RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4641, "DNSSEC Operational Practices", September 2006

Note: This RFC has been obsoleted by RFC 6781

Source of RFC: dnsop (ops)
See Also: RFC 4641 w/ inline errata

Errata ID: 790
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2006-10-13
Verifier Name: Olaf Kolkman
Date Verified: 2006-12-01

Section 4.2.1.2 says:

   Double signature ZSK rollover involves three stages as follows:

      ----------------------------------------------------------------
      initial             new DNSKEY         DNSKEY removal
      ----------------------------------------------------------------
      SOA0                SOA1               SOA2
      RRSIG10(SOA0)       RRSIG10(SOA1)      RRSIG11(SOA2)
      RRSIG11(SOA1)

      DNSKEY1             DNSKEY1            DNSKEY1
      DNSKEY10            DNSKEY10           DNSKEY11
      DNSKEY11
      RRSIG1(DNSKEY)      RRSIG1(DNSKEY)     RRSIG1(DNSKEY)
      RRSIG10(DNSKEY)     RRSIG10(DNSKEY)    RRSIG11(DNSKEY)
      RRSIG11(DNSKEY)
      ----------------------------------------------------------------

                Double Signature Zone Signing Key Rollover

It should say:

   Double signature ZSK rollover involves three stages as follows:

      ----------------------------------------------------------------
      initial             new DNSKEY         DNSKEY removal
      ----------------------------------------------------------------
      SOA0                SOA1               SOA2
      RRSIG10(SOA0)       RRSIG10(SOA1)      RRSIG11(SOA2)
|                         RRSIG11(SOA1)

      DNSKEY1             DNSKEY1            DNSKEY1
      DNSKEY10            DNSKEY10           DNSKEY11
|                         DNSKEY11
      RRSIG1(DNSKEY)      RRSIG1(DNSKEY)     RRSIG1(DNSKEY)
      RRSIG10(DNSKEY)     RRSIG10(DNSKEY)    RRSIG11(DNSKEY)
|                         RRSIG11(DNSKEY)
      ----------------------------------------------------------------

                Double Signature Zone Signing Key Rollover

Notes:

The mis-alignment of the indicated 3 lines breaks the
intended presentation of the procedure; cf. subsequent RFC text.

The initial report was corrected by Yue Luo 2007-11-16 so that "RRSIG11" in the last row is in "New DNSKEY" stage instead of "initial" stage.

Report New Errata



Advanced Search