From:
liste@publisher.de
Date:
Tue, 30 Dec 2008 00:32:25 +0100 (MET)
Sender:
owner-ietf-provreg@cafax.se
Received: from p5b006002.dip.t-dialin.net (HELO ?192.168.2.103?) (91.0.96.2) by lvps87-230-32-221.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Dec 2008 23:32:24 +0000 Subject: <secDNS:rem/> definition From: Ulrich Wisser <liste@publisher.de> To: EPP Provreg <ietf-provreg@cafax.se> Content-Type: multipart/signed; micalg=sha1; protocol="application/x-pkcs7-signature"; boundary="=-6xtJpR9glNucMLPpIB5J" Date: Tue, 30 Dec 2008 00:31:01 +0100 Message-Id: <1230593461.11548.311.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 --=-6xtJpR9glNucMLPpIB5J Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, my name is Ulrich and I am working for .SE (the Swedish registry). Among other other things I am responsible for the .SE EPP server. During the implementation of our EPP server (and client) I found the <secDNS:rem/> definition to be incomplete. I have no idea if this has already been discussed on the list? I haven't been able to find it in the archives. Please feel free to point me to any old discussion if applicable. For <secDNS:rem/> only keyTag can be specified. But DNSSec explicitly defines the keyTag to be *not* unique for a zone. Only algorithm an dkeyTag together are unique. Besides that it is possible to specify several DS records for the same key but with diffrent digestTypes.=20 Currently due to the low depolyment of DNSSec and due to the fact that only one algorithm is required in DNSSec this is not really a problem, but it could become one in the future. Here at .SE we currently publish two DS records for every key, one with digest type SHA-1 and one with digest type SHA-256. (Try dnssec.se) My proposal would be to add two optional tags to the <secDNS:rem/> tag <secDNS:alg/> <secDNS:digestType/> Which would be fully backward compatible, but still allow to be more precis if needed. Kind regards Ulrich =20 --=-6xtJpR9glNucMLPpIB5J Content-Type: application/x-pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFYjCCBV4w ggNGoAMCAQICAwO40TANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0wNzA2MjMyMTI5MDdaFw0w OTA2MjIyMTI5MDdaMFExFjAUBgNVBAMTDVVscmljaCBXaXNzZXIxNzA1BgkqhkiG9w0BCQEWKDJj OWM4NWRhMTAzMmRmNDc2NTg5MGZjZWIxZDJmNGNjYTlkMTYxMGMwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCu0E1V+wRtD4Lnqu/NdOxsgNZHc6WvCH9+JMAvVTumjfMB6wIt686F76Mp xC6xCxFno8pvAdOcosnzIErulQ7HFz7Hu75GKNZE8uhp5o1Fx0FbrpkfaGMJTabfXD6liFPSeXt2 E6Hts0HnAbiWqNPoo4Tk6K/I9lIWJr+FlpkHOBNMd2wVm7edwfjzt8wBnMwwFKAGp2CO+4rOdamm WNRKOhUnlhZ88aOnLbvI5bjXHjOQy80TVG/mPBVmEBfcs2Tr5IqWvYvRli0BTsnLReOBudYKo99/ 2i4V9pPncYVa+tprpnqmFlntetzUUJH7HHJzrKaQwvQC0d7XpzerezhxAgMBAAGjggEVMIIBETAM BgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUg Zm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBABgNVHSUEOTA3Bggr BgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggr BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwMwYDVR0RBCww KoEoMmM5Yzg1ZGExMDMyZGY0NzY1ODkwZmNlYjFkMmY0Y2NhOWQxNjEwYzANBgkqhkiG9w0BAQUF AAOCAgEAiYpAf/5fXWJD1tB7YbZecUy9Ww6Y2y5MwTvIquEP36SuD70yOXOZ8sB2mt7sjuPeFmjw kU2jHyYjmzGUochSk1bpd2VxGtfHKUUxl8BZyJ5UH8oGNHqgKiSXrpxkbSzzboS+7dbrL0va1zMg xdgZS22HWjufwowEVKA/jUfyt8k1A2A7qNhZu8QUCOvH2SpP0dOwzhLmVFirUY/AH+CbvvkNFlJF ocTOtloLFV78pB5M5lYJKcq/LzAHuOJr69mpLp46iZVte3ZqQsdtE/q1H+cvInA7vZs1mDyEIhag RsKsIsDPVnEnzalaTO1cAKySgictdD/krK3KpS2Wdjnrxye8GaDRkHDlcnARQaCVzG+6BeC8MRtw 1POwcq0q7LJSvThfCAiw8DL7ya6+SrjSzKiQNyIDoaXDR6WmXs6/8AI++bFnperuhcoFX1nImLfy QPuff8vGyv05o3d2GkJ8xS4CDHqNxkRQSWNwXYB5zVxipWmfFI9D0r0y3mY202a0JyZd9eVT0yAz dMolC+MqCEpY+q7eBraBdfp5Ds3JYQaWIr+heJGaFSKgfCxYxMeUHK3DVOQZjMN7VBruo2D800+l YKqON6b+ff5EP8qml+W7xMeRY7Qv1vDuIhN3TBVDtHnJS3lc6yN1WEf9toOl+4tfXkczp1d8g6xh jisyn6wxggIHMIICAwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8v d3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkq hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDA7jRMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMjkyMzMxMDFaMCMGCSqGSIb3DQEJ BDEWBBTJ8K3lMYSkNGOw7OQfcdyRld5ptzANBgkqhkiG9w0BAQEFAASCAQB7Ztt5rRDW6KPkmNse iCT8Xbvl2encdXTbLAIzBDI4NGVSbWfKOoxezgDJHN1RWvJjy3Dh6j+QJ6g7Y1ysHM0EgzuEHfqi fCf6HkvrF6PbBRJHRbIPAVoAVrWrBoHhKtTDLvGTLr38dL8M4qtlRBF57VPTdn+rUKhny1gLr6Ha 7La3PyvXWa0anRo8Zd4RBtDgt8EQkwlrlhcPyvmwmq9igrKz6VQhsoZg6ZqnEPOOBQtgNZtz1JTc UBHrTJkkGcdh3CBthuQulKdVLw2nh9lx8fTbpSx7BQQp85aZ4KXwMtyDU7cjraC011QI+z0dBZ1+ GT15JsTXzGAX5cp5/HlAAAAAAAAA --=-6xtJpR9glNucMLPpIB5J--