[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)

To: namedroppers@ops.ietf.org
Subject: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
From: Andrew Sullivan <ajs@shinkuro.com>
Date: Tue, 9 Dec 2008 09:34:21 -0500
In-reply-to: <200812090324.mB93OARV045445@drugs.dv.isc.org>
References: <Pine.LNX.4.64.0809301237230.27246@mint> <200812090324.mB93OARV045445@drugs.dv.isc.org>
User-agent: Mutt/1.5.18 (2008-05-17)

On Tue, Dec 09, 2008 at 02:24:10PM +1100, Mark Andrews wrote:

>         The only reason for having two numbers is if you believe
>         there there is a reason to support validators which can do
>         RSA/SHA-256 and not NSEC3.  I don't see a need to support
>         that combination.

I determined during working group last call, however, that others
_did_ see a need to support that combination.  Moreover, I buy the
argument that we shouldn't link these two issues together.  If there
is a validator that can't do NSEC3 and they find they suddently want
to do SHA-2, why do we want to put an extra barrier in their way?

A

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Matt Larson <mlarson@verisign.com>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Mark Andrews <Mark_Andrews@isc.org>
- [dnsext] explicit non-support of NSEC3
  - From: "Roy Arends" <roy@nominet.org.uk>

References:
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Sam Weiler <weiler@tislabs.com>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Mark Andrews <Mark_Andrews@isc.org>

Prev by Date: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Next by Date: [dnsext] explicit non-support of NSEC3
Previous by thread: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Next by thread: [dnsext] explicit non-support of NSEC3
Index(es):
- Date
- Thread