[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: private algorithms and the DS record

To: David Blacka <davidb@verisignlabs.com>, Rob Austein <sra@isc.org>
Subject: Re: private algorithms and the DS record
From: Ólafur Guðmundsson <ogud@ogud.com>
Date: Fri, 31 Dec 2004 01:25:43 -0500
Cc: namedroppers@ops.ietf.org
In-reply-to: <41C9AB3A.3050209@verisignlabs.com>
References: <41C1ED4A.1060606@verisignlabs.com> <a06110402bdecf217c1a3@10.31.32.75> <Pine.GSO.4.55.0412211040400.11377@filbert> <9347523AF3E1691C9687BE7D@192.168.100.25> <41C85D0E.40002@verisignlabs.com> <Pine.GSO.4.55.0412211555230.22102@filbert> <41C89341.3040501@verisignlabs.com> <20041222050148.4613741C8@thrintun.hactrn.net> <41C9AB3A.3050209@verisignlabs.com>

<Chair-hat-off>
At 12:13 22/12/2004, David Blacka

Rob Austein wrote:
I see four possible resolutions here:
1) DS records are modified to contain the private algorithm name, allowing the validator algorithm to work the same for public and private algorithms, or 2) The need and algorithm for fetching the private algorithm name from the DNSKEY in a safe manner is documented somewhere (another RFC or additional text), or 3) private algorithms are deprecated, or 4) everyone else decides that the current text is clear enough, there is no need to change anything, we are fairly sure that future implementations of private algorithm support will work just fine, thank you very much.

Any of the above resolutions are acceptable, I think.


I see #5
5) Remove special handling of Private Key's in RRSIG, i.e. do the same
thing as in DS and cementing Private algorithm's second class status.

Personally I think 2 is the most appropriate approach if this is
big enough a issue to warrant the attention of the working group.

Olafur


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: private algorithms and the DS record
  - From: Paul Vixie <paul@vix.com>

References:
- private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Samuel Weiler <weiler@tislabs.com>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Samuel Weiler <weiler@tislabs.com>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>
- Re: private algorithms and the DS record
  - From: Rob Austein <sra@isc.org>
- Re: private algorithms and the DS record
  - From: David Blacka <davidb@verisignlabs.com>

Prev by Date: RE: private algorithms and the DS record
Next by Date: Re: private algorithms and the DS record
Previous by thread: Re: private algorithms and the DS record
Next by thread: Re: private algorithms and the DS record
Index(es):
- Date
- Thread