--- Begin Message ---
Hi Otto,
I see now. My email had a typo / mistake. Sept 6th should be Sept 13th.
DW
> On Jul 21, 2023, at 11:48 PM, Otto Moerbeek <o...@drijf.net> wrote:
>
> Thanks, but I'm stilll puzzled,
>
> According to your original post the publishing of the downloadable
> root zone with a ZONEMD record starts at Sept 6. It is not clear to me
> what Hash Algorithm it will use on that date, as the date is before
> Sept 13.
>
> -Otto
>
>
> On Sat, Jul 22, 2023 at 05:04:53AM +0000, Wessels, Duane wrote:
>
>> Hi Otto,
>>
>> From 2023-09-13 to 2023-12-06 the Hash Algorithm field of the ZONEMD record
>> will be set to 241 (the first value in the private use range).
>>
>> On 2023-12-06 we will change it to Hash Algorithm 1, which is SHA-384.
>>
>> DW
>>
>>
>>> On Jul 20, 2023, at 11:02 PM, Otto Moerbeek <o...@drijf.net> wrote:
>>>
>>> Hello,
>>>
>>> thanks you for working on this!
>>>
>>> From the description it is not clear what the Hash Algorithm of the
>>> ZONEMD record included in the downloadable zone file will be per Sept
>>> 6th. Will this ZONEMD record also use a private algorihtm and switch
>>> to SHA-384 at a later moment? If so, when?
>>>
>>> Thanks,
>>>
>>> -Otto
>>>
>>> On Wed, Jul 19, 2023 at 04:10:25PM +0000, Wessels, Duane via dns-operations
>>> wrote:
>>>
>>>> Date: Wed, 19 Jul 2023 16:10:25 +0000
>>>> From: "Wessels, Duane" <dwess...@verisign.com>
>>>> To: Andy Smith via dns-operations <dns-operati...@dns-oarc.net>
>>>> Subject: Root zone operational announcement: introducing ZONEMD for the
>>>> root zone
>>>>
>>>> I am pleased to announce that Message Digests for DNS Zones, also known as
>>>> ZONEMD, will be added to the root zone later this year. This feature,
>>>> specified in RFC 8976, adds cryptographic data protections to the zone as
>>>> a whole, allowing the recipient to verify the authenticity of the zone’s
>>>> contents.
>>>>
>>>> ZONEMD will be added to the root zone using a phased approach. On
>>>> September 13, 2023, a ZONEMD record will make its first appearance in the
>>>> root zone. At this time the Hash Algorithm field will be set to a private
>>>> use algorithm number, making the ZONEMD record deliberately unverifiable.
>>>>
>>>> On December 6, 2023, the ZONEMD record will be published with the SHA-384
>>>> Hash Algorithm, thereby making it verifiable.
>>>>
>>>> We expect no operational impacts for end users. ZONEMD does not affect
>>>> root zone queries and responses. The root server operators have agreed to
>>>> not alter their zone ingestion processes for at least a year after ZONEMD
>>>> is first introduced.
>>>>
>>>> Anyone that downloads the root zone file from
>>>> http://secure-web.cisco.com/13zHe0PSUNNCJBM54qbqfvmLTQg1GfbkWLEKyj11uJKxr0cKwV4m8nmumCACCRc4TgWQiGSCfSGuab49nQ6t190PzZtdsghnWGBape45q7yscRuI72y4rVA9FKtruoIUJQOYRD6hxmpgoa0lss35RtP8oNP419dfbfY8ihpz2HiszKMFbjYaocQQtWkQRKyEoPgOCXuUYIOZH5HpdhzIBT3zEwLzflnqL6eR3vOHzkuaVR_loD-7WM4o8M-F3-mIdQ6_IU5BkH_ZZ8ZDDpoXPLuPtbA4-cR5rjj38JhobF0bvH1PXHByckj2a54_02zMz/http%3A%2F%2Fwww.internic.net
>>>> or rs.internic.net should be aware that it will include the new ZONEMD
>>>> resource record in its native presentation format starting on September
>>>> 6th.
>>>>
>>>> Please feel free to follow up with any questions or concerns.
>>>>
>>>> References and further reading:
>>>>
>>>> [1] RFC 8976: “Message Digest for DNS Zones”,
>>>> https://secure-web.cisco.com/1XacvzAe3KCmD305ieQ292ovYQ65x-D9JyNQdhLvttzBjgk_MG_6FPETg8ekoItXo6qHCk148b0VNJDrijtKvnuhj8UrvfHd7HBzGvj4F4ggvNm8WmQRjo5OBRwa5Oq9zVIsC8y89tmSj2huHT0eluDy04igbLGg3IfodIUxONEjurDcYsu6e9cKU0ovYEEg-lW5fWr5WHv3k35aCnqYXpmej0QhYGklxxdrPwiuQCW49VFfxdg_MFcumelbQdTeOIBwvSoHdjUP3Cy6h-jFkMLRcMch-gtVEooh55H6OUK7QqXX-lgDEjF1Y7kfAR5xz/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc8976
>>>> [2] Root Server Operators Statement on adding ZONEMD to the root zone,
>>>> https://secure-web.cisco.com/1csi7pcWnfEk3MLCMTDpMIepUdApvVU-b-tnpRX8PnOKn9nNkbrgZcZH62k21N7DUG8idMbIuxr-PBwCg3jX0SY2AegsYwVyMTfeARtd1s8147gy-akpwRWMoYlEgiJeWr4cw-JDy68YPNrnP0kNTeaWXhUsXID92S4aPLSCsW1xsNRaXBxRoeLaTw4BJnfQXdKOWbCUPpgIKwolYYobY4I0A3vwcYS-PnVIxOcaCMe3k8haS7ZzAP0Udcs1prvi9xIIdE3FL1lXocAMOJeZiNlri6V4KDKge_hGAMm32TFeDk5oC_eoM68noNMSAjTCI/https%3A%2F%2Froot-servers.org%2Fmedia%2Fnews%2F2022-08-Statement_on_ZONEMD.pdf
>>>> [3] RZERC003: “Adding Zone Data Protections to the Root Zone”,
>>>> https://secure-web.cisco.com/12BOkeZeIXXEc8bHPskskIPYYEB5j6atSHInZVGViHpuEsWFd3i3ORxxQF3d-hBwCUZsL9QLcUDwYl0JO1OMo_1bDLdiEr6SE4gT85zTFYDCN-Y3z0bBPvh6FYjzXltQy1zQY4L4-Z3BrnqpukWZRGIr3SkjWMkw8638PhkW8B41dLIS-IHIwqzAAvoY3lvNNWBJ-Eqon1isiSlBcfFrjJmbexUozG_3TRgPeaPMfzWUYfAAXeJ3wuOe3ym7K6QjqtXdi1KbHhX8_0K0hKVLNAoQ3kqKE8jzExHxgqEJtBrAU-pw_Zd23n-_lt66FBC13/https%3A%2F%2Fwww.icann.org%2Fuploads%2Fckeditor%2Frzerc-003-en.pdf
>>>> [4] Verisign Blog: “Adding ZONEMD Protections to the Root Zone”,
>>>> https://blog.verisign.com/security/root-zone-zonemd/
>>>> [5] APNIC Ping Podcast episode “Adding ZONEMD protections to the root
>>>> zone”,
>>>> https://secure-web.cisco.com/18iOqVl2cAOdTphmSsXOmBUjIRxkAH7WRakcRt_PS4P13-NQr-6u5XqSCjbCDss9R8Zm5S3akf5o1AEq5ib0ezfpX-l0Ev3ZXbLj2p-WCMQHti2hedZNF99ok0C33OrnviXVDn5Qnrqa7BnBIP9ec38evs3V4ucParLvxRoMmYIY9lA_-GuAvcWpDTLphlhWTXXbV7LNUzprP0MOKGCw67sbVz5VX98v7N1bGZuGQrft-PzTS_P_oa9i2NA8ZI4niQK7xED4v8dKK4NXNyTRJjvBEPGQ-D9B0oVzmxsdbpxZ4fBuLUe1gpXI84O4zX3Ap/https%3A%2F%2Fblubrry.com%2Fping_podcast%2F108940688%2Fadding-zonemd-protections-to-the-root-zone%2F
>>>>
>>>>
>>>> DW
>>>>
>>>>
>>>
>>>> _______________________________________________
>>>> dns-operations mailing list
>>>> dns-operations@lists.dns-oarc.net
>>>> https://secure-web.cisco.com/1AlQYdWZx2loSVTq_AB_fzLxTrTb-Nd6IEjAd_y2775l_wu1kaDjoUoRry_Tb0oES_eZp25PwfZOEJq8FuVaPku1-YCm8J_6Xvs__jOJbIcOhLaTeasRGcLi7ZD0Cv_90gwBiJHypZWaSYhy1ij1DEfbAJ7X_ztB_u579dqifOOAeGwI0MiEs59hYw76qcTVbag0q4u7D2yT-BoGCLtQY_r6arvN5lt9cjF3k356TwWPlvb3vWA8BSo5TNRvyaB_qJIeKFz5sWtp72Icpz3ByqFSGfadBYur0xIXQsUJuzz6WXpWyKiBkryHiJ5fRUHbP/https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations
>>>
>>
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
