IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost

Paul Wouters <paul@nohats.ca> Tue, 30 April 2024 23:55 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A301C15792A for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2024 16:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.731
X-Spam-Level:
X-Spam-Status: No, score=-3.731 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6CpOieooZ1rz for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2024 16:55:04 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEE7AC151997 for <dnsop@ietf.org>; Tue, 30 Apr 2024 16:55:04 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4VTcWT2Z2fz5T4; Wed, 1 May 2024 01:55:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1714521301; bh=XfLYhFKs2oPYlodr+t5DpengxeQuunnIDHQrTGa3PI8=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=iTA06/gDmpHAaWUs5nwjVQ7+uW12e+x1Mi5J9MFcj3CfhQgthOr3MjOzzrCvTZ9hq iBmLGzhKk0+RBu3yAsg7T9ZAmWh3q4dURj3sKPOTV8PUajLIpiN/A/bhbERmynL4HQ 7ro32esP1nnffRaAAfYXDjt7fikW7u0IRHsJSVQA=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id KiU24h18KWF2; Wed, 1 May 2024 01:55:00 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 1 May 2024 01:55:00 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8600B11DEA91; Tue, 30 Apr 2024 19:54:59 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 82A0311DEA90; Tue, 30 Apr 2024 19:54:59 -0400 (EDT)
Date: Tue, 30 Apr 2024 19:54:59 -0400
From: Paul Wouters <paul@nohats.ca>
To: Paul Hoffman <paul.hoffman@icann.org>
cc: dnsop <dnsop@ietf.org>
In-Reply-To: <89A57AB9-63F4-4E91-9A57-C343EC197E2F@icann.org>
Message-ID: <f1ec17ae-b160-005c-c24a-5e469fb772a9@nohats.ca>
References: <4907A4B7-1EAE-460D-91E8-4F7D292C7302@icann.org> <8BECB257-E7FF-411C-B0E5-C63D07AE1D6E@nohats.ca> <89A57AB9-63F4-4E91-9A57-C343EC197E2F@icann.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HFg5PHXmCJ7Psz2jWmjyVRJmEWI>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2024 23:55:09 -0000

On Tue, 30 Apr 2024, Paul Hoffman wrote:

>> Is that something within the realm of ICANN? Perhaps the DNS Tech Day ?
>
> You ask those questions sounding as if ICANN staff had not already done so.

Why not share the data if you have some? This is the list of TLDs affected:

apple.  brand TLD
beats.  brand TLD
gd.	(Grenada)
int.    (international orgs - important)
kpn.    (dutch telco, 59 registrations)
la.	(Laos)
lk.	(Sri Lanka)
samsung. brand TLD
storage.  gTLD with 589 registrations
vn.     (Vietnam)
xn--cg4bki   (samsung? only contains 2 registrations)
xn--l1acc    (mongolia related? only contains 7 registrations)
xn--mgbai9azgqp6j  (??? 0 registrations)
xn--q7ce6a	(Laos 0 registrations)

Note this only includes 4 ccTLDs and the 1 international TLD.
The rest of the 14 seems brand/vanity or test/idn domains, and a
small gTLD that might be running in "keep the lights on" mode.

Can ICANN or anyone from Grenada, Laos, Sri Lanka or Vietnam tell us
what is keeping them from moving away from SHA1?

>> Or perhaps a liaison statement from IETF to ICANN ?
>
> Such a statement would be quite a different action than the threat of making all the zones under many TLDs go insecure. This thread is about WG adoption of a draft that would do the latter.

The "threat" (strong hint) was started five years ago with RFC8624.
I'm sure there can be some timeline juggling, but if TLDs still have no
plans to move, will they ever move until forced?

This really does seem to be the tail end of the long tail.

Paul

v2.46.0 | Report a Bug | By Email | System Status