Re: [IPSECKEY] IPSECKEY inheritance of DNSSEC algorithm registry

[Ólafur Guðmundsson <ogud@ogud.com>]

At 19:00 2003-06-17, Sam Weiler wrote:
>The IPSECKEY RR definition draft is nearing WG last call -- this would
>be a good time to review the document.
>
>The chairs would particularly like feedback on whether or not the
>IPSECKEY record should inherit format definitions from the DNS
>Security Algorithm registry -- if someone defines a (DNS)KEY RR format
>for Sam's Public Key Algorithm, does it automagically show up as an
>IPSECKEY format?
>
>The text in draft-ietf-ipseckey-rr-04.txt is internally inconsistent,
>but the intent with this version was that, yes, the formats are
>inherited.

To repeat what I said on June 19'th 
http://www.sandelman.ca/lists/html/ipseckey/msg00201.html

There is no way to avoid having different registry, the main reason is we can
not guarantee that one registry will contain all algorithms needed.
For example IPSEC may adopt ECC while DNSSEC may not, thus IPSECKEY will
not be able to inherit ECC wire format from DNS.

The format of the registry can be quite simple, IPSECKEY registry
entry for algorithm N is that wire format is identical as specified in 
RFCxxxx section yy.

The same comment applies to the registry for DNSKEY in the type code rollover,
so that document needs updated IANA considerations section.

         Olafur

-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.