Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Stephen Farrell <> Mon, 04 January 2021 16:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3C8B63A0E4D for <>; Mon, 4 Jan 2021 08:20:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.36
X-Spam-Status: No, score=-0.36 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ryEnzgFi_d2E for <>; Mon, 4 Jan 2021 08:20:17 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C26B3A0E4B for <>; Mon, 4 Jan 2021 08:20:16 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 46C4FBE47; Mon, 4 Jan 2021 16:20:15 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id u2lrS39QmbTw; Mon, 4 Jan 2021 16:20:13 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 5CAB9BE20; Mon, 4 Jan 2021 16:20:13 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1609777213; bh=3spo693do48FkvpXb6UOmK0wjJXpTJzMLi4GiwN1xVQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=WnpvlkYoSpPpYS2WKTtIsg5f8f4JsdhDo0IIJl9OfpZvXdOkgKSduzSjrQi0oykg3 W8Lfrb0XfV15jxx6Y+4IMPeDgL6gxHiVat+LPI8vuDV5OtaXDNpZjFl/XbK3tCoJym E5/rG6aTGgypdGpWHRi3WV9qcYnhQCK1vtmLZsco=
To: Paul Wouters <>
Cc: Paul Hoffman <>, dnsop <>, Vittorio Bertola <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Stephen Farrell <>
Message-ID: <>
Date: Mon, 04 Jan 2021 16:20:11 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="o4oqaUFNRVMVnbl70f4oJdkRQYDXG3u3j"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Jan 2021 16:20:19 -0000


On 04/01/2021 16:05, Paul Wouters wrote:
> While asking is fair, you would also have to define what you
> do based on the outcome of that ask. You left that out,

I don't think I did omit that. My stated reason to ask was
to help me figure out what I think about the draft named in
the subject line. And yes, I do think that if a codepoint
is being requested for a new version of an existing one
then asking about how the existing one was used is a good
thing to do. The case with gost and rsa+sha1/sha256 isn't
the same because gost is a series of national standards.

 > As to answer your question, I believe GOST did not see
 > more than about 5 domains use it in what was clearly a
 > "Testing" deployment.

Thanks. In that case, it sounds like it'd have been better
to use a private or experimental code point for that kind
of thing. OTOH, my understanding (based only on hallway
chats over the years) was that the codepoint was allocated
for political reasons. Either way, does that mean that a
lot of effort to implement and test was wasted since that
codepoint was allocated? If so, avoiding that in future
would be good, if there's a way to do that.


PS: note that I'm neither supporting, nor objecting to,
Paul's draft in the above.