IETF Logo Mail Archive

Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03

Joe Abley <jabley@hopcount.ca> Thu, 30 July 2009 12:00 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8911F3A69DF; Thu, 30 Jul 2009 05:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.048
X-Spam-Level:
X-Spam-Status: No, score=-1.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEOnwlRnuKBA; Thu, 30 Jul 2009 05:00:23 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8BD903A68A9; Thu, 30 Jul 2009 05:00:23 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MWUEd-000B4o-KF for namedroppers-data0@psg.com; Thu, 30 Jul 2009 11:55:47 +0000
Received: from [199.212.90.4] (helo=monster.hopcount.ca) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1MWUEX-000B40-UX for namedroppers@ops.ietf.org; Thu, 30 Jul 2009 11:55:45 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=monster; d=hopcount.ca; h=Received:Cc:Message-Id:From:To:In-Reply-To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:X-Mailer; b=XWoAgqoWL+o9f/HLY5wevk0lywm0YhytM8A8mNGJ9xGK+LIJgJj0N2X8q7npc251W/vjtP+8y8AbdupoKKus39Xmwignodh32btp8ug0yLzhPmpxSWRJPdP+ZN5G446j;
Received: from [130.129.87.217] (helo=dhcp-57d9.meeting.ietf.org) by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1MWUEU-0001Mh-W0; Thu, 30 Jul 2009 11:55:39 +0000
Cc: Michael Graff <mgraff@isc.org>, namedroppers@ops.ietf.org
Message-Id: <366FFEDE-0861-436B-9536-A3A292EB4126@hopcount.ca>
From: Joe Abley <jabley@hopcount.ca>
To: bert hubert <bert.hubert@gmail.com>
In-Reply-To: <3efd34cc0907291435x24ed85f3yf94093be19ef4540@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Subject: Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
Date: Thu, 30 Jul 2009 13:55:37 +0200
References: <4A702AE1.10201@isc.org> <3efd34cc0907291435x24ed85f3yf94093be19ef4540@mail.gmail.com>
X-Mailer: Apple Mail (2.935.3)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

On 29-Jul-2009, at 23:35, bert hubert wrote:

> On Wed, Jul 29, 2009 at 12:56 PM, Michael Graff<mgraff@isc.org> wrote:
>> Let me state some reasons I'm opposed to this draft's purpose, even  
>> though I
>> think some part of it would be very interesting to pursue.
>
> To add my reason why I'm opposed to this draft (versus its purpose):
> The complexity of DNSSEC is already of such stunning magnitude that
> almost anything that makes it even more complex, better have an earth
> shatteringly good reason going for it.

I think we either need to be prepared to roll algorithms in the  
future, or we don't.

If we do, then I think it's reasonable to think that in some cases an  
algorithm roll will be mandated because of a perceived weakness in one  
algorithm, and that the replacement algorithm may not be as widely  
deployed as the weak algorithm.

If we accept these points, then I think there's an operational need to  
be able to measure deployment of the new algorithm. This was Steve's  
point in his presentation yesterday, I think.

I don't think the fall from grace of an algorithm will shatter the  
earth, but it seems like something we should be prepared to do well.


Joe


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email