Re: [dnsext] Related to section 5.1 of dnssec-bis-updates (-14)
Mark Andrews <marka@isc.org> Tue, 17 January 2012 23:06 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A1A21F847F; Tue, 17 Jan 2012 15:06:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1326841598; bh=pzUdvl1rII/UOXdcuCeNSGAdXbmPDRrxTU8wckqLg4g=; h=To:From:References:In-reply-to:Date:Message-Id:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: MIME-Version:Content-Type:Content-Transfer-Encoding:Sender; b=nkbNBsOXLdPZGHvRa6n6CkGXe81iLaHhiPZmfeeV8EAwNmLBxo49/RyrXtdBUuBFv GJo3aKJnZfKH+a+ujalbq3m6G/amEGQdbEHsgnrpLrczdQbumRtPIL5UJ5X5Id3wnZ N+qBL7y7BfSeQ11Z23feQB3cGvZ6VnCnVUOw2FFY=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2093621F847F for <dnsext@ietfa.amsl.com>; Tue, 17 Jan 2012 15:06:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.227
X-Spam-Level:
X-Spam-Status: No, score=-2.227 tagged_above=-999 required=5 tests=[AWL=-0.228, BAYES_00=-2.599, J_CHICKENPOX_26=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0s5G3BoSR4Xh for <dnsext@ietfa.amsl.com>; Tue, 17 Jan 2012 15:06:35 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 9642D21F843F for <dnsext@ietf.org>; Tue, 17 Jan 2012 15:06:35 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 3802CC94D0; Tue, 17 Jan 2012 23:06:25 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:7034:c5d9:cda5:d5c0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id D175C216C6A; Tue, 17 Jan 2012 23:06:24 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 5F37B1B88FBB; Wed, 18 Jan 2012 10:06:22 +1100 (EST)
To: Edward Lewis <Ed.Lewis@neustar.biz>
From: Mark Andrews <marka@isc.org>
References: <a06240801cabc9d0de24d@192.168.129.103> <alpine.BSF.2.00.1201122318080.86374@fledge.watson.org> <CACU5sDnPJxPqQJ455iDeyvLaABk0HUnvNh1aPeq21XQuevqKkg@mail.gmail.com> <20120113225013.642F21B13171@drugs.dv.isc.org> <4F13F208.8010908@nlnetlabs.nl> <4F14359F.8050206@nlnetlabs.nl> <alpine.BSF.2.00.1201161002280.10245@fledge.watson.org> <a06240802cb3b3d642ffa@[10.31.200.137]>
In-reply-to: Your message of "Tue, 17 Jan 2012 10:02:29 CDT." <a06240802cb3b3d642ffa@[10.31.200.137]>
Date: Wed, 18 Jan 2012 10:06:22 +1100
Message-Id: <20120117230622.5F37B1B88FBB@drugs.dv.isc.org>
Cc: Samuel Weiler <weiler@watson.org>, dnsext@ietf.org
Subject: Re: [dnsext] Related to section 5.1 of dnssec-bis-updates (-14)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
In message <a06240802cb3b3d642ffa@[10.31.200.137]>, Edward Lewis writes: > At 10:04 -0500 1/16/12, Samuel Weiler wrote: > >Thank you for the history. Going forward, what's the best thing to > >do in the interest of interoperability? > > > >It may be worth asking not only what signers do but also what > >existing validators do. If we've only seen problems with this in > >the wild once (perhaps?) then there may be an ugly but interoperable > >answer we can document for the future. > > > > (Adding to some off-list messages, a shortened version of what I've written:) > > Downcase RRSIG, not NSEC. That includes publishing the RRSIG with > the downcased name in the RDATA. > > From what I've seen, all known signers do that, regardless of what > any spec says, hence no validators are tripped up by it. Named preserves the signer's case when publishing. US, CO and BIZ publish RRSIGs with the signer field in upper case. Mark % dnssec-keygen EX Generating key pair...++++++ .............................++++++ Kex.+005+57567 % dnssec-keygen -f KSK EX Generating key pair...........+++ .....................................................................................+++ Kex.+005+38353 % dnssec-signzone -S -o EX ex Fetching KSK 38353/RSASHA1 from key repository. Fetching ZSK 57567/RSASHA1 from key repository. Verifying the zone using the following algorithms: RSASHA1. Zone signing complete: Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 0 stand-by, 0 revoked ex.signed % grep 2012 ex.signed ; File written on Wed Jan 18 09:59:29 2012 0 RRSIG SOA 5 1 0 20120216215928 ( 20120117215928 57567 EX. 0 RRSIG NS 5 1 0 20120216215928 ( 20120117215928 57567 EX. 0 RRSIG NSEC 5 1 0 20120216215928 ( 20120117215928 57567 EX. 0 RRSIG DNSKEY 5 1 0 20120216215928 ( 20120117215928 38353 EX. 0 RRSIG DNSKEY 5 1 0 20120216215928 ( 20120117215928 57567 EX. % -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wilmer van der Gaast
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Jakob Schlyter
- [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Wouters
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wilmer van der Gaast
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Aki Tuomi
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Olaf Kolkman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Robert Edmonds
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Patrik Fältström
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Colm MacCárthaigh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Colm MacCárthaigh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Wouters
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt David Conrad
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Brian Dickson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Måns Nilsson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Michael Sheldon
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ray Bellis
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Brian Dickson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt David Conrad
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt bmanning
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Michael Sheldon
- [dnsext] Related to section 5.1 of dnssec-bis-upd… Edward Lewis
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Samuel Weiler
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Olafur Gudmundsson
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mohan Parthasarathy
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Samuel Weiler
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Edward Lewis
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews