[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSEC3, version 13

Dear WG,

This is the latest version of the NSEC3 draft, version 13.

Since the submission deadline for IETF 71 has passed, I've put the latest 
version online:

http://www.nsec3.org/cgi-bin/trac.cgi/attachment/wiki/WikiStart/draft-ietf-dnsext-nsec3-13.txt?format=raw

This version addresses the NSEC3 hash algorithm agility issue.

Changes are:

1) Section 12.1.3 has been replaced with the following text:

12.1.3.  Transitioning to a New Hash Algorithm

   Although the NSEC3 and NSEC3PARAM RR formats include a hash algorithm
   parameter, this document does not define a particular mechanism for
   safely transitioning from one NSEC3 hash algorithm to another.  When
   specifying a new hash algorithm for use with NSEC3, a transition
   mechanism MUST also be defined.  It is possible that the only
   practical and palatable transition mechanisms may require an
   intermediate transition to an insecure state, or to a state that uses
   NSEC records instead of NSEC3.

2) an addition to the IANA considerations:

11. IANA Considerations 
 
   Although the NSEC3 and NSEC3PARAM RR formats include a hash algorithm 
   parameter, this document does not define a particular mechanism for 
   safely transitioning from one NSEC3 hash algorithm to another. When 
   specifying a new hash algorithm for use with NSEC3, a transition 
   mechanism MUST also be defined.

3) One typo was fixed, and two of the authors' addresses have changed

Regards,

Roy Arends
Nominet UK

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>