Robert Moskowitz writes:
> This latest ver is in response to comments recieved.
>
> Please review Appendix A that I have the RR properly set up.
I think the priority needs to be in decimal, and you are missing the
gateway address. I.e., at least the 4025 has examples as follows:
38.2.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 1 2
192.0.2.38
AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== )
where you have:
foo.example.com IN IPSECKEY
(a 0 4 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
The generic format from 4025 is:
IN IPSECKEY ( precedence gateway-type algorithm
gateway base64-encoded-public-key )
and also says:
If no gateway is to be indicated, then the gateway type field MUST be
zero, and the gateway field MUST be "."
So I think the correct example should be:
foo.example.com IN IPSECKEY
(10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
> I also have questions about the text added to specify this is for public key
> lookup. Please review how I have said this in the draft.
>
> Also the text for use in the IPSECKEY registry is at odds with the text for
> the current values. What to do?
>
> Instruct IANA to adjust the text for values 1 - 3 to match?
What do you mean with this?
> Write text to go at the beginning that this is for public keys and remove the
> proposed such text for the eddsa value. I have not (yet) found any IANA
> registry that has such text, and any points would help this discussion.
--
kivi...@iki.fi
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
