Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

Wed, 10 Aug 2022 07:30:31 -0700 

Tero,

Thanks for the review.

On 8/9/22 11:46, Tero Kivinen wrote:

Robert Moskowitz writes:

This latest ver is in response to comments recieved.

Please review Appendix A that I have the RR properly set up.

I think the priority needs to be in decimal, and you are missing the
gateway address. I.e., at least the 4025 has examples as follows:

38.2.0.192.in-addr.arpa. 7200 IN     IPSECKEY ( 10 1 2
                     192.0.2.38
                     AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== )

where you have:

foo.example.com IN IPSECKEY
       (a 0 4 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )

The generic format from 4025 is:

    IN     IPSECKEY ( precedence gateway-type algorithm
                      gateway base64-encoded-public-key )

and also says:

    If no gateway is to be indicated, then the gateway type field MUST be
    zero, and the gateway field MUST be "."


I missed that in my read of 4025.


So I think the correct example should be:

foo.example.com IN IPSECKEY
       (10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
I will fix my example.  Do you think I should have both examples: with and without gateway? 




I also have questions about the text added to specify this is for public key
lookup.  Please review how I have said this in the draft.

Also the text for use in the IPSECKEY registry is at odds with the text for
the current values.  What to do?

Instruct IANA to adjust the text for values 1 - 3 to match?

What do you mean with this?


Current IANA registry is:

0     No key is present     [RFC4025]
1     A DSA key is present, in the format defined in [RFC2536] [RFC4025]
2     A RSA key is present, in the format defined in [RFC3110] [RFC4025]
3     An ECDSA key is present, in the format defined in [RFC6605]     [RFC8005]
Per Paul's request I am coming up that for EdDSA I would ask the following be added:
4     An EdDSA Public key is present, in the format defined in [RFC8080]   [This] 


Note the addition of "Public"

 * So should 1 - 3 also have "Public" added?
 * Should 4 NOT have "Public"
 * Should text be added describing this registry to be for "Public" keys?


Choise one (I hope!)


Write text to go at the beginning that this is for public keys and remove the
proposed such text for the eddsa value.  I have not (yet) found any IANA
registry that has such text, and any points would help this discussion.



Bob

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to