[rfc-i] Proper way to include examples with yet-to-be-assigned values?

Tony Hansen tony at att.com
Fri Aug 13 11:22:56 PDT 2010


On 8/12/2010 6:28 PM, Paul Hoffman wrote:
> At 3:09 PM -0700 8/12/10, Joe Touch wrote:
>    
>> Having just done this, I used:
>>
>> 	TBD-IANA-KIND
>>      
> Sorry, I wasn't clear. We did "TBD" for the name of the new algorithm, but we had to include a number in our calculations, so we had to pick one.
>
> And, to be less obscure, see section 6 of<http://tools.ietf.org/html/draft-hoffman-dnssec-ecdsa-03>.

So, let's look at what you put into draft-hoffman-dnssec-ecdsa-03 :

    [[ IMPORTANT NOTE: This section is to be used for testing only.  This
    document has not been approved as an RFC, so the algorithm codes MUST
    NOT be used on the Internet, only in test environments.  The examples
    use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]

   6.1. P-256 Example

    Private-key-format: v1.2
    Algorithm: 13 (ECDSAP256SHA256)
    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=

    example.net. 3600 IN DNSKEY 257 3 13 (
            GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
            krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )

    example.net. 3600 IN DS 55648 13 2 (
            b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
            e2770ce6d6e37df61d17 )

    www.example.net. 3600 IN A 192.0.2.1
    www.example.net. 3600 IN RRSIG A 13 3 3600 (
            20100909100439 20100812100439 55648 example.net.
            qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
            yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )

Now, I'm guess as to which of the values shown here are TBA-1 to -3. 
What if you were to write:

    [[ IMPORTANT NOTE: This section is to be used for testing only.  This
    document has not been approved as an RFC, so the algorithm codes MUST
    NOT be used on the Internet, only in test environments.  The examples
    use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]

   6.1. P-256 Example

    Private-key-format: v1.2
    Algorithm: {TBA-2} (ECDSAP256SHA256)
    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=

    example.net. 3600 IN DNSKEY 257 3 {TBA-2} (
            {value-derived-from-TBA-2} )

    example.net. 3600 IN DS 55648 {TBA-2} 2 (
            {value-derived-from-TBA-2} )

    www.example.net. 3600 IN A 192.0.2.1
    www.example.net. 3600 IN RRSIG A {TBA-2} 3 3600 (
            20100909100439 20100812100439 55648 example.net.
            {value-derived-from-TBA-2} )

    [[ With the sample TBA values, we get these filled-in examples:

    Private-key-format: v1.2
    Algorithm: 13 (ECDSAP256SHA256)
    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=

    example.net. 3600 IN DNSKEY 257 3 13 (
            GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
            krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )

    example.net. 3600 IN DS 55648 13 2 (
            b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
            e2770ce6d6e37df61d17 )

    www.example.net. 3600 IN A 192.0.2.1
    www.example.net. 3600 IN RRSIG A 13 3 3600 (
            20100909100439 20100812100439 55648 example.net.
            qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
            yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )

     ]]

Doing it this way makes it obvious where the values are being used, as 
well as providing a test sample that can be used based on the example 
values.

Thoughts?

     Tony Hansen



More information about the rfc-interest mailing list