[DNSOP] Would you please review our draft on deploying new DNSSEC crypto algorithms?
Dan York <york@isoc.org> Tue, 15 November 2016 12:41 UTC
Return-Path: <york@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4493B1295A2 for <dnsop@ietfa.amsl.com>; Tue, 15 Nov 2016 04:41:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVUmJiKTR94K for <dnsop@ietfa.amsl.com>; Tue, 15 Nov 2016 04:41:05 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0083.outbound.protection.outlook.com [104.47.33.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EF51129502 for <dnsop@ietf.org>; Tue, 15 Nov 2016 04:41:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2Yii1NPRSQojCChRl8Trc58AgMgtzTg4PAmJXW+8hhA=; b=BGst5mkPNGBj4yIFapZSU7oh1YvjGKpNDzuB2nss3KhwnlSFdWWG/3G0I6fpaQ0xW8WuWvGQB9v+7+vlcuSkP66+XAmi7hk5kORF5+A7y/iEzO4Co0VoqlcWD9/DECoCb0crdaULtoOu5jsO1hGb0CDqP1EvXufGTKtDTDHggU0=
Received: from CY1PR0601MB1657.namprd06.prod.outlook.com (10.163.232.19) by CY1PR0601MB1660.namprd06.prod.outlook.com (10.163.232.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10; Tue, 15 Nov 2016 12:41:02 +0000
Received: from CY1PR0601MB1657.namprd06.prod.outlook.com ([10.163.232.19]) by CY1PR0601MB1657.namprd06.prod.outlook.com ([10.163.232.19]) with mapi id 15.01.0721.015; Tue, 15 Nov 2016 12:41:02 +0000
From: Dan York <york@isoc.org>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: Would you please review our draft on deploying new DNSSEC crypto algorithms?
Thread-Index: AQHSPz2Fv3MCaFHxCk+s+LqlKPdEQQ==
Date: Tue, 15 Nov 2016 12:41:01 +0000
Message-ID: <87A84F21-FA45-4F05-85DA-26C892D18722@isoc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=york@isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [211.44.215.72]
x-microsoft-exchange-diagnostics: 1; CY1PR0601MB1660; 7:wEoNxtkqCUdt4t2F2NTDU95lqfs1GXwKbzKQ8xn3rbOsuUbyo1TDu+CEyuJvXIckwGml07m62pFemOOgkjpOJ+wcVpdfzZob5LgmqNju7Aiqan2FTxiQ9y3q+xnspTULuWi5/EL8+4t78s6iREMOL2vRKjCwoBO7DXTuyJIeTARb6bu6h/WSznWHEcrbSaRtilpmWFshEr4q1OOlsvnCQCsaih+TuNlTS+q8tsnAYgDSGi/JSS3vyAi7GXaZKNq2RuhMtiKGIqHQ4KHyeITU6Gb9KriZHmVzQRFVqNk1ThY41gN18aLXmJuvbNWZuf7QKzEYdG8LYUXSMV7cy8XCfozAjcV0/pHO+LlmFPqlUGg=
x-ms-office365-filtering-correlation-id: 16f1910f-3fa6-43af-d9ef-08d40d54a86a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:CY1PR0601MB1660;
x-microsoft-antispam-prvs: <CY1PR0601MB166091719476435D530AFE51B7BF0@CY1PR0601MB1660.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(166708455590820)(31418570063057);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6060326)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6061324); SRVR:CY1PR0601MB1660; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1660;
x-forefront-prvs: 012792EC17
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(7916002)(189002)(199003)(2900100001)(15395725005)(7846002)(189998001)(77096005)(6916009)(81166006)(8936002)(3846002)(1730700003)(81156014)(5660300001)(106356001)(2351001)(50986999)(86362001)(8676002)(3660700001)(97736004)(110136003)(106116001)(92566002)(54356999)(105586002)(3280700002)(68736007)(101416001)(107886002)(7736002)(5640700001)(99286002)(66066001)(2906002)(83716003)(87936001)(122556002)(82746002)(36756003)(102836003)(450100001)(6116002)(33656002)(2501003)(7906003)(15613001)(104396002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1660; H:CY1PR0601MB1657.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_87A84F21FA454F0585DA26C892D18722isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2016 12:41:01.7699 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1660
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IxtH4RArUR_jC9aLesOd6_qfXRU>
Subject: [DNSOP] Would you please review our draft on deploying new DNSSEC crypto algorithms?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2016 12:41:11 -0000
As mentioned at the very end of DNSOP, Olafur Gudmundsson, Ondrej Sury, Paul Wouters and I have a draft published that aims to document the steps involved with deploying a new cryptographic algorithm for DNSSEC. The overall goal is to make it easier to get new DNSSEC crypto algorithms deployed, both through documenting existing steps - and then potentially building off of this work with new documents to improve some of the steps. Right now we'd like to get ECDSA out, but EdDSA is coming out soon and it would be great to get that deployed sooner rather than later. As I said in the session, we'd like to get reviewers and then get the document adopted by the WG and moved along toward publication. The draft is at either of: https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/ https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-04 Please send any comments to the list or to us as authors. I also am maintaining this over in Github at: https://github.com/danyork/draft-deploying-dnssec-crypto-algs If you are a Github user you are welcome to file an issue there or send text in a pull request. Regardless, we'd just like any feedback (even if to say that it looks good). Thanks, Dan -- Dan York Senior Content Strategist, Internet Society york@isoc.org<mailto:york@isoc.org> +1-802-735-1624 Jabber: york@jabber.isoc.org<mailto:york@jabber.isoc.org> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/
- [DNSOP] Would you please review our draft on depl… Dan York
- Re: [DNSOP] Would you please review our draft on … Shane Kerr
- Re: [DNSOP] Would you please review our draft on … Mark Andrews
- Re: [DNSOP] Would you please review our draft on … Matthijs Mekking
- Re: [DNSOP] Would you please review our draft on … Ask Bjørn Hansen
- Re: [DNSOP] Would you please review our draft on … Shane Kerr
- Re: [DNSOP] Would you please review our draft on … Mark Andrews
- Re: [DNSOP] Would you please review our draft on … Shane Kerr
- Re: [DNSOP] Would you please review our draft on … Rose, Scott
- Re: [DNSOP] Would you please review our draft on … Edward Lewis