IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

From: liste@publisher.de
Date: Tue, 30 Dec 2008 00:32:25 +0100 (MET)
Sender: owner-ietf-provreg@cafax.se


Received: from p5b006002.dip.t-dialin.net (HELO ?192.168.2.103?) (91.0.96.2)
  by lvps87-230-32-221.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Dec 2008 23:32:24 +0000
Subject: <secDNS:rem/> definition
From: Ulrich Wisser <liste@publisher.de>
To: EPP Provreg <ietf-provreg@cafax.se>
Content-Type: multipart/signed; micalg=sha1; protocol="application/x-pkcs7-signature"; boundary="=-6xtJpR9glNucMLPpIB5J"
Date: Tue, 30 Dec 2008 00:31:01 +0100
Message-Id: <1230593461.11548.311.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 


--=-6xtJpR9glNucMLPpIB5J
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,

my name is Ulrich and I am working for .SE (the Swedish registry). Among
other other things I am responsible for the .SE EPP server.

During the implementation of our EPP server (and client) I found the
<secDNS:rem/> definition to be incomplete. I have no idea if this has
already been discussed on the list? I haven't been able to find it in
the archives. Please feel free to point me to any old discussion if
applicable.

For <secDNS:rem/> only keyTag can be specified. But DNSSec explicitly
defines the keyTag to be *not* unique for a zone. Only algorithm an
dkeyTag together are unique. Besides that it is possible to specify
several DS records for the same key but with diffrent digestTypes.=20

Currently due to the low depolyment of DNSSec and due to the fact that
only one algorithm is required in DNSSec this is not really a problem,
but it could become one in the future.

Here at .SE we currently publish two DS records for every key, one with
digest type SHA-1 and one with digest type SHA-256. (Try dnssec.se)

My proposal would be to add two optional tags to the <secDNS:rem/> tag

     <secDNS:alg/>
     <secDNS:digestType/>

Which would be fully backward compatible, but still allow to be more
precis if needed.

Kind regards

Ulrich
=20

--=-6xtJpR9glNucMLPpIB5J
Content-Type: application/x-pkcs7-signature; name=smime.p7s
Content-Disposition: attachment; filename=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFYjCCBV4w
ggNGoAMCAQICAwO40TANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp
dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0wNzA2MjMyMTI5MDdaFw0w
OTA2MjIyMTI5MDdaMFExFjAUBgNVBAMTDVVscmljaCBXaXNzZXIxNzA1BgkqhkiG9w0BCQEWKDJj
OWM4NWRhMTAzMmRmNDc2NTg5MGZjZWIxZDJmNGNjYTlkMTYxMGMwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu0E1V+wRtD4Lnqu/NdOxsgNZHc6WvCH9+JMAvVTumjfMB6wIt686F76Mp
xC6xCxFno8pvAdOcosnzIErulQ7HFz7Hu75GKNZE8uhp5o1Fx0FbrpkfaGMJTabfXD6liFPSeXt2
E6Hts0HnAbiWqNPoo4Tk6K/I9lIWJr+FlpkHOBNMd2wVm7edwfjzt8wBnMwwFKAGp2CO+4rOdamm
WNRKOhUnlhZ88aOnLbvI5bjXHjOQy80TVG/mPBVmEBfcs2Tr5IqWvYvRli0BTsnLReOBudYKo99/
2i4V9pPncYVa+tprpnqmFlntetzUUJH7HHJzrKaQwvQC0d7XpzerezhxAgMBAAGjggEVMIIBETAM
BgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUg
Zm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzBABgNVHSUEOTA3Bggr
BgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggr
BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwMwYDVR0RBCww
KoEoMmM5Yzg1ZGExMDMyZGY0NzY1ODkwZmNlYjFkMmY0Y2NhOWQxNjEwYzANBgkqhkiG9w0BAQUF
AAOCAgEAiYpAf/5fXWJD1tB7YbZecUy9Ww6Y2y5MwTvIquEP36SuD70yOXOZ8sB2mt7sjuPeFmjw
kU2jHyYjmzGUochSk1bpd2VxGtfHKUUxl8BZyJ5UH8oGNHqgKiSXrpxkbSzzboS+7dbrL0va1zMg
xdgZS22HWjufwowEVKA/jUfyt8k1A2A7qNhZu8QUCOvH2SpP0dOwzhLmVFirUY/AH+CbvvkNFlJF
ocTOtloLFV78pB5M5lYJKcq/LzAHuOJr69mpLp46iZVte3ZqQsdtE/q1H+cvInA7vZs1mDyEIhag
RsKsIsDPVnEnzalaTO1cAKySgictdD/krK3KpS2Wdjnrxye8GaDRkHDlcnARQaCVzG+6BeC8MRtw
1POwcq0q7LJSvThfCAiw8DL7ya6+SrjSzKiQNyIDoaXDR6WmXs6/8AI++bFnperuhcoFX1nImLfy
QPuff8vGyv05o3d2GkJ8xS4CDHqNxkRQSWNwXYB5zVxipWmfFI9D0r0y3mY202a0JyZd9eVT0yAz
dMolC+MqCEpY+q7eBraBdfp5Ds3JYQaWIr+heJGaFSKgfCxYxMeUHK3DVOQZjMN7VBruo2D800+l
YKqON6b+ff5EP8qml+W7xMeRY7Qv1vDuIhN3TBVDtHnJS3lc6yN1WEf9toOl+4tfXkczp1d8g6xh
jisyn6wxggIHMIICAwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8v
d3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkq
hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDA7jRMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODEyMjkyMzMxMDFaMCMGCSqGSIb3DQEJ
BDEWBBTJ8K3lMYSkNGOw7OQfcdyRld5ptzANBgkqhkiG9w0BAQEFAASCAQB7Ztt5rRDW6KPkmNse
iCT8Xbvl2encdXTbLAIzBDI4NGVSbWfKOoxezgDJHN1RWvJjy3Dh6j+QJ6g7Y1ysHM0EgzuEHfqi
fCf6HkvrF6PbBRJHRbIPAVoAVrWrBoHhKtTDLvGTLr38dL8M4qtlRBF57VPTdn+rUKhny1gLr6Ha
7La3PyvXWa0anRo8Zd4RBtDgt8EQkwlrlhcPyvmwmq9igrKz6VQhsoZg6ZqnEPOOBQtgNZtz1JTc
UBHrTJkkGcdh3CBthuQulKdVLw2nh9lx8fTbpSx7BQQp85aZ4KXwMtyDU7cjraC011QI+z0dBZ1+
GT15JsTXzGAX5cp5/HlAAAAAAAAA


--=-6xtJpR9glNucMLPpIB5J--

Follow-Ups:
- [ietf-provreg] Re:
  - From: Klaus Malorny <Klaus.Malorny@knipp.de>

Prev by Date: Re: [ietf-provreg] DNSSEC EPP Extension (RFC 4310) UsabilityQuestion
Next by Date: [ietf-provreg] Re:
Prev by thread: Re: [ietf-provreg] RE: Standards Track Advancement Request for EPP RFCs
Next by thread: [ietf-provreg] Re:
Index(es):
- Date
- Thread

Home | Date list | Subject list