[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSEXT WGLC: DS SHA-256

To: <namedroppers@ops.ietf.org>
Subject: Re: DNSEXT WGLC: DS SHA-256
From: "Stuart E. Schechter" <ses@ll.mit.edu>
Date: Wed, 21 Dec 2005 09:42:52 -0500
In-reply-to: <6.2.5.6.2.20051213191012.03bfda58@ogud.com>
User-agent: Microsoft-Entourage/11.1.0.040913

   I have reviewed and support this document.

   As for whether a validator SHOULD or MUST ignore SHA1 digests when
SHA-256 are present, perhaps the "security considerations" section could
discuss the downgrade attack on validators that accept SHA1 digests when
SHA-256 digests are present?

   Should the pair of colons following "The DNSKEY Record" in 2.3 be one
colon, or is this an IETF convention with which I as a newbie am unfamiliar?

   One very minor editing nit-pick -- the words "of course" in the security
considerations are superfluous and distracting.  This isn't a show stopper
and I'm fine if Wes doesn't want to change it.  I just feel that if we truly
believed the statement was obvious to all possible readers it wouldn't be
worth including.  Putting the "of course" only makes things harder to read.

   Best

   Stuart


> From: Ólafur Gu›mundsson <ogud@ogud.com>
> Date: Wed, 14 Dec 2005 10:01:36 -0500
> To: <namedroppers@ops.ietf.org>
> Subject: DNSEXT WGLC: DS SHA-256
> 
> 
> This message starts a Working Group Last Call on following document
> http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ds-sha256-02.txt
> 
> The last call is scheduled to end on December 31'st 2005.
> 
> This document defines a new digest algorithm for the DS record.
> The reason why this is needed is the degrading trust in SHA-1
> algorithm currently used.
> 
> The document is on standards track and is scheduled to be published as
> Proposed Standard.
> 
> Please read this document and send statements of support/issues to
> the namedroppers mailing list or chairs.
> The chairs require that at least 5 people review and support this document.
> 
> Olafur & Olaf  
> 
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
> 



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: DNSEXT WGLC: DS SHA-256
  - From: Wes Hardaker <hardaker@tislabs.com>
- Re: DNSEXT WGLC: DS SHA-256
  - From: Wes Hardaker <hardaker@tislabs.com>

References:
- DNSEXT WGLC: DS SHA-256
  - From: Ólafur Guðmundsson <ogud@ogud.com>

Prev by Date: [Question] RRSet should only be included once in any DNS reply
Next by Date: RE: DNSEXT WGLC: RFC2536bis and RFC2539bis
Previous by thread: DNSEXT WGLC: DS SHA-256
Next by thread: Re: DNSEXT WGLC: DS SHA-256
Index(es):
- Date
- Thread