[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IPSECKEY] Re: IPSECKEY inheritance of DNSSEC algorithm registry




{email from non-subscriber. Now added to exception list}

From: "Scott Rose" <scottr@nist.gov>
To: "Sam Weiler" <weiler@tislabs.com>
Cc: <ipseckey@sandelman.ca>
References: <Pine.GSO.4.33.0306171421200.11723-100000@raven>
Subject: Re: IPSECKEY inheritance of DNSSEC algorithm registry
Date: Wed, 18 Jun 2003 10:08:17 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

Since it is an IANA registry and not just IETF consensus, it seems easier.
I don't know of a IPSEC specific registry of algorithm codes/encodings that
fit better.  One thing that might cause trouble is that the RSA/MD5 is
listed as "not recommended" in DNSSEC, which means it may not be supported
by poorly implemented resolvers (or worse, generate some error).  A note
could be added that the status of the algorithm (NOT RECOMMENDED, MANDATORY,
etc) does not apply to the IPSECKEY unless stated in a IPSECKEY draft.

Future encoding RFC authors should take IPSECKEY and other (possible future)
RR types into consideration.

Is there any reason NOT to allow this?

Scott
PS - not a memeber of ipseckey mailing list - so flame me directly.



----- Original Message ----- 
From: "Sam Weiler" <weiler@tislabs.com>
To: <namedroppers@ops.ietf.org>
Cc: "ipseckey" <ipseckey@lox.sandelman.ottawa.on.ca>
Sent: Tuesday, June 17, 2003 7:00 PM
Subject: IPSECKEY inheritance of DNSSEC algorithm registry


> The IPSECKEY RR definition draft is nearing WG last call -- this would
> be a good time to review the document.
>
> The chairs would particularly like feedback on whether or not the
> IPSECKEY record should inherit format definitions from the DNS
> Security Algorithm registry -- if someone defines a (DNS)KEY RR format
> for Sam's Public Key Algorithm, does it automagically show up as an
> IPSECKEY format?
>
> The text in draft-ietf-ipseckey-rr-04.txt is internally inconsistent,
> but the intent with this version was that, yes, the formats are
> inherited.
>
> Please send all comments to the IPSECKEY list.
>   General Discussion: ipseckey@sandelman.ca
>   To Subscribe: ipseckey-request@sandelman.ca
>   Archive: http://www.sandelman.ca/lists/html/ipseckey/
>
> http://www.ietf.org/html.charters/ipseckey-charter.html
> http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-04.txt
>
> -- Sam
>
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>

-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.