NSEC3 name hashing algorithm. That could be different from the hash algorithm used in signing (and, in the case of RSASHA256 and RSASHA512, they are indeed different). I think there's a plausible arugment that the mnemonics defined in RFC5702 should have been RSASHA256-SHA1 and RSASHA512-SHA1. -- Sam _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Paul Hoffman
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Scott Rose
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Edward Lewis
- Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-st… Samuel Weiler