[DNSOP]Re: DNSOPFurther comment re algorithm life cycles
Wes Hardaker <wjhns1@hardakers.net> Wed, 29 May 2024 22:34 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25AAFC14F6A7 for <dnsop@ietfa.amsl.com>; Wed, 29 May 2024 15:34:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hardakers.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id towyqLw8aYyu for <dnsop@ietfa.amsl.com>; Wed, 29 May 2024 15:34:36 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [107.220.113.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24AF3C14F685 for <dnsop@ietf.org>; Wed, 29 May 2024 15:34:36 -0700 (PDT)
Received: from localhost (unknown [10.0.0.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 852BF20673; Wed, 29 May 2024 15:34:35 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.hardakers.net 852BF20673
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardakers.net; s=default; t=1717022075; bh=M84dkvt+XpjsqSDy43tY430aRAVpm17yzx2HRTUGaFw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=rmkw9SbQ3xXKP+i9ENp0iPB3/jVpEnb/zBVWFAk+nGmLvdvdMH9YPHqhzAcokiuHe SrPCM6mJhXUmCq0FAaP64vsBlALVbE7P60Jd6fIFP+E8+ug4i7wIvpaeahBtTB46s/ HVs9fPzUkdUEfJeuZM7Fu4xD6EjX4NYkYRw8M/gc=
From: Wes Hardaker <wjhns1@hardakers.net>
To: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <CABf5zvLetqCakV9s0ma9owFo-hFbJ57dz7B4v_xK+bSdFJVrfg@mail.gmail.com> (Steve Crocker's message of "Sun, 19 May 2024 13:21:56 -0400")
References: <CAHw9_iKavFk6QBU=rYXU5R7EigJZHNqyYengUpPF3KiCiCUEJQ@mail.gmail.com> <CABf5zvJLb9vA3fo8JT6jTHROzMda7vqdUcQh7cDzhDSEepQFzA@mail.gmail.com> <CABf5zvLetqCakV9s0ma9owFo-hFbJ57dz7B4v_xK+bSdFJVrfg@mail.gmail.com>
Date: Wed, 29 May 2024 15:34:35 -0700
Message-ID: <yblr0dknt6s.fsf@wd.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: VTZKERMJ4RLS6XM5L4FLWUZ3A34HQZW3
X-Message-ID-Hash: VTZKERMJ4RLS6XM5L4FLWUZ3A34HQZW3
X-MailFrom: wjhns1@hardakers.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Wes Hardaker <hardaker@isi.edu>, dnsop <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP]Re: DNSOPFurther comment re algorithm life cycles
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AYUsguWZqLGrbjbsuXxzDei7e7o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Steve Crocker <steve@shinkuro.com> writes: > Under the heading of saying what might be obvious but needs to said > anyway, there should always be at least one mainstream (phase 4) > algorithm in use. When an algorithm is moved to phaseout (phase 5), > there should already be one or more other mainstream algorithms in > use. Hi Steve, and apologies for the very late reply. I think in general we're aligned with the goals of what the content of the recommendations should generally look like within the new columns in the table. IE, there should be some sort of transition path from initial use to deprecation. A couple points: 1. In your first note you took issue with particular values in the proposed table. For this, I note that in our introduction we explicitly stated "It [this document] does not change the status of any of the algorithms listed in [RFC8624]; this is left to future documents." IE, our goal is to create the new columns in the IANA table and move the existing values from RFC8624 into the registry. THEN individual documents may wish to propose new values for the various recommendation columns. One of the primary goals, in our opinion, is to separate out the creation of the columns from the arguments associated with each algorithm. Specifically, we were worried that any time you have to update the entire table at once there will be disagreement about particular values for particular algorithms. Thus, it might be far easier to have discussions based on one algorithm at a time. 2. As to your above note, I think that's a valid point -- we should never let the table get to the state where there is not a set of appropriate MUSTs in order to get wide, stable deployment. Whether we should do that by adding a restriction in this document to tell IANA to never let this happen in an update, or whether we do that as a follow on BCP which outlines the steps you've been putting together for a while remains for discussion I think. I think either should likely suffice, but I tend to lean toward a separate BCP or something since I don't think adding overhead to the IANA processing rules is the right idea. Cheers! [PS, as a (1b) we note that we published proposed updates for the SHA1 and ECC-GOST algorithms to separate those discussions into different threads, which appears to have been somewhat helpful as there may not yet be a solid consensus about SHA1 though new values for the ECC-GOST recommendations seems more agreed to] -- Wes Hardaker USC/ISI
- [DNSOP]Re: [Ext] Our reading of consensus on draf… Edward Lewis
- [DNSOP]Re: Our reading of consensus on draft-hard… Vladimír Čunát
- [DNSOP]Our reading of consensus on draft-hardaker… Warren Kumari
- [DNSOP]Further comment re algorithm life cycles Steve Crocker
- [DNSOP]Re: Our reading of consensus on draft-hard… Steve Crocker
- [DNSOP]Re: Further comment re algorithm life cycl… Jim Reid
- [DNSOP]Re: Our reading of consensus on draft-hard… Paul Wouters
- [DNSOP]Re: DNSOPFurther comment re algorithm life… Wes Hardaker
- [DNSOP] Re: [DNSOP]Our reading of consensus on dr… Tim Wicinski