william(at)elan.net wrote:
I was reading through IIM draft and noticed what I believe to be a syntax
problem. The draft in section 6.1.2 specifies that for dns verification
the record should be stored at keyfp._krs.example.com in KR type record,
and keyfp is base64.
Base64 is described in RFC3548 (btw - you need to specify if your use
of BASE64 is as described in section 3 of RFC3548 or section 4 - section4
is the one that is URL safe and you send keyfp to KRS server as GET
parameter; but most people when talking about BASE64 mean the encoding
described in section 3 of RFC3548). The encoding uses both upper and
lowercase latin alphabet and "=" sign. DNS records are however
case-insensitive and I think "=" is invalid character for host name.
With respect to the case conversion: Good catch; it does work as is but
case conversion results in many more collisions than we intended to have.
With respect to the characters: I just ran a little experiment with BIND
9, manually editing the zone file and I had no problems with +, /, or =
in the name of a TXT record. I can't say how more sophisticated DNS
tools would work, though. But I think the case conversion alone will
probably be enough to keep us from sticking with base64 so it's probably
not worth trying to figure out.
We'll let you know once we have thought some more about the right way to
go (I suspect it'll be base16).
Thanks for the correction!
-Jim