Re: [dnsext] draft-crocker-dnssec-algo-signal-03 -- more time please!
Patrik Fältström <paf@cisco.com> Thu, 03 September 2009 13:34 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68E2D3A67C1; Thu, 3 Sep 2009 06:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.687
X-Spam-Level:
X-Spam-Status: No, score=-7.687 tagged_above=-999 required=5 tests=[AWL=0.508, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3FDEYUdMfFz; Thu, 3 Sep 2009 06:34:08 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 145013A6781; Thu, 3 Sep 2009 06:34:08 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MjCM4-0007wo-HM for namedroppers-data0@psg.com; Thu, 03 Sep 2009 13:28:00 +0000
Received: from [144.254.224.140] (helo=ams-iport-1.cisco.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from <pfaltstr@cisco.com>) id 1Mj8HV-0006tB-90 for namedroppers@ops.ietf.org; Thu, 03 Sep 2009 09:07:02 +0000
X-Files: PGP.sig : 186
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoMAAJsjn0qQ/uCKe2dsb2JhbACbPAEBFiQGpViIQQGQMAWEG4Fc
X-IronPort-AV: E=Sophos; i="4.44,324,1249257600"; d="sig'?scan'208"; a="48520124"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 03 Sep 2009 09:06:59 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n8396x4W018838; Thu, 3 Sep 2009 11:06:59 +0200
Received: from xbh-ams-101.cisco.com (xbh-ams-101.cisco.com [144.254.74.71]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n8396xJv009358; Thu, 3 Sep 2009 09:06:59 GMT
Received: from xfe-ams-101.cisco.com ([144.254.231.93]) by xbh-ams-101.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 3 Sep 2009 11:06:59 +0200
Received: from [192.168.1.129] ([10.61.83.40]) by xfe-ams-101.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 3 Sep 2009 11:06:58 +0200
Cc: Andrew Sullivan <ajs@shinkuro.com>, DNSEXT WG <namedroppers@ops.ietf.org>, "Scott W. Rose" <scott.rose@nist.gov>
Message-Id: <EF8465F4-ABCB-45E9-8457-7BCCA6E88377@cisco.com>
From: Patrik Fältström <paf@cisco.com>
To: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <37456F94-B77B-4842-9583-8E56C8B74F83@shinkuro.com>
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Apple-Mail-4-931194733"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: [dnsext] draft-crocker-dnssec-algo-signal-03 -- more time please!
Date: Thu, 03 Sep 2009 11:06:57 +0200
References: <583565A9-886F-41FB-92EA-B9F3E6741A7C@cisco.com> <434ECD68-79BB-45F1-8A68-A4CD8E4A3E11@cisco.com> <20090902161155.GS16078@shinkuro.com> <577B1F45-F1C0-4024-9B9E-F4849790084F@cisco.com> <37456F94-B77B-4842-9583-8E56C8B74F83@shinkuro.com>
X-Pgp-Agent: GPGMail d55 (v55, Leopard)
X-Mailer: Apple Mail (2.936)
X-OriginalArrivalTime: 03 Sep 2009 09:06:58.0822 (UTC) FILETIME=[E466D260:01CA2C75]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2962; t=1251968819; x=1252832819; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=paf@cisco.com; z=From:=20=3D?ISO-8859-1?Q?Patrik_F=3DE4ltstr=3DF6m?=3D=20<p af@cisco.com> |Subject:=20Re=3A=20[dnsext]=20draft-crocker-dnssec-algo-si gnal-03=20--=20more=20time=20please! |Sender:=20; bh=Ad/SdmY0DKt2j5Pbpovyhmh2avsnoIG5cCrWf2QY+Qg=; b=j5eN/O72qhPrj2oUnCURhcM/rSFoVjc5e9DcysypWjFCW5cQg4rXSVASR8 qdhgaB3/HNrmyN03oD6e2uXcZ6FrOwXGeNPpc+JtOMWF94nqh/W5dlCBDMC9 5EGLiBoDba;
Authentication-Results: ams-dkim-1; header.From=paf@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
On 3 sep 2009, at 07.55, Steve Crocker wrote:
> Thanks for taking on this task. I am a bit confused about what
> you're reporting. I understand there is controversy about whether
> the WG should be more or less permissive in the admission of new
> algorithms, but our proposal is neutral with respect to that issue.
> We propose to include signalling in the query in order to facilitate
> the phase out of old algorithms when newer ones are being fielded.
>
> It some are arguing that the very existence of the signalling
> mechanism may open the door to too many algorithms, I want to push
> back vigorously. We did not create this proposal in order to
> facilitate the adoption of more algorithms. At least some new
> algorithms are clearly coming, e.g. SHA256 and ECC, so there's no
> question that we will face one or more transitions. If there is to
> be a linkage between our proposal and Paul Hoffman's, it should be
> in the other direction. Our proposal should be adopted in all
> cases. His proposal should not be adopted unless ours is too.
>
> The only detail that might be affected by future policy is how many
> algorithm identifiers to anticipate. I believe we can signal which
> of 256 different algorithms are known to the requester. If this is
> insufficient, then the field that encodes that subset needs to be
> adjusted. But I sincerely hope we're not going to come anywhere
> close to that number in the foreseeable future.
>
> So, can you clarify if you really did get input that tended to push
> against our proposal because it might be seen as permissive toward
> admitting new algorithms?
Well, I do not want to use the wording "push back", more that people
very much wanted more clear text about the fact one such registration
mechanism (that is good) is NOT opening the flood gates. Having a
registration mechanism does of course not by itself imply any changes
in how easy or hard it is to start using a new algorithm.
So, my feeling was that people to feel more comfortable would like to
see a companion document that clarify this thing, and looks at
"interoperability issues with multiple encryption algorithms".
They where not against your document per se.
More clear?
Patrik
- [dnsext] draft-crocker-dnssec-algo-signal-03 -- m… Patrik Fältström
- Re: [dnsext] draft-crocker-dnssec-algo-signal-03 … Eric Osterweil
- Fwd: [dnsext] draft-crocker-dnssec-algo-signal-03… Patrik Fältström
- Re: Fwd: [dnsext] draft-crocker-dnssec-algo-signa… Andrew Sullivan
- Re: [dnsext] draft-crocker-dnssec-algo-signal-03 … Patrik Fältström
- Re: [dnsext] draft-crocker-dnssec-algo-signal-03 … Steve Crocker
- Re: [dnsext] draft-crocker-dnssec-algo-signal-03 … Patrik Fältström