Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
Miek Gieben <miek@miek.nl> Tue, 13 March 2012 08:07 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3F321F8847; Tue, 13 Mar 2012 01:07:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331626060; bh=wpiJ0j4cVQai69eCjLiXNlm+77D/qKitAVudDdZ+p9s=; h=Date:From:To:Message-ID:References:MIME-Version:In-Reply-To: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Sender; b=bRrzSeht/xdYyaedJ8KnLH9qqJ/oDXLZ650Ym56kzEkz7vMKakTze8tzBP4ziuj24 kDEgOjivPE5Um9fOAjkxReXAamZ8vqI9Z79+UUQ+WRHMFBLeeiaQA66AV9HO5VeyJF HNYEHkjKMDvsLUF+hCPZB+bBh3wbmOTTGCCAfkRg=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 244AD21F8847 for <dnsext@ietfa.amsl.com>; Tue, 13 Mar 2012 01:07:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.205
X-Spam-Level:
X-Spam-Status: No, score=-2.205 tagged_above=-999 required=5 tests=[AWL=0.395, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYtf-OZlQYhq for <dnsext@ietfa.amsl.com>; Tue, 13 Mar 2012 01:07:38 -0700 (PDT)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 8178521F8846 for <dnsext@ietf.org>; Tue, 13 Mar 2012 01:07:38 -0700 (PDT)
Received: by elektron.atoom.net (Postfix, from userid 1000) id 7DFFF40034; Tue, 13 Mar 2012 09:07:31 +0100 (CET)
Date: Tue, 13 Mar 2012 09:07:31 +0100
From: Miek Gieben <miek@miek.nl>
To: dnsext@ietf.org
Message-ID: <20120313080731.GA12019@miek.nl>
Mail-Followup-To: dnsext@ietf.org
References: <20120306162935.4172.91398.idtracker@ietfa.amsl.com> <20120309090748.GA20102@miek.nl> <3B318BC7-749C-4885-A6B9-8BE91479D0F9@gmail.com>
MIME-Version: 1.0
In-Reply-To: <3B318BC7-749C-4885-A6B9-8BE91479D0F9@gmail.com>
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec-algo-signal-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7105539736622653826=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
[ Quoting <scottr.nist@gmail.com> at 09:08 on Mar 12 in "Re: [dnsext] I-D Act..." ] > One reason we made it three unique options was so clients could mix > and match if they wanted. Especially since there is only one NSEC3 > hash algorithm code assigned for now. Upgrading hashes in NSEC3 is hard, upgrading NSEC3 (to whatever) is harder still. How about an extra option that lists which authenticated denial of existence records are understood. Something along the lines: An option code that signals which negative resource records an resolver can handle. When DNSSEC was first designed NXT, was defined, this was later renamed to NSEC. Later still NSEC3 was defined. Upgrading to a new authenticated denial of existence record is very hard. The upgrade to NSEC3 involved an algorithm roll, which is not desirable as we only have 8 bits in the algorithm field. So we define to following: NXU (NXDOMAIN Understood) 2 (length is always 2 octect) Type code of the highext NX record understood. This defaults to '50'. Regards, -- Miek Gieben
_______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] I-D Action: draft-ietf-dnsext-dnssec-alg… internet-drafts
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Warren Kumari
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Patrik Fältström
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Scott Rose
- [dnsext] FW: I-D Action: draft-ietf-dnsext-dnssec… Marc Lampo
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Mark Andrews
- Re: [dnsext] I-D Action: draft-ietf-dnsext-dnssec… Miek Gieben
- Re: [dnsext] FW: I-D Action: draft-ietf-dnsext-dn… Scott Rose