--- Begin Message ---
Hi Otto,
>From 2023-09-13 to 2023-12-06 the Hash Algorithm field of the ZONEMD record
>will be set to 241 (the first value in the private use range).
On 2023-12-06 we will change it to Hash Algorithm 1, which is SHA-384.
DW
> On Jul 20, 2023, at 11:02 PM, Otto Moerbeek <[email protected]> wrote:
>
> Hello,
>
> thanks you for working on this!
>
> From the description it is not clear what the Hash Algorithm of the
> ZONEMD record included in the downloadable zone file will be per Sept
> 6th. Will this ZONEMD record also use a private algorihtm and switch
> to SHA-384 at a later moment? If so, when?
>
> Thanks,
>
> -Otto
>
> On Wed, Jul 19, 2023 at 04:10:25PM +0000, Wessels, Duane via dns-operations
> wrote:
>
>> Date: Wed, 19 Jul 2023 16:10:25 +0000
>> From: "Wessels, Duane" <[email protected]>
>> To: Andy Smith via dns-operations <[email protected]>
>> Subject: Root zone operational announcement: introducing ZONEMD for the
>> root zone
>>
>> I am pleased to announce that Message Digests for DNS Zones, also known as
>> ZONEMD, will be added to the root zone later this year. This feature,
>> specified in RFC 8976, adds cryptographic data protections to the zone as a
>> whole, allowing the recipient to verify the authenticity of the zone’s
>> contents.
>>
>> ZONEMD will be added to the root zone using a phased approach. On September
>> 13, 2023, a ZONEMD record will make its first appearance in the root zone.
>> At this time the Hash Algorithm field will be set to a private use algorithm
>> number, making the ZONEMD record deliberately unverifiable.
>>
>> On December 6, 2023, the ZONEMD record will be published with the SHA-384
>> Hash Algorithm, thereby making it verifiable.
>>
>> We expect no operational impacts for end users. ZONEMD does not affect root
>> zone queries and responses. The root server operators have agreed to not
>> alter their zone ingestion processes for at least a year after ZONEMD is
>> first introduced.
>>
>> Anyone that downloads the root zone file from
>> http://secure-web.cisco.com/13zHe0PSUNNCJBM54qbqfvmLTQg1GfbkWLEKyj11uJKxr0cKwV4m8nmumCACCRc4TgWQiGSCfSGuab49nQ6t190PzZtdsghnWGBape45q7yscRuI72y4rVA9FKtruoIUJQOYRD6hxmpgoa0lss35RtP8oNP419dfbfY8ihpz2HiszKMFbjYaocQQtWkQRKyEoPgOCXuUYIOZH5HpdhzIBT3zEwLzflnqL6eR3vOHzkuaVR_loD-7WM4o8M-F3-mIdQ6_IU5BkH_ZZ8ZDDpoXPLuPtbA4-cR5rjj38JhobF0bvH1PXHByckj2a54_02zMz/http%3A%2F%2Fwww.internic.net
>> or rs.internic.net should be aware that it will include the new ZONEMD
>> resource record in its native presentation format starting on September 6th.
>>
>> Please feel free to follow up with any questions or concerns.
>>
>> References and further reading:
>>
>> [1] RFC 8976: “Message Digest for DNS Zones”,
>> https://secure-web.cisco.com/1XacvzAe3KCmD305ieQ292ovYQ65x-D9JyNQdhLvttzBjgk_MG_6FPETg8ekoItXo6qHCk148b0VNJDrijtKvnuhj8UrvfHd7HBzGvj4F4ggvNm8WmQRjo5OBRwa5Oq9zVIsC8y89tmSj2huHT0eluDy04igbLGg3IfodIUxONEjurDcYsu6e9cKU0ovYEEg-lW5fWr5WHv3k35aCnqYXpmej0QhYGklxxdrPwiuQCW49VFfxdg_MFcumelbQdTeOIBwvSoHdjUP3Cy6h-jFkMLRcMch-gtVEooh55H6OUK7QqXX-lgDEjF1Y7kfAR5xz/https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc8976
>> [2] Root Server Operators Statement on adding ZONEMD to the root zone,
>> https://secure-web.cisco.com/1csi7pcWnfEk3MLCMTDpMIepUdApvVU-b-tnpRX8PnOKn9nNkbrgZcZH62k21N7DUG8idMbIuxr-PBwCg3jX0SY2AegsYwVyMTfeARtd1s8147gy-akpwRWMoYlEgiJeWr4cw-JDy68YPNrnP0kNTeaWXhUsXID92S4aPLSCsW1xsNRaXBxRoeLaTw4BJnfQXdKOWbCUPpgIKwolYYobY4I0A3vwcYS-PnVIxOcaCMe3k8haS7ZzAP0Udcs1prvi9xIIdE3FL1lXocAMOJeZiNlri6V4KDKge_hGAMm32TFeDk5oC_eoM68noNMSAjTCI/https%3A%2F%2Froot-servers.org%2Fmedia%2Fnews%2F2022-08-Statement_on_ZONEMD.pdf
>> [3] RZERC003: “Adding Zone Data Protections to the Root Zone”,
>> https://secure-web.cisco.com/12BOkeZeIXXEc8bHPskskIPYYEB5j6atSHInZVGViHpuEsWFd3i3ORxxQF3d-hBwCUZsL9QLcUDwYl0JO1OMo_1bDLdiEr6SE4gT85zTFYDCN-Y3z0bBPvh6FYjzXltQy1zQY4L4-Z3BrnqpukWZRGIr3SkjWMkw8638PhkW8B41dLIS-IHIwqzAAvoY3lvNNWBJ-Eqon1isiSlBcfFrjJmbexUozG_3TRgPeaPMfzWUYfAAXeJ3wuOe3ym7K6QjqtXdi1KbHhX8_0K0hKVLNAoQ3kqKE8jzExHxgqEJtBrAU-pw_Zd23n-_lt66FBC13/https%3A%2F%2Fwww.icann.org%2Fuploads%2Fckeditor%2Frzerc-003-en.pdf
>> [4] Verisign Blog: “Adding ZONEMD Protections to the Root Zone”,
>> https://blog.verisign.com/security/root-zone-zonemd/
>> [5] APNIC Ping Podcast episode “Adding ZONEMD protections to the root zone”,
>> https://secure-web.cisco.com/18iOqVl2cAOdTphmSsXOmBUjIRxkAH7WRakcRt_PS4P13-NQr-6u5XqSCjbCDss9R8Zm5S3akf5o1AEq5ib0ezfpX-l0Ev3ZXbLj2p-WCMQHti2hedZNF99ok0C33OrnviXVDn5Qnrqa7BnBIP9ec38evs3V4ucParLvxRoMmYIY9lA_-GuAvcWpDTLphlhWTXXbV7LNUzprP0MOKGCw67sbVz5VX98v7N1bGZuGQrft-PzTS_P_oa9i2NA8ZI4niQK7xED4v8dKK4NXNyTRJjvBEPGQ-D9B0oVzmxsdbpxZ4fBuLUe1gpXI84O4zX3Ap/https%3A%2F%2Fblubrry.com%2Fping_podcast%2F108940688%2Fadding-zonemd-protections-to-the-root-zone%2F
>>
>>
>> DW
>>
>>
>
>> _______________________________________________
>> dns-operations mailing list
>> [email protected]
>> https://secure-web.cisco.com/1AlQYdWZx2loSVTq_AB_fzLxTrTb-Nd6IEjAd_y2775l_wu1kaDjoUoRry_Tb0oES_eZp25PwfZOEJq8FuVaPku1-YCm8J_6Xvs__jOJbIcOhLaTeasRGcLi7ZD0Cv_90gwBiJHypZWaSYhy1ij1DEfbAJ7X_ztB_u579dqifOOAeGwI0MiEs59hYw76qcTVbag0q4u7D2yT-BoGCLtQY_r6arvN5lt9cjF3k356TwWPlvb3vWA8BSo5TNRvyaB_qJIeKFz5sWtp72Icpz3ByqFSGfadBYur0xIXQsUJuzz6WXpWyKiBkryHiJ5fRUHbP/https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations
>
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
