On 1/8/2020 4:22 PM, Wessels, Duane wrote:
On Jan 8, 2020, at 12:20 PM, Paul Vixie <p...@redbarn.org> wrote:
can we please not put the ZONEMD RR at the apex, or else, can we please add an
ALG-ID to its rdata. because some day we're going to ship different kinds of
MD's, one of which is today's full-zone traversal-required version that
optimizes for AXFR, and another will be tomorrow's block hash that optimizes
for IXFR.
Paul,
The current draft already does this future proofing, although earlier revisions
did not. So maybe you missed the change and maybe we haven't done a good job of
making this clear.
The ZONEMD Digest Type field encodes both the hash algorithm (SHA384) and the
traversal algorithm (SIMPLE).
A future update can define a new Digest Type such as SHA384-MUMBLE in which the
zone is traversed differently but the end result is still a SHA384 hash value.
The Parameter field lets you encode some Digest Type specific parameter
information. Perhaps something like Merkle tree depth, or whatever would be
needed for some other traversal algorithm.
Hi Duane -
If the above is what you intended, then sections 3 and 4 should be
labeled "Calculating/Verifying the DIGEST for the SIMPLE scheme", and
there should be some description elsewhere indicating that later schemes
will provide replacements for section 3 and 4 at a minimum.
There's also the case that future ZONEMD schemes may need a different
format for the digest field. E.g. one approach to dealing with
incremental changes is to have a NSEC like ZONEMD record which covers
hashes only across a range of names.
So instead maybe change Digest Type -> Scheme type and Parameter &
Digest -> Scheme data (which is for this scheme just the digest data).
Later, Mike
DW
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
