Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-00.txt

Hi Paul On Wed, Apr 05, 2017 at 07:24:11AM -0700, Paul Hoffman wrote: > On 5 Apr 2017, at 1:42, Mukund Sivaraman wrote: > > > > Name: draft-muks-dnsop-dnssec-sha3 > > NIST's use case for SHA3 algorithms is for when particular SHA2 algorithms > are weakened. This would mean that the f

Re: [DNSOP] [Ext] RCODE and CNAME chain

Since you mentioned RFC 6604 "xNAME RCODE Clarification", here's a relevant quote from Section 3 ("RCODE Clarification"): >When an xNAME chain is followed, all but the last query cycle necessarily had >no error.  The RCODE in the ultimate DNS response MUST BE set based on the >final query cy

Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-00.txt

On 5 Apr 2017, at 1:42, Mukund Sivaraman wrote: Name: draft-muks-dnsop-dnssec-sha3 NIST's use case for SHA3 algorithms is for when particular SHA2 algorithms are weakened. This would mean that the fallback for RSASHA256 is RSASHA512, not a SHA3 variant. Thus, the premise for this e

Re: [DNSOP] [Ext] RCODE and CNAME chain

On Wed, Apr 05, 2017 at 01:54:09PM +, Donald Eastlake wrote: > See RFC 6604. This clears it up. Thank you. Mukund signature.asc Description: PGP signature ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/

Re: [DNSOP] [Ext] RCODE and CNAME chain

See RFC 6604. Donald from iPhone On Wed, Apr 5, 2017 at 09:34 Edward Lewis wrote: > On 4/5/17, 01:43, "DNSOP on behalf of Mukund Sivaraman" < > dnsop-boun...@ietf.org on behalf of m...@isc.org> wrote: > > >It seems BIND currently returns NXDOMAIN in this case, and the change in > >behavior bet

Re: [DNSOP] [Ext] RCODE and CNAME chain

On 4/5/17, 01:43, "DNSOP on behalf of Mukund Sivaraman" wrote: >It seems BIND currently returns NXDOMAIN in this case, and the change in >behavior between looking-into-other-zones and >not-looking-into-other-zones in the nameserver algorithm caused a system >test failure, hence the question. I d

[DNSOP] Fwd: New Version Notification for draft-muks-dnsop-dnssec-sha3-00.txt

This was submitted today: > A new version of I-D, draft-muks-dnsop-dnssec-sha3-00.txt > has been successfully submitted by Mukund Sivaraman and posted to the > IETF repository. > Name: draft-muks-dnsop-dnssec-sha3 > Revision: 00 > Title:Use of SHA-3 (Keccak) Algorithms

Re: [DNSOP] RCODE and CNAME chain

In message <20170405054338.GA15831@jurassic>, Mukund Sivaraman writes: > Evan just pointed out a case due to a system test failure that is > interesting.. it's not clear what the behavior should be in this case, > so please discuss: > > There's a nameserver that's authoritative for 2 zones exampl

Re: [DNSOP] RCODE and CNAME chain

Hello Mukund, On 5 Apr 2017, at 7:43, Mukund Sivaraman wrote: > Evan just pointed out a case due to a system test failure that is > interesting.. it's not clear what the behavior should be in this case, > so please discuss: > > There's a nameserver that's authoritative for 2 zones example.org. an