[dnsext] new recommendations for algs? was Re: RSA algorithm padding...

Edward Lewis <Ed.Lewis@neustar.biz> Thu, 21 October 2010 12:24 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 195D33A699F; Thu, 21 Oct 2010 05:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.623
X-Spam-Status: No, score=-101.623 tagged_above=-999 required=5 tests=[AWL=0.976, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id gKrDTIsIgh+R; Thu, 21 Oct 2010 05:24:42 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 14B193A694A; Thu, 21 Oct 2010 05:24:42 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1P8u72-00019B-9x for namedroppers-data0@psg.com; Thu, 21 Oct 2010 12:19:16 +0000
Received: from stora.ogud.com ([]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1P8u6z-00018p-LN for namedroppers@ops.ietf.org; Thu, 21 Oct 2010 12:19:13 +0000
Received: from Work-Laptop-2.local (gatt.md.ogud.com []) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id o9LCJ12s016348; Thu, 21 Oct 2010 08:19:03 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [] by Work-Laptop-2.local (PGP Universal service); Thu, 21 Oct 2010 08:19:10 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Thu, 21 Oct 2010 08:19:10 -0400
Mime-Version: 1.0
Message-Id: <a06240800c8e5dd47bb8b@[]>
In-Reply-To: <4CBF8600.4000902@ogud.com>
References: <201010201707.01361.hanno@hboeck.de> <4CBF8600.4000902@ogud.com>
Date: Thu, 21 Oct 2010 08:11:50 -0400
To: namedroppers <namedroppers@ops.ietf.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: [dnsext] new recommendations for algs? was Re: RSA algorithm padding...
Cc: ed.lewis@neustar.biz
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

At 20:14 -0400 10/20/10, Olafur Gudmundsson wrote:

>RFC5702 is likely to be the last change to any RSA algorithm for DNSSEC,
>as ECC based algorithms are likely to become the recommended algorithms
>in the not so distant future.

If there's going to be a change in the recommended algorithms any 
time soon, the operator community will need better key management and 
signature maintenance tools.  I'm not pointing to any implementations 
in particular, but there's a growing awareness that changing 
algorithms isn't easy with what we have.

It's not the specification but the tools.  So maybe this isn't 
something that the DNSEXT solves - but if the DNSEXT group dictates 
operational parameters they have to do so realizing that tools are 
needed if the operator community is able to keep up.

Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Ever get the feeling that someday if you google for your own life story,
you'll find that someone has already written it and it's on sale at Amazon?