Robert Moskowitz writes: > So I think the correct example should be: > > foo.example.com IN IPSECKEY > (10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= ) > > I will fix my example. Do you think I should have both examples: with and > without gateway?
More examples is usually better as long as they are correct :-) > Current IANA registry is: > > 0 No key is present [RFC4025] > 1 A DSA key is present, in the format defined in [RFC2536] [RFC4025] > 2 A RSA key is present, in the format defined in [RFC3110] [RFC4025] > 3 An ECDSA key is present, in the format defined in [RFC6605] > [RFC8005] > > Per Paul's request I am coming up that for EdDSA I would ask the following be > added: > > 4 An EdDSA Public key is present, in the format defined in [RFC8080] > [This] > > Note the addition of "Public" > > • So should 1 - 3 also have "Public" added? > • Should 4 NOT have "Public" > • Should text be added describing this registry to be for "Public" keys? The current wording is bit funny, but I think that it is talking about the host properties. I.e. the host having this IPSECKEY RR do have DSA key (both public and private keys), and the public key of that DSA key is given inside the IPSECKEY RR in format defined in RFC2536. Perhaps the best wording would be 3 An ECDSA Public key in the format defined in [RFC6605] Whether we want to change the other entries to match is then separate issue, and as this registry is IETF Review, I think we need and draft or similar to change the wording. I.e., if we want to change the wording of other entries, then we could request that change in this document too. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec