[rfc-i] Proper way to include examples with yet-to-be-assigned values?
RFC Editor
rfc-editor at rfc-editor.org
Fri Aug 13 17:49:23 PDT 2010
Hi Paul,
The RPC agrees with Bob's and Tony's suggestions that TBA-1, TBA-2,
... TBA-N could be used throughout the text to represent the
IANA-assigned values throughout where possible. For the example,
something like the following be ideal (using
http://www.ietf.org/id/draft-hoffman-dnssec-ecdsa-03.txt as an
example):
6. Examples
The following are some examples of ECDSA keys and signatures in DNS
format.
[[ IMPORTANT NOTE: This section is to be used for testing only.
This document has not been approved as an RFC, so the algorithm
codes MUST NOT be used on the Internet, only in test environments.
The examples use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
[[RFC EDITOR NOTE: The examples below need to be updated according
to the IANA-assigned values. We used the example values described
above. Please update as necessary and verify that the updates are
correct with the authors during AUTH48.]]
6.1. P-256 Example
Private-key-format: v1.2
Algorithm: TBA-2 (ECDSAP256SHA256)
PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
example.net. 3600 IN DNSKEY 257 3 TBA-2 (
GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
example.net. 3600 IN DS 55648 TBA-2 2 (
b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
e2770ce6d6e37df61d17 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A TBA-2 3 3600 (
20100909100439 20100812100439 55648 example.net.
qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
6.2. P-384 Example
Private-key-format: v1.2
Algorithm: TBA-3 (ECDSAP384SHA384)
PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vw
W7BOrbawVmVe0d9V94SR
example.net. 3600 IN DNSKEY 257 3 TBA-3 (
xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1
w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8
/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )
example.net. 3600 IN DS 10771 TBA-3 4 (
72d7b62976ce06438e9c0bf319013cf801f09ecc84b8
d7e9495f27e305c6a9b0563a9b5f4d288405c3008a94
6df983d6 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A TBA-3 3 3600 (
20100909102025 20100812102025 10771 example.net.
/L5hDKIvGDyI1fcARX3z65qrmPsVz73QD1Mr5CEqOiLP
95hxQouuroGCeZOvzFaxsT8Glr74hbavRKayJNuydCuz
WTSSPdz7wnqXL5bdcJzusdnI0RSMROxxwGipWcJm )
It's not quite clear to me where TBA-1 is used in the text above?
Thank you for raising this question and trying to make the updates as
clear as possible for us.
Sandy (for the RFC Production Center)
On Fri, Aug 13, 2010 at 02:22:56PM -0400, Tony Hansen wrote:
> On 8/12/2010 6:28 PM, Paul Hoffman wrote:
>> At 3:09 PM -0700 8/12/10, Joe Touch wrote:
>>
>>> Having just done this, I used:
>>>
>>> TBD-IANA-KIND
>>>
>> Sorry, I wasn't clear. We did "TBD" for the name of the new algorithm, but we had to include a number in our calculations, so we had to pick one.
>>
>> And, to be less obscure, see section 6 of<http://tools.ietf.org/html/draft-hoffman-dnssec-ecdsa-03>.
>
> So, let's look at what you put into draft-hoffman-dnssec-ecdsa-03 :
>
> [[ IMPORTANT NOTE: This section is to be used for testing only. This
> document has not been approved as an RFC, so the algorithm codes MUST
> NOT be used on the Internet, only in test environments. The examples
> use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
>
> 6.1. P-256 Example
>
> Private-key-format: v1.2
> Algorithm: 13 (ECDSAP256SHA256)
> PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
> example.net. 3600 IN DNSKEY 257 3 13 (
> GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
> krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
>
> example.net. 3600 IN DS 55648 13 2 (
> b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
> e2770ce6d6e37df61d17 )
>
> www.example.net. 3600 IN A 192.0.2.1
> www.example.net. 3600 IN RRSIG A 13 3 3600 (
> 20100909100439 20100812100439 55648 example.net.
> qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
> yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
>
> Now, I'm guess as to which of the values shown here are TBA-1 to -3. What
> if you were to write:
>
> [[ IMPORTANT NOTE: This section is to be used for testing only. This
> document has not been approved as an RFC, so the algorithm codes MUST
> NOT be used on the Internet, only in test environments. The examples
> use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
>
> 6.1. P-256 Example
>
> Private-key-format: v1.2
> Algorithm: {TBA-2} (ECDSAP256SHA256)
> PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
> example.net. 3600 IN DNSKEY 257 3 {TBA-2} (
> {value-derived-from-TBA-2} )
>
> example.net. 3600 IN DS 55648 {TBA-2} 2 (
> {value-derived-from-TBA-2} )
>
> www.example.net. 3600 IN A 192.0.2.1
> www.example.net. 3600 IN RRSIG A {TBA-2} 3 3600 (
> 20100909100439 20100812100439 55648 example.net.
> {value-derived-from-TBA-2} )
>
> [[ With the sample TBA values, we get these filled-in examples:
>
> Private-key-format: v1.2
> Algorithm: 13 (ECDSAP256SHA256)
> PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
> example.net. 3600 IN DNSKEY 257 3 13 (
> GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
> krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
>
> example.net. 3600 IN DS 55648 13 2 (
> b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
> e2770ce6d6e37df61d17 )
>
> www.example.net. 3600 IN A 192.0.2.1
> www.example.net. 3600 IN RRSIG A 13 3 3600 (
> 20100909100439 20100812100439 55648 example.net.
> qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
> yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
>
> ]]
>
> Doing it this way makes it obvious where the values are being used, as well
> as providing a test sample that can be used based on the example values.
>
> Thoughts?
>
> Tony Hansen
>
> _______________________________________________
> rfc-interest mailing list
> rfc-interest at rfc-editor.org
> https://www.rfc-editor.org/mailman/listinfo/rfc-interest
More information about the rfc-interest
mailing list