Re: About draft-ietf-dnsext-ecc-key-07.txt, absence of algorithm restriction in ECC public key encoding

[Thierry Moreau <thierry.moreau@connotech.com>]

Eastlake III Donald-LDE008 wrote:

> Actually, if you look in section 5 on page 11, it says you have to use SHA-1...
>
> Donald 

Thanks for pointing this out. Since the transition from SHA-1 to other 
hash algorithm is going to be a big issue some time in the future, 
perhaps it should be made more manifest that this draft assigns the 
RFC4034-allocated DNSSEC Algorithm Type value 4 to ECC **with SHA-1**.

Are there other variations in ECC signature algorithms that are fixed by 
the draft and should be made more manifest? Someone pointed out that the 
draft was only "about storing keys". Does it completely specify ECC 
signatures? I think other DNSSEC Algorithm Type values do fully specify 
the respective signature algorithms.

Regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau@connotech.com


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>