Re: [ietf-provreg] RFC5910 public client implementation

[Jens Wagner <jwagner@hexonet.net>]

Title: Re: [ietf-provreg] RFC5910 public client implementation

Hi James,

we just implemented secDNS-1.0 and secDNS-1.1 into our EPP gateway.

It supports both Key Data and DS Data interfaces, as some tlds like .de or .eu require Key Data anyways. For other TLDs which require DS Data, it automatically creates it using the key data and SHA1 as digest type, if using the Key Data interface.

E.g. it accepts the following input

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <update>
      <domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>secdns.org</domain:name>
      </domain:update>
    </update>
    <extension>
    <secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
      <secDNS:rem>
        <secDNS:all>true</secDNS:all>
      </secDNS:rem>
      <secDNS:add>
        <secDNS:keyData>
          <secDNS:flags>256</secDNS:flags>
          <secDNS:protocol>3</secDNS:protocol>
          <secDNS:alg>1</secDNS:alg>
          <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
        </secDNS:keyData>
        <secDNS:keyData>
          <secDNS:flags>257</secDNS:flags>
          <secDNS:protocol>3</secDNS:protocol>
          <secDNS:alg>5</secDNS:alg>
          <secDNS:pubKey>AQPJ////5Q==</secDNS:pubKey>
        </secDNS:keyData>
      </secDNS:add>
    </secDNS:update>
    </extension>
    <clTRID>ABC-12345</clTRID>
  </command>
</epp>


and creates two DS data record:

<secDNS:dsData>
    <secDNS:keyTag>65535</secDNS:keyTag>
    <secDNS:alg>1</secDNS:alg>
    <secDNS:digestType>1</secDNS:digestType>
    <secDNS:digest>1543C1BABEB5ECAF98774188032928B3CD18299A</secDNS:digest>
    <secDNS:keyData>
        <secDNS:flags>256</secDNS:flags>
        <secDNS:protocol>3</secDNS:protocol>
        <secDNS:alg>1</secDNS:alg>
        <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
    </secDNS:keyData>
</secDNS:dsData>
<secDNS:dsData>
    <secDNS:keyTag>46089</secDNS:keyTag>
    <secDNS:alg>5</secDNS:alg>
    <secDNS:digestType>1</secDNS:digestType>
    <secDNS:digest>2A515440A8AEA13F034191AB0D35DB1DDF7968E8</secDNS:digest>
    <secDNS:keyData>
        <secDNS:flags>257</secDNS:flags>
        <secDNS:protocol>3</secDNS:protocol>
        <secDNS:alg>5</secDNS:alg>
        <secDNS:pubKey>AQPJ////5Q==</secDNS:pubKey>
    </secDNS:keyData>
</secDNS:dsData>


Best,
- jens


James Gould schrieb:

It’s great to hear that the implementations are moving forward.  

We’re including support for RFC 5910 and 4310 as part our DNSSEC release of .NET in September.  We updated our Java EPP SDK to include support for both RFC 5910 and 4310 .  The EPP SDK also includes a functional validating Stub Server that has specific test code for supporting both the DS Data Interface and the Key Data Interface of RFC 5910 as well as support for RFC 5910 and 4310 in parallel.  If anyone is interested, the URL below includes some higher level SDK information along with a link to the “Name Store/SRS Bundle” distribution that has the RFC 5910 and 4310 support.  

http://www.verisign.com/domain-name-services/current-registrars/epp-sdk/index.html

Just curious if anyone is planning on supporting the Key Data Interface of RFC 5910?

--


JG

-------------------------------------------------------
James F. Gould
Principal Software Engineer
VeriSign Naming Services
jgould@verisign.com
Direct: 703.948.3271
Mobile: 703.628.7063

 
21345 Ridgetop Circle
LS2-2-1
Dulles, VA 20166

Notice to Recipient:  This e-mail contains confidential, proprietary and/or Registry  Sensitive information intended solely for the recipient and, thus may not be  retransmitted, reproduced or disclosed without the prior written consent of  VeriSign Naming and Directory Services.  If you have received  this e-mail message in error, please notify the sender immediately by  telephone or reply e-mail and destroy the original message without making a  copy.  Thank you.

---

From: Ulrich Wisser <liste@publisher.de>
Date: Tue, 27 Jul 2010 07:51:09 -0400
To: Frederico A C Neves <fneves@registro.br>
Cc: EPP Provreg <ietf-provreg@cafax.se>
Subject: Re: [ietf-provreg] RFC5910 public client implementation

Congrats!

I'm working on the server implementation for .SE.

/Ulrich


--
Help building the worlds most comprehensive list of judo dojos.
Put your dojo on the list at http://JudoWorldMap.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request@cafax.se

-- 
Jens Wagner
Chief Executive Officer
HEXONET GmbH
Be Your Own Internet Services Provider

T: +49 6841 69 84 0
F: +49 6841 69 84 199
E: jwagner@hexonet.net
W: http://www.hexonet.net

HEXONET GmbH, Talstrasse 27, 66424 Homburg, Germany.  CEO & General Manager: Jens Wagner, HRB 2839 (HOM), Amtsgericht Saarbrücken, VAT-ID: DE-138316882
HEXONET Services Inc., 1100 - 1200 West 73rd Avenue, Vancouver, B.C., V6P 6G5, Canada.  CSO & General Manager: Robert Birkner

This email and any files transmitted are confidential and intended only or the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.