[DNSSEC-Transparency] DNSSEC chain wire format

Linus Nordberg linus at nordu.net
Tue Feb 2 17:12:12 CET 2016


Paul,

Thanks for the pointer to draft-ietf-dnsop-edns-chain-query. At first I
was horrified to learn that the wire format didn't include ordering of
records (or any other canonicalisation). After skimming the getdns code,
I guess I'll be fine.

If not, you'll hear from me again. :)


Paul Wouters <paul at nohats.ca> wrote
Mon, 1 Feb 2016 19:30:54 +0100:

| Dns binary format similar to draft-dnsops-edns-query-chain. 
| 
| The stock dns libraries can be used.
| 
| This is also the format the new TLS dnssec extension will use.
| 
| Paul
| 
| Sent from my iPhone
| 
| > On Feb 1, 2016, at 18:09, Linus Nordberg <linus at nordu.net> wrote:
| > 
| > Hi,
| > 
| > We want the log to store not only DS RRs but also all keys (DNSKEY) and
| > signatures (RRSIG) needed to verify the issuer of the DS.
| > 
| > We want to require that submissions include this chain so that the log
| > doesn't have to chase them.
| > 
| > What's a good wire format for such a chain?
| > 
| > _______________________________________________
| > DNSSEC-Transparency mailing list
| > DNSSEC-Transparency at lists.sunet.se
| > https://lists.sunet.se/listinfo/dnssec-transparency



More information about the DNSSEC-Transparency mailing list