Duane,
On 2019-09-06 02:01, Wessels, Duane wrote:
With this version the authors feel that it is ready for working group last call.
Sorry for a late comment, but I decided to give this one thorough last
read-through.
I'm a little concerned that the way the Reserved field is described may
make adoption of later versions of ZONEMD difficult. The relevant text:
2.1.3. The Reserved Field
The Reserved field is an 8-bit unsigned integer, which is always set
to zero. This field is reserved for future work to support efficient
incremental updates.
.
.
.
4. Verifying Zone Message Digest
.
.
.
7. The Reserved field MUST be checked. If the Reserved field value
is not zero, verification MUST NOT be considered successful.
The question is, what can a zone producer do to support both this
version of ZONEMD as well as a new version? Adding a non-zero Reserved
ZONEMD value will break any implementation using this specification.
I think what would be ideal is for non-zero Reserved values to be ignored.
If we treat non-zero Reserved the same as unknown algorithms (that is,
using placeholders) will that be okay? It may complicate generating
compatible ZONEMD in future ZONEMD implementations. With the envisioned
incremental version I think it will be fine; if you want both a
full-zone and incremental ZONEMD then it will indeed be complicated, but
I think probably few zones will need that. I have no idea whether using
the placeholder technique will work for more weird and wonderful later
versions.
I suppose it is okay to reject the use case and not worry about
compatibility, since we expect the incremental version to be used mostly
for large zones where the current ZONEMD simply won't work... 🤔
Cheers,
--
Shane
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop