RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Rejected (2)

RFC 8624, "Algorithm Implementation Requirements and Usage Guidance for DNSSEC", June 2019

Note: This RFC has been updated by RFC 9157

Source of RFC: dnsop (ops)

Errata ID: 6227
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Mats Dufberg
Date Reported: 2020-07-10
Rejected by: Mohamed Boucadair
Date Rejected: 2025-06-02

Section 6 says:

   This document has no IANA actions.

It should say:

   This document updates the IANA registry "Delegation Signer (DS) Resource 
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   +--------+-----------------+-------------------+-------------------+

   [*] - This is a special type of CDS record signaling removal of DS at
         the parent in [RFC8078].


   This document updates the IANA registry "DNS Security Algorithm Numbers". 
   The registry has been updated by the following table from section 3.1:

   +--------+--------------------+-----------------+-------------------+
   | Number | Mnemonics          | DNSSEC Signing  | DNSSEC Validation |
   +--------+--------------------+-----------------+-------------------+
   | 1      | RSAMD5             | MUST NOT        | MUST NOT          |
   | 3      | DSA                | MUST NOT        | MUST NOT          |
   | 5      | RSASHA1            | NOT RECOMMENDED | MUST              |
   | 6      | DSA-NSEC3-SHA1     | MUST NOT        | MUST NOT          |
   | 7      | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | MUST              |
   | 8      | RSASHA256          | MUST            | MUST              |
   | 10     | RSASHA512          | NOT RECOMMENDED | MUST              |
   | 12     | ECC-GOST           | MUST NOT        | MAY               |
   | 13     | ECDSAP256SHA256    | MUST            | MUST              |
   | 14     | ECDSAP384SHA384    | MAY             | RECOMMENDED       |
   | 15     | ED25519            | RECOMMENDED     | RECOMMENDED       |
   | 16     | ED448              | MAY             | RECOMMENDED       |
   +--------+--------------------+-----------------+-------------------+


Notes:

The document clearly has the intention to update the IANA registers, which is also stated in the document, but not in section 6 ("IANA Considerations").
--VERIFIER NOTES--
This document does not have the intention indicated in the erratum. Please see
* https://mailarchive.ietf.org/arch/msg/dnsop/KXEI6RgnkN-S4uKL8DvhwGEsYrI/
* https://mailarchive.ietf.org/arch/msg/dnsop/GdpzvW7nqQ20BkKAchg74Wm398M/

FWIW, an update of RFC8624 is being finalized (draft-ietf-dnsop-rfc8624-bis) with a set of IANA actions to reflect the changes made in the bis itself, not the original RFC8624.

Errata ID: 8144
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Robert Wagner
Date Reported: 2024-10-16
Rejected by: Mohamed Boucadair
Date Rejected: 2025-06-02

Section 3.3 says:

 This document updates the IANA registry "Delegation Signer (DS) Resource
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   +--------+-----------------+-------------------+-------------------+

It should say:

This document updates the IANA registry "Delegation Signer (DS) Resource
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   | 5      | SHA-512         | MAY               | MAY               |
   +--------+-----------------+-------------------+-------------------+

Notes:

Requesting DNSSEC be allowed to fully support the
Commercial National Security Algorithm Suite 2.0 - series of hashes.
This is part of NISTs Post Quantum Cryptography effort
--VERIFIER NOTES--
Please see
* https://mailarchive.ietf.org/arch/msg/dnsop/KXEI6RgnkN-S4uKL8DvhwGEsYrI/
* https://mailarchive.ietf.org/arch/msg/dnsop/EgKunMFXJ_0ZxHvhRNQTPBvccIY/

Report New Errata



Advanced Search