On 8/11/22 07:35, Tero Kivinen wrote:
Robert Moskowitz writes:
So I think the correct example should be:
foo.example.com IN IPSECKEY
(10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
I will fix my example. Do you think I should have both examples: with and
without gateway?
More examples is usually better as long as they are correct :-)
If you want more, then send them my way.
Current IANA registry is:
0 No key is present [RFC4025]
1 A DSA key is present, in the format defined in [RFC2536] [RFC4025]
2 A RSA key is present, in the format defined in [RFC3110] [RFC4025]
3 An ECDSA key is present, in the format defined in [RFC6605]
[RFC8005]
Per Paul's request I am coming up that for EdDSA I would ask the following be
added:
4 An EdDSA Public key is present, in the format defined in [RFC8080]
[This]
Note the addition of "Public"
• So should 1 - 3 also have "Public" added?
• Should 4 NOT have "Public"
• Should text be added describing this registry to be for "Public" keys?
The current wording is bit funny, but I think that it is talking about
the host properties. I.e. the host having this IPSECKEY RR do have DSA
key (both public and private keys), and the public key of that DSA key
is given inside the IPSECKEY RR in format defined in RFC2536.
My read of it.
Perhaps the best wording would be
3 An ECDSA Public key in the format defined in [RFC6605]
Whether we want to change the other entries to match is then separate
issue, and as this registry is IETF Review, I think we need and draft
or similar to change the wording. I.e., if we want to change the
wording of other entries, then we could request that change in this
document too.
If this is the way you want it, as you are the IPsec IANA registries
expert...
Help me with the text, and when this draft is adopted by the workgroup I
will put it into the draft-ietf-ipsecme- release.
Then the wg can bash on it a bit during wglc.
Bob
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
