[rfc-i] Proper way to include examples with yet-to-be-assigned values?
Tony Hansen
tony at att.com
Fri Aug 13 11:22:56 PDT 2010
On 8/12/2010 6:28 PM, Paul Hoffman wrote:
> At 3:09 PM -0700 8/12/10, Joe Touch wrote:
>
>> Having just done this, I used:
>>
>> TBD-IANA-KIND
>>
> Sorry, I wasn't clear. We did "TBD" for the name of the new algorithm, but we had to include a number in our calculations, so we had to pick one.
>
> And, to be less obscure, see section 6 of<http://tools.ietf.org/html/draft-hoffman-dnssec-ecdsa-03>.
So, let's look at what you put into draft-hoffman-dnssec-ecdsa-03 :
[[ IMPORTANT NOTE: This section is to be used for testing only. This
document has not been approved as an RFC, so the algorithm codes MUST
NOT be used on the Internet, only in test environments. The examples
use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
6.1. P-256 Example
Private-key-format: v1.2
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
example.net. 3600 IN DNSKEY 257 3 13 (
GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
example.net. 3600 IN DS 55648 13 2 (
b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
e2770ce6d6e37df61d17 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A 13 3 3600 (
20100909100439 20100812100439 55648 example.net.
qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
Now, I'm guess as to which of the values shown here are TBA-1 to -3.
What if you were to write:
[[ IMPORTANT NOTE: This section is to be used for testing only. This
document has not been approved as an RFC, so the algorithm codes MUST
NOT be used on the Internet, only in test environments. The examples
use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
6.1. P-256 Example
Private-key-format: v1.2
Algorithm: {TBA-2} (ECDSAP256SHA256)
PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
example.net. 3600 IN DNSKEY 257 3 {TBA-2} (
{value-derived-from-TBA-2} )
example.net. 3600 IN DS 55648 {TBA-2} 2 (
{value-derived-from-TBA-2} )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A {TBA-2} 3 3600 (
20100909100439 20100812100439 55648 example.net.
{value-derived-from-TBA-2} )
[[ With the sample TBA values, we get these filled-in examples:
Private-key-format: v1.2
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
example.net. 3600 IN DNSKEY 257 3 13 (
GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
example.net. 3600 IN DS 55648 13 2 (
b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
e2770ce6d6e37df61d17 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A 13 3 3600 (
20100909100439 20100812100439 55648 example.net.
qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
]]
Doing it this way makes it obvious where the values are being used, as
well as providing a test sample that can be used based on the example
values.
Thoughts?
Tony Hansen
More information about the rfc-interest
mailing list