Re: [DNSOP] [Ext] New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt (fwd)
Paul Hoffman <paul.hoffman@icann.org> Tue, 10 March 2020 22:10 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D0F53A0EDC for <dnsop@ietfa.amsl.com>; Tue, 10 Mar 2020 15:10:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M9KFiU-vD8j7 for <dnsop@ietfa.amsl.com>; Tue, 10 Mar 2020 15:10:16 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A6313A0EDF for <dnsop@ietf.org>; Tue, 10 Mar 2020 15:10:16 -0700 (PDT)
Received: from PFE112-CA-2.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.10]) by ppa4.dc.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 02AMACYk015713 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 10 Mar 2020 22:10:12 GMT
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 10 Mar 2020 15:10:10 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1497.006; Tue, 10 Mar 2020 15:10:10 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Tony Finch <dot@dotat.at>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] [Ext] New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt (fwd)
Thread-Index: AQHV9n3Lta1GjX0zx0uUbHOfT5mi+6hBjJgAgAAGaACAAUaxAA==
Date: Tue, 10 Mar 2020 22:10:10 +0000
Message-ID: <2914DB1A-F7A3-4F1B-A2F0-DA054B4473C4@icann.org>
References: <alpine.DEB.2.20.2003092255250.24181@grey.csi.cam.ac.uk> <AB747983-7A95-4BC4-8DC3-935605F8C8B4@icann.org> <alpine.DEB.2.20.2003100116250.24181@grey.csi.cam.ac.uk> <7BF55D1B-7846-43E5-A72A-883AD5A76369@icann.org> <alpine.DEB.2.20.2003100228550.24181@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.20.2003100228550.24181@grey.csi.cam.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_6FE271D1-A6C3-48CB-86EE-7A35D2AA1B23"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-03-10_15:2020-03-10, 2020-03-10 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6UqXt3u9fj9j8lHDEPOZsgOXPCw>
Subject: Re: [DNSOP] [Ext] New Version Notification for draft-fanf-dnsop-sha-ll-not-00.txt (fwd)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 22:10:18 -0000
On Mar 9, 2020, at 7:40 PM, Tony Finch <dot@dotat.at> wrote: > > Paul Hoffman <paul.hoffman@icann.org> wrote: > >> This confuses a harm purposely caused by authorities (in this case, the >> IETF), with self-harm (in this case, a zone owner who didn't hear about >> the importance of doing an algorithm rollover, or did hear but didn't >> care). They are quite different. > > Also I think you have misunderstood an important point: the aim of my > draft is to disable validation for SHA-1 after it is no longer used for > signing. Ah! I certainly missed that. If we can determine when something in the realm of "almost all" DNSEC signing with algorithms that use SHA-1 is done, then it is reasonable for the WG to propose that software that validates DNSSEC can stop doing so. > The first guess at a strategy might be a mess, but that's OK > because this is just a draft. So please stop accusing me of trying to hurt > people. It's extremely rude, especially when you repeat the accusation > after I told you I am trying to avoid it. Our messages crossed in the mailing list processing, so I apologize for the repetition. --Paul Hoffman
- [DNSOP] New Version Notification for draft-fanf-d… Tony Finch
- Re: [DNSOP] [Ext] New Version Notification for dr… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-fa… Paul Wouters
- Re: [DNSOP] [Ext] New Version Notification for dr… Tony Finch
- Re: [DNSOP] New Version Notification for draft-fa… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-fa… Tony Finch
- Re: [DNSOP] [Ext] New Version Notification for dr… Paul Hoffman
- Re: [DNSOP] [Ext] New Version Notification for dr… Tony Finch
- Re: [DNSOP] [Ext] New Version Notification for dr… Tony Finch
- Re: [DNSOP] [Ext] New Version Notification for dr… Paul Hoffman
- Re: [DNSOP] [Ext] New Version Notification for dr… Paul Wouters
- Re: [DNSOP] [Ext] New Version Notification for dr… John Levine