From: Ulrich Wisser <email@example.com>
Date: Mon, 02 Nov 2009 11:08:03 +0100
User-Agent: Thunderbird 184.108.40.206 (Macintosh/20090812)
Subject: Re: [ietf-provreg] Anyone working on 4310-bis?
Andrew Sullivan wrote: > On Wed, Oct 28, 2009 at 12:45:54PM +0100, Ulrich Wisser wrote: > >> The add command (as well as update) uses the secDNS:dsDataType. Which >> makes keytag, alg, digestType and digest mandatory. I know that .SE and >> other registries considered to become a "fat" registry and take in the >> public keys instead of the ds records. The DS records would be computed >> from the public keys according to registry policies. >> This case is not covered by 4310. > > While this is true, 4310 does provide an OPTIONAL <secDNS:keyData> > element. Registry policy could require this. Then you could get the > DS and the DNSKEY at the same time, and you could even check to be > sure the DS they're providing actually matches the DNSKEY they're > providing (and use that as a first-line test to make sure their plan > is sane. If they can't generate the right DS, they are as likely to > have other problems as not, and it could well be that you want to stop > doing anything until it's sorted). No? I agree and this is not a big issue. I just thought that while we are changing the XML schema anyway, this change wouldn't be to troublesome either. I believe <complexType name="dsDataType"> <sequence> <group minOccurs="0"> <element name="keyTag" type="unsignedShort"/> <element name="alg" type="unsignedByte"/> <element name="digestType" type="unsignedByte"/> <element name="digest" type="hexBinary"/> <element name="maxSigLife" type="secDNS:maxSigLifeType" minOccurs="0"/> </group> <element name="keyData" type="secDNS:keyDataType" minOccurs="0"/> </sequence> </complexType> would do the trick and still be backward compatible, wouldn't it? /Ulrich -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to firstname.lastname@example.org