DNSSECbis Q-17: typecode change and TKEY
Roy Arends <roy@logmess.com> Thu, 09 October 2003 08:00 UTC
From: Roy Arends <roy@logmess.com>
Subject: DNSSECbis Q-17: typecode change and TKEY
Date: Thu, 09 Oct 2003 10:00:07 +0200
Lines: 31
Sender: owner-namedroppers@ops.ietf.org
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-From: owner-namedroppers@ops.ietf.org Thu Oct 09 10:14:19 2003
Return-path: <owner-namedroppers@ops.ietf.org>
X-Authentication-Warning: elektron.atoom.net: roy owned process doing -bs
X-X-Sender: roy@elektron.atoom.net
To: namedroppers@ops.ietf.org
X-Virus-Scanned: by amavisd-new
Precedence: bulk
X-Message-ID:
Message-ID: <20140418071750.2560.10241.ARCHIVE@ietfa.amsl.com>
TKEY (2930) provisions key agreement methods. One method for a resolver and a server to agree about shared secret keying material for use in TSIG (2845) is through DNS requests using, for example, Diffie-Hellman (DH) Exchanged Keying. Essentially, a resolver sends a query accompanied by a KEY RR in the additional section specifying a resolver DH key (2539), or, a KEY accompanied by its SIG(KEY). The issue at hand is the accompanied KEY RR (and SIG) in light of the recent type-code rollover, which leaves the KEY RR for the use of SIG(0) only. There are a few ways out: 1) retain KEY, SIG RR for the use of TKEY as well as SIG(0). 2) Have draft-ietf-dnsext-dnssec-2535typecode-change update RFC 2930 as well. Either way, draft-ietf-dnsext-dnssec-2535typecode-change, and 2535bis accordingly, has to include some text on this. Regards, Roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- DNSSECbis Q-17: typecode change and TKEY Roy Arends
- Re: DNSSECbis Q-17: typecode change and TKEY Scott Rose
- Re: DNSSECbis Q-17: typecode change and TKEY Jakob Schlyter
- Re: DNSSECbis Q-17: typecode change and TKEY Rob Austein