Re: [DNSOP] [Technical Errata Reported] RFC8976 (6425)

Thu, 11 Feb 2021 10:26:12 -0800 

Brian,

Thank you for reporting this.  Indeed this example SHA384 digest should have 48 
octets, although the A.3 example zone as a whole is still valid because a 
verifier will either exclude the ZONEMD RR in question either because of the 
private-use scheme or because it is truncated.  Since the example wasn't 
intended to include a truncated digest, we think the errata should be accepted 
and corrected.  Proposed correction:

example.      86400  IN  ZONEMD  2018031900 241 1 (
                                 e1846540e33a9e41
                                 89792d18d5d131f6
                                 05fc283e8136a8ed
                                 924937852d0076a3
                                 fd5cd859c4265eaf
                                 a8dd75c61e3dc079 )

DW


> On Feb 10, 2021, at 1:48 PM, RFC Errata System <[email protected]> 
> wrote:
> 
> Caution: This email originated from outside the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe. 
> 
> The following errata report has been submitted for RFC8976,
> "Message Digest for DNS Zones".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6425
> 
> --------------------------------------
> Type: Technical
> Reported by: Brian Wellington <[email protected]>
> 
> Section: A.3
> 
> Original Text
> -------------
> example.      86400  IN  ZONEMD  2018031900 241 1 (
>                                 e1846540e33a9e41
>                                 89792d18d5d131f6
>                                 05fc283e )
> 
> 
> Corrected Text
> --------------
> <A ZONEMD record with a digest of length 48>
> 
> Notes
> -----
> 2.2.3 defines Hash Algorithm 1 as SHA384, and says that "the size of the 
> Digest field is 48 octets". There is nothing in 2.2.3 (or 2.2.2, where Scheme 
> is defined) that indicates that Scheme and Hash Algorithm are dependent on 
> each other, so the fact that the Scheme value (241) is private should have no 
> effect on the digest computed by Hash Algorithm 1.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --------------------------------------
> RFC8976 (draft-ietf-dnsop-dns-zone-digest-14)
> --------------------------------------
> Title               : Message Digest for DNS Zones
> Publication Date    : February 2021
> Author(s)           : D. Wessels, P. Barber, M. Weinberg, W. Kumari, W. 
> Hardaker
> Category            : PROPOSED STANDARD
> Source              : Domain Name System Operations
> Area                : Operations and Management
> Stream              : IETF
> Verifying Party     : IESG

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to