Re: [dane] Digest Algorithm Agility discussion (checkpoint)

[Viktor Dukhovni <viktor1dane@dukhovni.org>]

Thanks to everyone who contributed to this point.  My conclusions
so far:

    - Since "local policy" may exclude an arbitrary subset of the
      digest algorithms from consideration, whether the digest
      algorithm employed by clients is as I suggest, or not, server
      operators MUST apply the SAME set of digests to all objects
      published in a TLSA RRset, since otherwise the "visibility"
      of objects in the RRset will be client dependent.

    - Given the above clients either MAY or SHOULD apply the
      algorithm I propose, it provides incremental benefit before
      weaker algorithms are dropped, and reduces risks to servers
      that publish weaker algorithms.

      For example, with opportunistic TLS, client and server
      implementations can safely leave weaker cipher-suites at a
      low priority on their cipher-lists, because these will not be
      chosen when stronger options are available.  When nothing
      better is available, these are at least better than cleartext.

If "local policy" per 6698, includes the possibility of "adaptive
local policy" that depends on the server's TLSA RRset content, then
my proposal is already an implicit MAY per 6698.  I'd like to propose
to elevate it to a SHOULD, while emphasizing the MUST for the server
to publish cross-product TLSA RRsets when employing multiple digests.

Reminder: the proposal is that clients SHOULD apply some local
ranking to the digest algorithms, and only use those records for
each (usage, selector) combination that either have a matching type
of Full(0) or have the best ranking among all digests used with
that (usage, selector).  Clients SHOULD have a way to completely
disable algorithms.

-- 
	Viktor.