search

paulehoffman / draft-bash-rfc7958bis

1 stars 3 forks source link

Suggested way to include the flags with the public key #21

Closed paulehoffman closed 3 months ago

paulehoffman commented 3 months ago

Based on Petr's input, we need to include the tags with the DNSKEY public key. This is one way to do it; other ways (such as using attributes) are equivalent. Please comment.

jschlyter commented 3 months ago

It is possible to do an optional sequence like:

datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"

start = element TrustAnchor {
  attribute id { xsd:string },
  attribute source { xsd:string },
  element Zone { xsd:string },

  keydigest+
}

keyinfo =
  element PublicKey { xsd:base64Binary },
  element Flags { xsd:nonNegativeInteger { maxInclusive = "65535" } }

keydigest = element KeyDigest {
  attribute id { xsd:string },
  attribute validFrom { xsd:dateTime },
  attribute validUntil { xsd:dateTime }?,

  element KeyTag {
      xsd:nonNegativeInteger { maxInclusive = "65535" } },
  element Algorithm {
      xsd:nonNegativeInteger { maxInclusive = "255" } },
  element DigestType {
      xsd:nonNegativeInteger { maxInclusive = "255" } },
  element Digest { xsd:hexBinary },
  keyinfo?
}
paulehoffman commented 3 months ago

True, but doesn't that have the identical result of what I proposed? If so, do you prefer this for some reason?

Oooh, I see the difference. I like it, but let me think more.