Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
Michael Graff <mgraff@isc.org> Thu, 30 July 2009 12:30 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BFB463A6C3D; Thu, 30 Jul 2009 05:30:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.733
X-Spam-Level:
X-Spam-Status: No, score=-101.733 tagged_above=-999 required=5 tests=[AWL=-0.253, BAYES_00=-2.599, HELO_EQ_IP_ADDR=1.119, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8wPYi8SVr8KP; Thu, 30 Jul 2009 05:30:08 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3420B28C260; Thu, 30 Jul 2009 05:29:18 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MWUho-000Fou-K1 for namedroppers-data0@psg.com; Thu, 30 Jul 2009 12:25:56 +0000
Received: from [2001:4f8:3:ba:203:47ff:fe6c:4a31] (helo=white.flame.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <mgraff@isc.org>) id 1MWUhk-000FoC-6E for namedroppers@ops.ietf.org; Thu, 30 Jul 2009 12:25:54 +0000
Received: from white.flame.org (localhost [127.0.0.1]) by white.flame.org (Postfix) with ESMTP id 816DB327A85; Thu, 30 Jul 2009 12:25:51 +0000 (UTC)
Received: from [130.129.23.145] (dhcp-1791.meeting.ietf.org [130.129.23.145]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by white.flame.org (Postfix) with ESMTP id E476E327A84; Thu, 30 Jul 2009 12:25:49 +0000 (UTC)
References: <4A702AE1.10201@isc.org> <3efd34cc0907291435x24ed85f3yf94093be19ef4540@mail.gmail.com> <366FFEDE-0861-436B-9536-A3A292EB4126@hopcount.ca>
Message-Id: <31387FBB-4394-4285-BB63-46AB47828158@isc.org>
From: Michael Graff <mgraff@isc.org>
To: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <366FFEDE-0861-436B-9536-A3A292EB4126@hopcount.ca>
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
X-Mailer: iPhone Mail (7A341)
Mime-Version: 1.0 (iPhone Mail 7A341)
Subject: Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
Date: Thu, 30 Jul 2009 14:25:46 +0200
Cc: bert hubert <bert.hubert@gmail.com>, "namedroppers@ops.ietf.org" <namedroppers@ops.ietf.org>
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
As long as it is statistical that's good. If it is used to filter rrsigs I feel that is bad. That is all. A protocol to announce to some group once a month or something basic capabilities would be nice. Measured deployments of new and old protocols would really help decision making. --Michael On Jul 30, 2009, at 13:55, Joe Abley <jabley@hopcount.ca> wrote: > > On 29-Jul-2009, at 23:35, bert hubert wrote: > >> On Wed, Jul 29, 2009 at 12:56 PM, Michael Graff<mgraff@isc.org> >> wrote: >>> Let me state some reasons I'm opposed to this draft's purpose, >>> even though I >>> think some part of it would be very interesting to pursue. >> >> To add my reason why I'm opposed to this draft (versus its purpose): >> The complexity of DNSSEC is already of such stunning magnitude that >> almost anything that makes it even more complex, better have an earth >> shatteringly good reason going for it. > > I think we either need to be prepared to roll algorithms in the > future, or we don't. > > If we do, then I think it's reasonable to think that in some cases > an algorithm roll will be mandated because of a perceived weakness > in one algorithm, and that the replacement algorithm may not be as > widely deployed as the weak algorithm. > > If we accept these points, then I think there's an operational need > to be able to measure deployment of the new algorithm. This was > Steve's point in his presentation yesterday, I think. > > I don't think the fall from grace of an algorithm will shatter the > earth, but it seems like something we should be prepared to do well. > > > Joe -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] comments on draft-crocker-dnssec-algo-si… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Wouters
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- [dnsext] dnssec-algo-signal & Roy bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Joe Abley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Andreas Gustafsson
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bmanning
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Jeffrey A. Williams
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Mark Andrews
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Niall O'Reilly
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Michael Graff
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- [dnsext] Re: comments on draft-crocker-dnssec-alg… Anand Buddhdev
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Bob Halley
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… bert hubert
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Nicholas Weaver
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Eric Osterweil
- edns fallback (was Re: [dnsext] comments on draft… Paul Vixie
- Re: [dnsext] comments on draft-crocker-dnssec-alg… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Eric Osterweil
- Re: edns fallback (was Re: [dnsext] comments on d… Douglas Otis
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Vixie
- Re: edns fallback (was Re: [dnsext] comments on d… Mark Andrews
- Re: edns fallback (was Re: [dnsext] comments on d… Paul Wouters