On Mon, 6 Jan 2014, Olafur Gudmundsson wrote:
I just reviewed the draft with an eye if it is ready to be used as reference
for DNS RRYTPE template submission.
The draft specifies that Presentation Format for the RRTYPE is Base64 (good)
The draft specifies that the WIRE Format for the RRTYPE is Base64 (bad)
I suggest that the draft be expanded to talk about Presentation format and Wire
Format separately.
That was a very good point and unclear in the document. I've addressed
these and will submit the new version soon.
Making this change in the draft will require that Paul needs to update his tool
that he released today.
That's fine :)
Nits and questions:
Section 3 says: "If an an OPENPGPKEY RR contains an expired OpenPGP
public key, it MUST NOT be used for encryption."
Suggest: "SHOULD" instead
Section 3.1 I propose that this section be moved into Section 4, leaving only
3 and 3.2 in section 3.
Section 3 then only defines the DNS RR
Section 4 then deals with location of the records in zones and how to convert "email
address" into
DNS labels.
Section 4.4 (KEY size and record size issues) is orthogonal to section 4. and
should (it you keep it) become a new section
on usage and operational guidance.
In addition to talk about key size it should recommend that a user SHOULD only
have one Active record, i.e. the key
it wants others to use to use for encryption.
Section 7: should become an appendix (how to generate a record)
I've made these changes, and after some more talking decided to split
this document in two. One for just the technical specification of the
DNS record, and one for the recommended usage of the DNS record.
Question: Transitioning trust from old key to new key is not covered in this
draft, should it ?
I don't think so. I cannot come up with any good "rollover advise" I
would give other than "replace the DNS record once you have a new PGP
key". Whether you lost your old PGP key or not, when you are ready for
the new PGP key, you can just remove the old one.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
