[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: private algorithms and the DS record
<chair-hat off>
At 12:56 21/12/2004, Scott Rose wrote:
> -----Original Message-----
> From: owner-namedroppers@ops.ietf.org
> [mailto:owner-namedroppers@ops.ietf.org]On Behalf Of David Blacka
>
> Let's approach this issue from the opposite direction. Is there any
> reason NOT to prepend the private alg. name to the DS hash? Was the
> fact that the DS wasn't mentioned in the private algorithm appendix ON
> PURPOSE?
>
> I am personally of the opinion that the fact that the DS was omitted was
> just an oversight, due to the fact that no one really examined private
> algorithms during the main review process. I am of the opinion that NOT
> fixing this means, at the very minimum, that private algorithm support
> will be harder than necessary to implement in the validator. It *may*
> mean that private algorithms are unusable or at least unsafe.
>
It was an oversight. Private algorithms were not really brought up enough
during the rewrite process.
Scott
But this was discussed in the design process of DS and the feeling
was that Private algorithms where second class citizens
that only role is in testing of new algorithms or some strange
convoluted reasons. Thus there was no need to add complexity to
support them.
Going further back, I remember questioning the text in RFC2065
that included the private algorithm identifiers in SIG RR's and
arguing that key ID was sufficient for selecting the correct key
to test.
If we are going to make any changes I would argue for changing RRSIG
not DS :-).
Olafur
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>