[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt

To: <namedroppers@ops.ietf.org>
Subject: RE: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
From: "Scott Rose" <scottr@nist.gov>
Date: Tue, 29 Jul 2008 07:57:53 -0400
In-reply-to: <488EF7BF.8050709@NLnetLabs.nl>

For those that care about references - NIST Special Pub 800-57 Part 3 only
has more specific recommendations about key management but refers to Part 1
for all general pointers like key lengths, hash algorithms to use for
specific security strengths, etc.

So 800-57 Part 1 has all the necessary information, just in a non-DNSSEC
specific format.

Scott

> -----Original Message-----
> From: owner-namedroppers@ops.ietf.org
> [mailto:owner-namedroppers@ops.ietf.org]On Behalf Of Jelte Jansen
> Sent: Tuesday, July 29, 2008 6:58 AM
> To: namedroppers@ops.ietf.org
> Subject: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Internet-Drafts@ietf.org wrote:
> > A New Internet-Draft is available from the on-line
> Internet-Drafts directories.
> > This draft is a work item of the DNS Extensions Working Group
> of the IETF.
> >
> >
> > 	Title           : Use of SHA-2 algorithms with RSA in
> DNSKEY and RRSIG Resource Records for DNSSEC
> > 	Author(s)       : J. Jansen
> > 	Filename        : draft-ietf-dnsext-dnssec-rsasha256-05.txt
> > 	Pages           : 9
> > 	Date            : 2008-07-29
> >
> > This document describes how to produce RSA/SHA-256 and RSA/SHA-512
> > DNSKEY and RRSIG resource records for use in the Domain Name System
> > Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035).
> >
> > A URL for this Internet-Draft is:
> >
> http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dnssec-rsash
a256-05.txt
>

As discussed here on namedroppers, I removed the section about how SHA1
signatures should be ignored, and only refer to RFC4035 section 2.2 as
protection against downgrade attacks, which should be enough.

I also removed the informational reference to NIST SP 800-57 part 3,
which unfortunately has not been released in time. Instead I just made
that reference to SP 800-57 in general.

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIjve/4nZCKsdOncURAtpRAJ9iZXS3CPzlwRs9XVWJPqN0faKuXQCghBrU
P+fl+MyP0ls++8/fqVO1gLk=
=2Agf
-----END PGP SIGNATURE-----

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
  - From: Jelte Jansen <jelte@NLnetLabs.nl>

Prev by Date: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
Next by Date: RE: Forgery Resistance phase #2
Previous by thread: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-05.txt
Index(es):
- Date
- Thread