RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
"Scott Rose" <scottr@nist.gov> Tue, 29 July 2008 13:00 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 226DB28C2A8; Tue, 29 Jul 2008 06:00:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.048
X-Spam-Level:
X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XHiMwiAGZiM5; Tue, 29 Jul 2008 06:00:47 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A7E3E28C2A7; Tue, 29 Jul 2008 06:00:45 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KNoco-000MfJ-9X for namedroppers-data@psg.com; Tue, 29 Jul 2008 12:48:22 +0000
Received: from [129.6.16.227] (helo=smtp.nist.gov) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <scottr@nist.gov>) id 1KNobd-000MYV-OY for namedroppers@ops.ietf.org; Tue, 29 Jul 2008 12:47:41 +0000
Received: from postmark.nist.gov (emailha1.nist.gov [129.6.16.196]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id m6TBw7A1031764 for <namedroppers@ops.ietf.org>; Tue, 29 Jul 2008 07:58:07 -0400
Received: from 619893L ([129.6.220.160]) by postmark.nist.gov (8.13.1/8.13.1) with SMTP id m6TBvqna021590 for <namedroppers@ops.ietf.org>; Tue, 29 Jul 2008 07:57:56 -0400
From: Scott Rose <scottr@nist.gov>
To: namedroppers@ops.ietf.org
Subject: RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
Date: Tue, 29 Jul 2008 07:57:53 -0400
Message-ID: <JNEGICILJHDCEMKOEACNKELPDGAA.scottr@nist.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <488EF7BF.8050709@NLnetLabs.nl>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-NIST-MailScanner-Information:
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: scottr@nist.gov
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
For those that care about references - NIST Special Pub 800-57 Part 3 only has more specific recommendations about key management but refers to Part 1 for all general pointers like key lengths, hash algorithms to use for specific security strengths, etc. So 800-57 Part 1 has all the necessary information, just in a non-DNSSEC specific format. Scott > -----Original Message----- > From: owner-namedroppers@ops.ietf.org > [mailto:owner-namedroppers@ops.ietf.org]On Behalf Of Jelte Jansen > Sent: Tuesday, July 29, 2008 6:58 AM > To: namedroppers@ops.ietf.org > Subject: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Internet-Drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line > Internet-Drafts directories. > > This draft is a work item of the DNS Extensions Working Group > of the IETF. > > > > > > Title : Use of SHA-2 algorithms with RSA in > DNSKEY and RRSIG Resource Records for DNSSEC > > Author(s) : J. Jansen > > Filename : draft-ietf-dnsext-dnssec-rsasha256-05.txt > > Pages : 9 > > Date : 2008-07-29 > > > > This document describes how to produce RSA/SHA-256 and RSA/SHA-512 > > DNSKEY and RRSIG resource records for use in the Domain Name System > > Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). > > > > A URL for this Internet-Draft is: > > > http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsash a256-05.txt > As discussed here on namedroppers, I removed the section about how SHA1 signatures should be ignored, and only refer to RFC4035 section 2.2 as protection against downgrade attacks, which should be enough. I also removed the informational reference to NIST SP 800-57 part 3, which unfortunately has not been released in time. Instead I just made that reference to SP 800-57 in general. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIjve/4nZCKsdOncURAtpRAJ9iZXS3CPzlwRs9XVWJPqN0faKuXQCghBrU P+fl+MyP0ls++8/fqVO1gLk= =2Agf -----END PGP SIGNATURE----- -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.… Internet-Drafts
- Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256… Jelte Jansen
- RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256… Scott Rose