This is an interesting draft and looks like a good idea,
I just reviewed the draft with an eye if it is ready to be used as reference
for DNS RRYTPE template submission.
The draft specifies that Presentation Format for the RRTYPE is Base64 (good)
The draft specifies that the WIRE Format for the RRTYPE is Base64 (bad)
I suggest that the draft be expanded to talk about Presentation format and Wire
Format separately.
Making this change in the draft will require that Paul needs to update his tool
that he released today.
Nits and questions:
Section 3 says: "If an an OPENPGPKEY RR contains an expired OpenPGP
public key, it MUST NOT be used for encryption."
Suggest: "SHOULD" instead
Section 3.1 I propose that this section be moved into Section 4, leaving only
3 and 3.2 in section 3.
Section 3 then only defines the DNS RR
Section 4 then deals with location of the records in zones and how to convert
"email address" into
DNS labels.
Section 4.4 (KEY size and record size issues) is orthogonal to section 4. and
should (it you keep it) become a new section
on usage and operational guidance.
In addition to talk about key size it should recommend that a user SHOULD only
have one Active record, i.e. the key
it wants others to use to use for encryption.
Section 7: should become an appendix (how to generate a record)
Question: Transitioning trust from old key to new key is not covered in this
draft, should it ?
Olafur
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
