[rfc-i] Proper way to include examples with yet-to-be-assigned values?

RFC Editor rfc-editor at rfc-editor.org
Fri Aug 13 17:49:23 PDT 2010


Hi Paul,

The RPC agrees with Bob's and Tony's suggestions that TBA-1, TBA-2,
... TBA-N could be used throughout the text to represent the
IANA-assigned values throughout where possible.  For the example,
something like the following be ideal (using 
http://www.ietf.org/id/draft-hoffman-dnssec-ecdsa-03.txt as an
example): 

6.  Examples

   The following are some examples of ECDSA keys and signatures in DNS
   format.

   [[ IMPORTANT NOTE: This section is to be used for testing only.
   This document has not been approved as an RFC, so the algorithm
   codes MUST NOT be used on the Internet, only in test environments.
   The examples use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]

   [[RFC EDITOR NOTE: The examples below need to be updated according
   to the IANA-assigned values.  We used the example values described
   above.  Please update as necessary and verify that the updates are
   correct with the authors during AUTH48.]] 

6.1.  P-256 Example

   Private-key-format: v1.2
   Algorithm: TBA-2 (ECDSAP256SHA256)
   PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=

   example.net. 3600 IN DNSKEY 257 3 TBA-2 (
           GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
           krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )

   example.net. 3600 IN DS 55648 TBA-2 2 (
           b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
           e2770ce6d6e37df61d17 )

   www.example.net. 3600 IN A 192.0.2.1
   www.example.net. 3600 IN RRSIG A TBA-2 3 3600 (
           20100909100439 20100812100439 55648 example.net.
           qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
           yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )

6.2.  P-384 Example

   Private-key-format: v1.2
   Algorithm: TBA-3 (ECDSAP384SHA384)
   PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vw
   W7BOrbawVmVe0d9V94SR

   example.net. 3600 IN DNSKEY 257 3 TBA-3 (
           xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1
           w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8
           /uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )

   example.net. 3600 IN DS 10771 TBA-3 4 (
           72d7b62976ce06438e9c0bf319013cf801f09ecc84b8
           d7e9495f27e305c6a9b0563a9b5f4d288405c3008a94
           6df983d6 )

   www.example.net. 3600 IN A 192.0.2.1
   www.example.net. 3600 IN RRSIG A TBA-3 3 3600 (
           20100909102025 20100812102025 10771 example.net.
           /L5hDKIvGDyI1fcARX3z65qrmPsVz73QD1Mr5CEqOiLP
           95hxQouuroGCeZOvzFaxsT8Glr74hbavRKayJNuydCuz
           WTSSPdz7wnqXL5bdcJzusdnI0RSMROxxwGipWcJm )


It's not quite clear to me where TBA-1 is used in the text above?

Thank you for raising this question and trying to make the updates as
clear as possible for us.

Sandy (for the RFC Production Center)


On Fri, Aug 13, 2010 at 02:22:56PM -0400, Tony Hansen wrote:
> On 8/12/2010 6:28 PM, Paul Hoffman wrote:
>> At 3:09 PM -0700 8/12/10, Joe Touch wrote:
>>    
>>> Having just done this, I used:
>>>
>>> 	TBD-IANA-KIND
>>>      
>> Sorry, I wasn't clear. We did "TBD" for the name of the new algorithm, but we had to include a number in our calculations, so we had to pick one.
>>
>> And, to be less obscure, see section 6 of<http://tools.ietf.org/html/draft-hoffman-dnssec-ecdsa-03>.
>
> So, let's look at what you put into draft-hoffman-dnssec-ecdsa-03 :
>
>    [[ IMPORTANT NOTE: This section is to be used for testing only.  This
>    document has not been approved as an RFC, so the algorithm codes MUST
>    NOT be used on the Internet, only in test environments.  The examples
>    use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
>
>   6.1. P-256 Example
>
>    Private-key-format: v1.2
>    Algorithm: 13 (ECDSAP256SHA256)
>    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
>    example.net. 3600 IN DNSKEY 257 3 13 (
>            GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
>            krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
>
>    example.net. 3600 IN DS 55648 13 2 (
>            b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
>            e2770ce6d6e37df61d17 )
>
>    www.example.net. 3600 IN A 192.0.2.1
>    www.example.net. 3600 IN RRSIG A 13 3 3600 (
>            20100909100439 20100812100439 55648 example.net.
>            qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
>            yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
>
> Now, I'm guess as to which of the values shown here are TBA-1 to -3. What 
> if you were to write:
>
>    [[ IMPORTANT NOTE: This section is to be used for testing only.  This
>    document has not been approved as an RFC, so the algorithm codes MUST
>    NOT be used on the Internet, only in test environments.  The examples
>    use {TBA-1}: 4, {TBA-2}: 13, {TBA-3}: 14. ]]
>
>   6.1. P-256 Example
>
>    Private-key-format: v1.2
>    Algorithm: {TBA-2} (ECDSAP256SHA256)
>    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
>    example.net. 3600 IN DNSKEY 257 3 {TBA-2} (
>            {value-derived-from-TBA-2} )
>
>    example.net. 3600 IN DS 55648 {TBA-2} 2 (
>            {value-derived-from-TBA-2} )
>
>    www.example.net. 3600 IN A 192.0.2.1
>    www.example.net. 3600 IN RRSIG A {TBA-2} 3 3600 (
>            20100909100439 20100812100439 55648 example.net.
>            {value-derived-from-TBA-2} )
>
>    [[ With the sample TBA values, we get these filled-in examples:
>
>    Private-key-format: v1.2
>    Algorithm: 13 (ECDSAP256SHA256)
>    PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
>
>    example.net. 3600 IN DNSKEY 257 3 13 (
>            GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
>            krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
>
>    example.net. 3600 IN DS 55648 13 2 (
>            b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
>            e2770ce6d6e37df61d17 )
>
>    www.example.net. 3600 IN A 192.0.2.1
>    www.example.net. 3600 IN RRSIG A 13 3 3600 (
>            20100909100439 20100812100439 55648 example.net.
>            qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
>            yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
>
>     ]]
>
> Doing it this way makes it obvious where the values are being used, as well 
> as providing a test sample that can be used based on the example values.
>
> Thoughts?
>
>     Tony Hansen
>
> _______________________________________________
> rfc-interest mailing list
> rfc-interest at rfc-editor.org
> https://www.rfc-editor.org/mailman/listinfo/rfc-interest


More information about the rfc-interest mailing list