RFC Errata
Found 1 record.
Status: Verified (1)
RFC 4956, "DNS Security (DNSSEC) Opt-In", July 2007
Source of RFC: dnsext (int)
Errata ID: 1018
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2007-08-16
Verifier Name: Brian Haberman
Date Verified: 2012-05-01
(1) typo (technical error)
Within Section 4.2.2.2. of RFC 4956, the last sentence of the
paragraph on top of page 8 contains a wrong RCODE value.
The RFC says:
v
[...]. In particular, a NOERROR/NODATA
| (i.e., RCODE=3, but the answer section is empty) response to a DS
query may be proven by an Opt-In flagged covering NSEC record, rather
than an NSEC record matching the query name.
It should say:
v
[...]. In particular, a NOERROR/NODATA
| (i.e., RCODE=0, but the answer section is empty) response to a DS
query may be proven by an Opt-In flagged covering NSEC record, rather
than an NSEC record matching the query name.
Rationale: See RCODE list in RFC 1035 [1], page 27, and RFC 2181 [8].
(2) missing article
Still on page 8, an article is missing in the third bullet
in Section 4.2.4 .
The RFC says:
o sending a NOERROR/NODATA response when query type is DS and the
| covering NSEC is tagged as Opt-In, unless NSEC record's owner name
matches the query name.
^
It should say:
o sending a NOERROR/NODATA response when query type is DS and the
| covering NSEC is tagged as Opt-In, unless the NSEC record's owner
name matches the query name.
^^^^^
(3) inconsistency
There's a small inconsistency in the presentation of DNS querys
(and responses) in Section 6.
In almost all instances, in that context the text gives domain
names with the DNS 'root label', the trailing dot.
Yet, in the second line of the first paragraph on page 10,
this dot is missing twice.
The RFC says:
In this example, a query for a signed RRset (e.g., "FIRST-
| SECURE.EXAMPLE A") or a secure delegation ("WWW.SECOND-SECURE.EXAMPLE
A") will result in a standard DNSSEC response.
It should say:
In this example, a query for a signed RRset (e.g., "FIRST-
| SECURE.EXAMPLE. A") or a secure delegation ("WWW.SECOND-
| SECURE.EXAMPLE. A") will result in a standard DNSSEC response.
^
(4) text truncation
In Section 9, on top of page 13, the list of acknowledged people
apparently has been truncated.
The RFC says:
v
| Mats Kolkman, Edward Lewis, Ted Lindgreen, Rip Loomis, Bill
Manning, Dan Massey, Scott Rose, Mike Schiraldi, Jakob Schlyter,
Brian Wellington.
The -09 draft had the following list:
| Mats Dufberg, Miek Gieben, Olafur Gudmudsson, Bob Halley, Olaf
Kolkman, Edward Lewis, Ted Lindgreen, Rip Loomis, Bill Manning,
Dan Massey, Scott Rose, Mike Schiraldi, Jakob Schlyter, Brian
Wellington.
AFAICS, most probably the draft was o.k. and the bulk of the first
line of that list has been lost in the publication process.
(5) references
RFC 3655 [3] and RFC 3090 [10] have been incorporated into, and
formally been obsoleted by RFC 4033..35 [4][5][6].
IMHO, it is therefore inappropriate to list [3] as a Normative
Reference in Section 10.1, and it it of questionable benefit
to list both [3] and [10] at all in Section 10.
I apologize for not having caught and reported items (1)..(3) and
(5) when I once studied the -09 draft version of the document;
item (4) is new.
I strongly recommend to post an RFC Errata Note covering at least
items (1) and (4).