IETF Logo Mail Archive

Re: [dnsext] Related to section 5.1 of dnssec-bis-updates (-14)

Edward Lewis <Ed.Lewis@neustar.biz> Tue, 17 January 2012 15:06 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B7421F851B; Tue, 17 Jan 2012 07:06:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1326812773; bh=WluK17VQKqu2Ow2GpPFLUAjOUFnq1Ssgv9Zd6Q322Dw=; h=Mime-Version:Message-Id:In-Reply-To:References:Date:To:From:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Transfer-Encoding:Content-Type:Sender; b=yM+cX2eGhxQAFKVmd1anvBMGgdi6GzLNTx5froouG/4UyFxqKTilcWxVDI72Bn4uX usnva7dgrzYNW7nN7416OIgk/TSOs5Mv5Tn8duo9dUeLNsrNlew6CSsFwQByZ7o8NG XyJ+Mvjqc3gzQM2RItuqIMm3vKZZGMk7IbVZkgWs=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6ED521F851B for <dnsext@ietfa.amsl.com>; Tue, 17 Jan 2012 07:06:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.092
X-Spam-Level:
X-Spam-Status: No, score=-104.092 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3J9YphpyOCZ for <dnsext@ietfa.amsl.com>; Tue, 17 Jan 2012 07:06:11 -0800 (PST)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id 1409E21F851A for <dnsext@ietf.org>; Tue, 17 Jan 2012 07:06:10 -0800 (PST)
Received: from Work-Laptop-2.local (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id q0HF5s2p085747; Tue, 17 Jan 2012 10:06:06 -0500 (EST) (envelope-from Ed.Lewis@neustar.biz)
Received: from [10.31.200.137] by Work-Laptop-2.local (PGP Universal service); Tue, 17 Jan 2012 10:06:09 -0500
X-PGP-Universal: processed; by Work-Laptop-2.local on Tue, 17 Jan 2012 10:06:09 -0500
Mime-Version: 1.0
Message-Id: <a06240802cb3b3d642ffa@[10.31.200.137]>
In-Reply-To: <alpine.BSF.2.00.1201161002280.10245@fledge.watson.org>
References: <a06240801cabc9d0de24d@192.168.129.103> <alpine.BSF.2.00.1201122318080.86374@fledge.watson.org> <CACU5sDnPJxPqQJ455iDeyvLaABk0HUnvNh1aPeq21XQuevqKkg@mail.gmail.com> <20120113225013.642F21B13171@drugs.dv.isc.org> <4F13F208.8010908@nlnetlabs.nl> <4F14359F.8050206@nlnetlabs.nl> <alpine.BSF.2.00.1201161002280.10245@fledge.watson.org>
Date: Tue, 17 Jan 2012 10:02:29 -0500
To: Samuel Weiler <weiler@watson.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
X-Scanned-By: MIMEDefang 2.72 on 10.20.30.4
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Related to section 5.1 of dnssec-bis-updates (-14)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

At 10:04 -0500 1/16/12, Samuel Weiler wrote:
>Thank you for the history.  Going forward, what's the best thing to 
>do in the interest of interoperability?
>
>It may be worth asking not only what signers do but also what 
>existing validators do.  If we've only seen problems with this in 
>the wild once (perhaps?) then there may be an ugly but interoperable 
>answer we can document for the future.
>

(Adding to some off-list messages, a shortened version of what I've written:)

Downcase RRSIG, not NSEC.  That includes publishing the RRSIG with 
the downcased name in the RDATA.

 From what I've seen, all known signers do that, regardless of what 
any spec says, hence no validators are tripped up by it.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Vote for the word of the day:
"Papa"razzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate "red tape"
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email