Hi Brian,
I see what you're saying. For implementations that treat the truncated digest
as a zone parsing failure then example A.3 is not valid.
DW
> On Feb 11, 2021, at 11:19 AM, Wellington, Brian wrote:
>
> Caution: This email originated from outside the organization. Do not click
> li
Hi Duane,
I’m not sure if I completely agree with this analysis. The issue isn’t about
validation; it’s about parsing the presentation format. The RFC says:
When SHA384 is used, the size of the
Digest field is 48 octets. The result of the SHA384 digest algorithm
MUST NOT be truncate
Brian,
Thank you for reporting this. Indeed this example SHA384 digest should have 48
octets, although the A.3 example zone as a whole is still valid because a
verifier will either exclude the ZONEMD RR in question either because of the
private-use scheme or because it is truncated. Since the
The following errata report has been submitted for RFC8976,
"Message Digest for DNS Zones".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6425
--
Type: Technical
Reported by: Brian Wellington
