IETF Logo Mail Archive

Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC

Daniel Migault <mglt.ietf@gmail.com> Wed, 15 September 2021 21:47 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A83703A14B1; Wed, 15 Sep 2021 14:47:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEur6EYH-2sT; Wed, 15 Sep 2021 14:47:48 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0A333A14B0; Wed, 15 Sep 2021 14:47:44 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id c10so5180042qko.11; Wed, 15 Sep 2021 14:47:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Qi4GKOXyNCGBXYROwIAhz+zsFFH28Fn6SL7Sfpl2zpo=; b=No5ovQYDGC7NL7cma31fZ7uU1gkW0h6eMCvV+BSgo/1cjHzJZV3X8MXJfoLt5oaaWB yP319gt37TCQZ4pEdtx7bISBKSqj/x4h2FUKVLQ3cfQlRJhF0hpqKnpp+cbRTsFl7+tM g1Bhf8xLxMAa7vboJLOcFLvXONYuay4rvkqHX+qgt9xLIT4NyZAO7nmVAyDy5mUpHSLU lMWEV6r9FTew5YeGnPht9D4LCpRwW4QxwoktP8Z3xrjDTFIaOdqsI6WG4Es8KqQSXR0b 7yAVYq6j4JK/24lkpBgY6F3FlYsRCB2ZuJkQ0OisJsv9loafBS6WMS+1GE8b3oV48fva UBvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Qi4GKOXyNCGBXYROwIAhz+zsFFH28Fn6SL7Sfpl2zpo=; b=N3NnaCo+s/64lanZzBUQ9Vk6stGJIqDYZGOQpz9l87I40+RldzTutmbqPgqaXrQgU9 ggmktYGXtTD8ls/TV96k+ABNlwBok1IbEB/UOVLwBIOjNP//s+Jsy/p5km/u7y8PHKOK 1VtAR9EjONvxLVd8Cvi72mXFq5n09a3nBLF2XnlQYfknxfbpHeUImeoS8iUy0y0UzXyH JIo3N+JgMnrgNG1ezL6BYb4grvZwIJiB3vYWieDt3P3Rv8rsDypJN7JV4rCPAwxcm9JP WAuYiUIiIOBjytyaGaJBWoU1NinWLzftIxxsoHhJN+in8W+2NyONq3CDzJj7s7ndZP1h nC5A==
X-Gm-Message-State: AOAM533nWijC+m5z7sVBUUQ3aGaaTz+OzOAc5TRHTjn6FqqkUdRYRQmJ DEA1o6Argl98L1ighyLc5TG+hESTtx7QyETbMBl4MWml
X-Google-Smtp-Source: ABdhPJxVrUFnbRKzRthb1oDKiLNKwNpFBEekbEaEkJJqvBYwo6wqxwC9IcAvBZc/B5CLYmGUM1k0h5X4cUL2n9s/Po4=
X-Received: by 2002:a05:620a:2906:: with SMTP id m6mr2193966qkp.190.1631742461552; Wed, 15 Sep 2021 14:47:41 -0700 (PDT)
MIME-Version: 1.0
References: <CADyWQ+Fyi1M56t6WQ=0EB1yZf1tKP7uSiaZHLLtvDLn_KUHrng@mail.gmail.com> <CADyWQ+HGP0OTnH9YniM+XQc9dHMkTC4Amid8BoRm-1OZ=6Mkgw@mail.gmail.com> <CADZyTk=bQxJHw8b2eXYLnJYx+2hpEKZBerR5FN0_n5nEnQc3kA@mail.gmail.com>
In-Reply-To: <CADZyTk=bQxJHw8b2eXYLnJYx+2hpEKZBerR5FN0_n5nEnQc3kA@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Wed, 15 Sep 2021 17:47:30 -0400
Message-ID: <CADZyTk=s0EvqBQrdp0gDwg0XJ5N_5YKZJknONCd2T8hJADVTOQ@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>, last-call@ietf.org
Cc: dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>, IETF Announcement List <ietf-announce@ietf.org>, draft-ietf-dnsop-dnssec-iana-cons@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c92dd805cc0fa5c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Lh91dWPbHY03qMIB-w2IhxAvHDM>
Subject: Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 21:47:53 -0000

Hi,

As Paul H. mentioned to me the document is in the last call, I am providing
my comments to the last call mailing list. I feel that my comments mostly
concern the security consideration sections.

Yours,
Daniel

On Wed, Sep 15, 2021 at 10:41 AM Daniel Migault <mglt.ietf@gmail.com> wrote:

> Hi,
>
> I apologize for the late answer, but here are my comments regarding the
> draft.
>
> I believe the security considerations section needs to mention the
> interoperability issue if a hash algorithm is not widely supported by the
> resolvers. This, in my view, can potentially affect the DNS system, and I
> believe some text should try to limit non standard algorithms to very
> specific deployment - including experimentation.
> I believe that for experimentation the draft is helpful. Outside
> experimentation, especially for national algorithms, this will lead to
> nations having their algorithms qualified as standard while other nations
> having their algorithms qualified as non standard. I would like to
> understand why this cannot be a problem. For additional transparency,
> the document needs, in my opinion, additional clarifications. This
> includes  guidelines or criteria for algorithms to qualify as standard as
> well as the relation with rfc8624 that makes DNSSEC interoperable in terms
> of cryptography. More specifically it should clarify that standard
> algorithms may or may not be recommended as well as whether non standard
> algorithms may or may not be recommended.
>
> Yours,
> Daniel
>
>
>
> On Tue, Aug 24, 2021 at 3:07 AM Tim Wicinski <tjw.ietf@gmail.com> wrote:
>
>> All
>>
>> The Working Group Last Call for draft-ietf-dnsop-dnssec-iana-cons ended
>> last week, and we've filtered through the comments both pro and con.
>>
>> We feel there is rough consensus to move this forward.
>>
>> thanks
>>
>> Benno/Suzanne/Tim
>>
>>
>> On Wed, Aug 4, 2021 at 11:29 AM Tim Wicinski <tjw.ietf@gmail.com> wrote:
>>
>>>
>>> All
>>>
>>> This starts a Working Group Last Call for
>>> draft-ietf-dnsop-dnssec-iana-cons
>>>
>>> Current versions of the draft is available here:
>>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-iana-cons/
>>>
>>> The Current Intended Status of this document is: Standards Track
>>>
>>> Please review the draft and offer relevant comments.
>>> If this does not seem appropriate please speak out.
>>> If someone feels the document is *not* ready for publication, please
>>> speak out with your reasons.
>>>
>>> This starts a two week Working Group Last Call process, and ends on:  18
>>> August 2021
>>>
>>> thanks
>>> tim
>>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>
>
> --
> Daniel Migault
> Ericsson
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email