Re: [dnsext] SIG inception/expiration
Olafur Gudmundsson <ogud@ogud.com> Tue, 03 January 2012 21:32 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E25DB11E80B2; Tue, 3 Jan 2012 13:32:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1325626345; bh=OQH7oF31oO1259N+J32fLw/WriW9DpHvTjg754V6oFg=; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Transfer-Encoding:Content-Type:Sender; b=zMDhkNfcp+J2UwZcIpQd9Xvb3eBCpVckWcFOQyjcFd38xlZgGmjgknIL3q7w+nyke 0abEEkSq84ZNwcvwoiDEoTqzbZ9K3Q0ryrhU741bJoZX3LXTTXaVfC+I38vLYcdWgb HKInSJNkWu2dyOAAsM7FO0T8V7+gSXCBFm9Lz5/s=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C65411E80B2 for <dnsext@ietfa.amsl.com>; Tue, 3 Jan 2012 13:32:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAPeNNxIiGVY for <dnsext@ietfa.amsl.com>; Tue, 3 Jan 2012 13:32:23 -0800 (PST)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id E75D011E80B1 for <dnsext@ietf.org>; Tue, 3 Jan 2012 13:32:22 -0800 (PST)
Received: from [IPv6:::1] (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id q03LWKQn068650 for <dnsext@ietf.org>; Tue, 3 Jan 2012 16:32:21 -0500 (EST) (envelope-from ogud@ogud.com)
Message-ID: <4F0373E5.1000207@ogud.com>
Date: Tue, 03 Jan 2012 16:32:21 -0500
From: Olafur Gudmundsson <ogud@ogud.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: dnsext@ietf.org
References: <20120102104613.GB12764@miek.nl>
In-Reply-To: <20120102104613.GB12764@miek.nl>
X-Scanned-By: MIMEDefang 2.72 on 10.20.30.4
Subject: Re: [dnsext] SIG inception/expiration
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
On 02/01/2012 05:46, Miek Gieben wrote: > Hello list, > > A recent dnssec-deployment discussion led to the question on why the > expiration/inception time in the RRSIG are in the "wrong" order. > > I did some digging in the archives and the closest I found was this: > > In the drafts leading up to RFC 2065, the SIG RDATA is defined: > http://tools.ietf.org/html/draft-ietf-dnssec-secext-00#section-5.1 > > In there it is: "time signed", "signature expiration" > > And then in -02 (there is no -01) > http://tools.ietf.org/html/draft-ietf-dnssec-secext-02#section-4.1 > > It is: "signature expiration", "time signed". Where is stays up to RFC 2065. > I do not remember why/if the order was changed, but seem to recall that my first DNSSEC code written in fall 1994 (signer) did not inter operate with later code (resolver spring 1995) and the reason was the order change and I always coded from current drafts. > In RFC 2535 "time signed" is renamed to "signature inception", but the > ordering isn't changed. So it's "signature expiration", "signature inception". > > Does anybody know (remember?) why the switch was made during > draft-ietf-dnssec-secext-00 and -02? > No and I can not find version 01 anywhere. Olafur _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] SIG inception/expiration Miek Gieben
- Re: [dnsext] SIG inception/expiration Mark Andrews
- Re: [dnsext] SIG inception/expiration Miek Gieben
- Re: [dnsext] SIG inception/expiration bmanning
- Re: [dnsext] SIG inception/expiration Edward Lewis
- Re: [dnsext] SIG inception/expiration Donald Eastlake
- Re: [dnsext] SIG inception/expiration John Dickinson
- Re: [dnsext] SIG inception/expiration Olafur Gudmundsson
- Re: [dnsext] SIG inception/expiration bmanning
- Re: [dnsext] SIG inception/expiration Mark Andrews
- Re: [dnsext] SIG inception/expiration Miek Gieben