IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Daniel Migault <mglt.ietf@gmail.com> Thu, 31 December 2020 03:16 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC203A0B37 for <dnsop@ietfa.amsl.com>; Wed, 30 Dec 2020 19:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvX98zdsHM98 for <dnsop@ietfa.amsl.com>; Wed, 30 Dec 2020 19:16:49 -0800 (PST)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C1603A0B36 for <dnsop@ietf.org>; Wed, 30 Dec 2020 19:16:49 -0800 (PST)
Received: by mail-vs1-xe29.google.com with SMTP id e15so9500826vsa.0 for <dnsop@ietf.org>; Wed, 30 Dec 2020 19:16:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+RBuPfYR7EBqkfvMVYiyk5enfPTzRaEka2bEJEcx7Vk=; b=uU0XvS51vFO/RlhLp+vCUFZ6s8heCUPYe8Ju1s+d4GI/Hbt8mhqt3qMYag1i3smGWr Xcq//CSeeRdH7UZwzBJiJJtj09LQTAJFPBYYjECOgXJ/6v+71lmBR61a3tYx/LA4SUjV ETUBYiDH8PgPMLGpxjc5V0rkJo52Ha4h0y8NxrUOZitBqakfuVay1Uzy33t+k6BGhDxS mj9cLy4ueLZaQc6ONI7UGwRqHUrQzWELdswZDBTx8E7+9S7Q6MIycDW3265IdHCPY663 1Mgq5BHNzHmR58KPUWhQnKftsg4fauHDX4EouQcKliR2XI5j2oYYJPky0mhJBGu5jgtw bmdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+RBuPfYR7EBqkfvMVYiyk5enfPTzRaEka2bEJEcx7Vk=; b=OLT9Gu+NG9zBmaq/bPQKsPgPPL0JfOMRxbxI1JhJRiYjMyZYqAehPfzwSuL/DD+2uH 9KLc5FaPHIVS+iTzwv6qb2ZS1OatC5Lk3A2q8GK8Qb1PS7fTkyEDxjlTopfE0SvmlWbX wewNk177axE+ROMDPVB054QA5CZH+MmvgYyxSyIS6hJqcyYyJiWCkg216+i0oYnlAiUb vWE9sZglGcAGUb17Wf/+LsmGA/PBCvuWP0Lu505/zBMtLBtgeTvD8rTXDArss5qtdd5w EnpT59pP12nio3t00GUtoHFBpcpAQkb6aVTtWm9togUi0P8To9lb0GS4neyqqBhycwL2 2eDQ==
X-Gm-Message-State: AOAM531kVA5HIw31/+j+J5kIhu5ONnkI/a9maAxIWeS2HTfI+g1pYjW/ iQwQqioCNhjsAltCWlNWlQb8nrpBIacROa/mb1Q=
X-Google-Smtp-Source: ABdhPJx3yYQmazqlW9lhmXpFjsLRD0BdlD8NbR7SgfP/wSslzuAFXOzsZVieGsO8apb9O9II9ikkMiOhLFXjDCBSvQU=
X-Received: by 2002:a67:2e49:: with SMTP id u70mr35076154vsu.56.1609384608323; Wed, 30 Dec 2020 19:16:48 -0800 (PST)
MIME-Version: 1.0
References: <CADyWQ+FpwL=MBbBU=QrAGeDT+j2Jm3aE5fFkYm+VbH-up6mdgg@mail.gmail.com> <1CA7153F-2D70-466E-9DB5-216D3118030C@icann.org> <CADZyTkngFzo2fzpVxbYFo=eXCcYzraVcvb5DFZzSDpGVWOUe=Q@mail.gmail.com> <9774B325-FD8E-416F-B553-4EDB058FF98B@icann.org> <44FC25E1-A0AF-4726-8B3F-0520DD7A5D0F@ogud.com> <CADyWQ+Fq2YvHQeq_k9ntnJMdhpmUtu_ainuR1pNCcXDpJ0yc_A@mail.gmail.com>
In-Reply-To: <CADyWQ+Fq2YvHQeq_k9ntnJMdhpmUtu_ainuR1pNCcXDpJ0yc_A@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Wed, 30 Dec 2020 22:16:37 -0500
Message-ID: <CADZyTk=VBEJ67x2J-uuWNrHytk3KYreGyZew3_gsb7ed+EU_AQ@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: Olafur Gudmundsson <ogud@ogud.com>, Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e2da6b05b7ba0d90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ApYr_plTvZJLAgHCUiNDeT26PIM>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 03:16:52 -0000

Hi Tim,

Just to answer the question and maybe clarify my opinion. I also considered
that we might need some experimental RFCs, but came to the conclusion that
it was not necessary. The experimentation seems quite straight forward. On
the other hand, I see two issues with allocating code points with non
Standard Actions. Firstly, it will make hard to prevent any code point to
be assigned, so management of the registry might become harder. Then, I do
believe it will be hard to not implement any code point being used. As a I
believe the registry should be the gatekeeper as opposed to developers. For
that reason I still believe that sticking to Standard Action is the
preferred way to do.

Note it is not uncommon that for some people every code points in the
registry should be supported, so requiring Standard Action only also avoids
many confusions.

Yours,
Daniel

On Sun, Dec 27, 2020 at 1:40 PM Tim Wicinski <tjw.ietf@gmail.com> wrote:

> (Speaking without my chairs hat here)
>
> How about instead of loosening the requirement, we take the top 64 values,
> allocate them as either Experimental or FCFS, and it is explicitly noted
> NOT REQUIRED (or NO ONE WILL IMPLEMENT THESE FOR YOU).
>
> That would leave the registry with the strict requirements and allow items
> to get code points.
>
> Too simple an answer?
>
> tim
>
>
> On Fri, Dec 25, 2020 at 10:53 PM Olafur Gudmundsson <ogud@ogud.com> wrote:
>
>>
>>
>> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
>>
>> On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.ietf@gmail.com> wrote:
>>
>>
>> Hi,
>>
>> As the DNS is a global shared resource and its reliability is based on
>> **all** pieces of software adhering a common standard, I am inclined to
>> believe that new cryptographic algorithms introduced with anything less
>> restrictive than "IETF Review" - such as "Specification Required" and "RFC
>> Required" - does not sufficiently prevent altering the interoperability of
>> the DNS.
>>
>>
>> Why do you feel that DNSSEC has requirements stronger than other IETF
>> security prot0cols such as TLS, IPsec, S/MIME, and so on?
>>
>>
>> DNS is a fire-and-forget protocol, all the ones you mention include a
>> handshake that can be used to agree on algorithms. Such facility does not
>> exist in DNS.
>>
>> I oppose any relaxation of thresholds to add algorithms to DNSSEC, as
>> there is no need.
>>
>>   Ólafur
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email