Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
Joe Abley <jabley@hopcount.ca> Thu, 30 July 2009 12:00 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8911F3A69DF; Thu, 30 Jul 2009 05:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.048
X-Spam-Level:
X-Spam-Status: No, score=-1.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEOnwlRnuKBA; Thu, 30 Jul 2009 05:00:23 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8BD903A68A9; Thu, 30 Jul 2009 05:00:23 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MWUEd-000B4o-KF for namedroppers-data0@psg.com; Thu, 30 Jul 2009 11:55:47 +0000
Received: from [199.212.90.4] (helo=monster.hopcount.ca) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1MWUEX-000B40-UX for namedroppers@ops.ietf.org; Thu, 30 Jul 2009 11:55:45 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=monster; d=hopcount.ca; h=Received:Cc:Message-Id:From:To:In-Reply-To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:X-Mailer; b=XWoAgqoWL+o9f/HLY5wevk0lywm0YhytM8A8mNGJ9xGK+LIJgJj0N2X8q7npc251W/vjtP+8y8AbdupoKKus39Xmwignodh32btp8ug0yLzhPmpxSWRJPdP+ZN5G446j;
Received: from [130.129.87.217] (helo=dhcp-57d9.meeting.ietf.org) by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1MWUEU-0001Mh-W0; Thu, 30 Jul 2009 11:55:39 +0000
Cc: Michael Graff <mgraff@isc.org>, namedroppers@ops.ietf.org
Message-Id: <366FFEDE-0861-436B-9536-A3A292EB4126@hopcount.ca>
From: Joe Abley <jabley@hopcount.ca>
To: bert hubert <bert.hubert@gmail.com>
In-Reply-To: <3efd34cc0907291435x24ed85f3yf94093be19ef4540@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Subject: Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
Date: Thu, 30 Jul 2009 13:55:37 +0200
References: <4A702AE1.10201@isc.org> <3efd34cc0907291435x24ed85f3yf94093be19ef4540@mail.gmail.com>
X-Mailer: Apple Mail (2.935.3)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
On 29-Jul-2009, at 23:35, bert hubert wrote: > On Wed, Jul 29, 2009 at 12:56 PM, Michael Graff<mgraff@isc.org> wrote: >> Let me state some reasons I'm opposed to this draft's purpose, even >> though I >> think some part of it would be very interesting to pursue. > > To add my reason why I'm opposed to this draft (versus its purpose): > The complexity of DNSSEC is already of such stunning magnitude that > almost anything that makes it even more complex, better have an earth > shatteringly good reason going for it. I think we either need to be prepared to roll algorithms in the future, or we don't. If we do, then I think it's reasonable to think that in some cases an algorithm roll will be mandated because of a perceived weakness in one algorithm, and that the replacement algorithm may not be as widely deployed as the weak algorithm. If we accept these points, then I think there's an operational need to be able to measure deployment of the new algorithm. This was Steve's point in his presentation yesterday, I think. I don't think the fall from grace of an algorithm will shatter the earth, but it seems like something we should be prepared to do well. Joe -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] comments on draft-crocker-dnssec-algo-si… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Wouters
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- [dnsext] dnssec-algo-signal & Roy bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Joe Abley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Andreas Gustafsson
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Mark Andrews
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Niall O'Reilly
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- [dnsext] Re: comments on draft-crocker-dnssec-alg… Anand Buddhdev
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Bob Halley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- edns fallback (was Re: [dnsext] comments on draft… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Eric Osterweil
- Re: edns fallback (was Re: [dnsext] comments on d… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Vixie
- Re: edns fallback (was Re: [dnsext] comments on d… Mark Andrews
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Wouters