IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Paul Wouters <paul@nohats.ca> Mon, 04 January 2021 14:23 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 039043A0D79 for <dnsop@ietfa.amsl.com>; Mon, 4 Jan 2021 06:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.196
X-Spam-Level:
X-Spam-Status: No, score=-0.196 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07PVbhlz4CsI for <dnsop@ietfa.amsl.com>; Mon, 4 Jan 2021 06:23:33 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92FB93A0D7B for <dnsop@ietf.org>; Mon, 4 Jan 2021 06:23:32 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4D8dCP5xY9zDyB; Mon, 4 Jan 2021 15:23:29 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1609770209; bh=+1IhDj/B2nFUIUGQOdvlw4hBcUcDkLjMR2yJigtjtpE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Q62CC3fPvKdVWhIHtyHAatJhvY3/fdD7BM25Xq+h2HEHMxdUv0C2hHD59hra8UEvb fza1T5cHCKhVhkuKo5Ulz0C6mkHN3YxBSdftiTryXY8MoHI+lAmEOa/W3o4pWfKs+0 3uNUccOAyEqvMh5bHHCrw202LUaoYjzDpuWE/f4E=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id H5fDe0QFQz1A; Mon, 4 Jan 2021 15:23:28 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 4 Jan 2021 15:23:27 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 2A0376029BA0; Mon, 4 Jan 2021 09:23:23 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 2174266B7C; Mon, 4 Jan 2021 09:23:23 -0500 (EST)
Date: Mon, 04 Jan 2021 09:23:23 -0500
From: Paul Wouters <paul@nohats.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>
In-Reply-To: <60ba1f68-b07f-7a06-539f-60ce442ffbff@cs.tcd.ie>
Message-ID: <195eb4c7-306f-97e1-b0df-f6678ebe732@nohats.ca>
References: <CADZyTkn1QuvjencR8+wVtQ9bzQHJT9JXXNku1LPr3YRmRt4KQg@mail.gmail.com> <2E8229BE-E764-4C29-A258-8C469717E38A@nohats.ca> <CABcZeBMr5Muijx5V7Se1UcxTB9DbAzF1iXZb7_FzEGfw982x8w@mail.gmail.com> <65e3288d-bdfe-ff10-2fbc-63a5d2dd9508@cs.tcd.ie> <797AAE77-2D50-4189-81D8-44BA495146F5@icann.org> <546e60c6-b109-8552-dfb4-7d3ba2ecbc71@cs.tcd.ie> <E58B4013-9491-43ED-83C9-250FF7647570@icann.org> <0746397c-ed85-429c-ff6e-a4a559520e86@cs.tcd.ie> <487928351.1557.1609759876775@appsuite-gw1.open-xchange.com> <60ba1f68-b07f-7a06-539f-60ce442ffbff@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KwHN54pT_a2ue7Za31WLslAETV4>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 14:23:36 -0000

On Mon, 4 Jan 2021, Stephen Farrell wrote:

> WRT GOST, we're not really talking about an algorithm but
> rather a national crypto standards scheme that selects sets
> of algorithms. For such things, whether from Russia or the
> US or anywhere, I think it's quite fair to ask "how has
> version N deployment gone?"

Why is that fair? I'd say the community was quite busy and
possibly made some mistakes in the past. I don't think that
is a valid barrier for the future. For example, would we
bar NIST or the US from ever standarizing a new RNG? :P

> And "how to handle" isn't always "adoption" but could as
> I said result in deprecating version N if nobody really
> cares about it - in such a case that'd help implementers
> and better reflect reality.

If a national government wants something, we could ask for
at least one implementation to be planned. But using this
meassure as a way to stop these seems wrong. It would move
the possible standarization from IETF to say openssl or
bind.

I do think one issue is how often GOST (or FIPS) updates
their algorithms and obsoletes older ones. That might
cause a faster depletion of the registry then we'd like.

But on the other side, if would be nice if we could become
faster with obsoleting algorithms too. Why is there still
RSASHA1 deployed....

Paul

v2.23.0 | Report a Bug | By Email