Re: [DNSOP] RFC 4641 errata

Fri, 01 Dec 2006 12:45:53 -0800 


Thanks Robert,

This was noted previously [1].


During the AUTH 48 the tables were edited to include the dashed  
lines, we, the editors, have overlooked, to my chagrin,   missed the  
the disappearance of the leading spaces.


-- Olaf

[1] See ftp://ftp.rfc-editor.org/in-notes/pending-errata/pending- 
errata.msgs

    From: Alfred =?hp-roman8?B?SM5uZXM=?= <[EMAIL PROTECTED]>
    Message-Id: <[EMAIL PROTECTED]>
    Subject: RFC 4641 errata


On 30Nov 2006, at 8:55 PM, Robert Story wrote:


In section 4.2.1.1. (Pre-Publish Key Rollover) of 4641, the table

detailing the stages of the rollover process appears to be missing  
some

indentation.

Existing Text:

   Pre-publish key rollover involves four stages as follows:

      ----------------------------------------------------------------
      initial         new DNSKEY       new RRSIGs      DNSKEY removal
      ----------------------------------------------------------------
      SOA0            SOA1             SOA2            SOA3
      RRSIG10(SOA0)   RRSIG10(SOA1)    RRSIG11(SOA2)   RRSIG11(SOA3)

      DNSKEY1         DNSKEY1          DNSKEY1         DNSKEY1
      DNSKEY10        DNSKEY10         DNSKEY10        DNSKEY11
      DNSKEY11         DNSKEY11
      RRSIG1 (DNSKEY) RRSIG1 (DNSKEY)  RRSIG1(DNSKEY)  RRSIG1 (DNSKEY)
      RRSIG10(DNSKEY) RRSIG10(DNSKEY)  RRSIG11(DNSKEY) RRSIG11(DNSKEY)
      ----------------------------------------------------------------

                         Pre-Publish Key Rollover

   initial: Initial version of the zone: DNSKEY 1 is the Key Signing

      Key.  DNSKEY 10 is used to sign all the data of the zone, the  
Zone

      Signing Key.

   new DNSKEY: DNSKEY 11 is introduced into the key set.  Note that no
      signatures are generated with this key yet, but this does not

      secure against brute force attacks on the public key.  The  
minimum
      duration of this pre-roll phase is the time it takes for the  
data

      to propagate to the authoritative servers plus TTL value of the
      key set.


Corrected table, with '|' indicating a changed line:

   Pre-publish key rollover involves four stages as follows:

      ----------------------------------------------------------------
      initial         new DNSKEY       new RRSIGs      DNSKEY removal
      ----------------------------------------------------------------
      SOA0            SOA1             SOA2            SOA3
      RRSIG10(SOA0)   RRSIG10(SOA1)    RRSIG11(SOA2)   RRSIG11(SOA3)

      DNSKEY1         DNSKEY1          DNSKEY1         DNSKEY1
      DNSKEY10        DNSKEY10         DNSKEY10        DNSKEY11
|                     DNSKEY11         DNSKEY11
      RRSIG1 (DNSKEY) RRSIG1 (DNSKEY)  RRSIG1(DNSKEY)  RRSIG1 (DNSKEY)
      RRSIG10(DNSKEY) RRSIG10(DNSKEY)  RRSIG11(DNSKEY) RRSIG11(DNSKEY)
      ----------------------------------------------------------------

                         Pre-Publish Key Rollover


--
Robert Story
SPARTA
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop


-----------------------------------------------------------
Olaf M. Kolkman
NLnet Labs
http://www.nlnetlabs.nl/






Attachment:
PGP.sig

Description: This is a digitally signed message part


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop






















					Reply via email to