[DNSOP] New draft: Algorithm Negotiation in DNSSEC

Shumon Huque <shuque@gmail.com> Tue, 04 July 2017 15:42 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B681320F6 for <dnsop@ietfa.amsl.com>; Tue, 4 Jul 2017 08:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVuDDjXCo9Ct for <dnsop@ietfa.amsl.com>; Tue, 4 Jul 2017 08:42:57 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A04581320F4 for <dnsop@ietf.org>; Tue, 4 Jul 2017 08:42:57 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id g40so128877184uaa.3 for <dnsop@ietf.org>; Tue, 04 Jul 2017 08:42:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=VkiST58YIOBJZVQaq9w0aaKK1e8Awg1iyC2nGQiBUJI=; b=cbwAhhR6v6eWxYlbuQxOBm8r/VUvRZQCVpxezkk3si3km0qyoRZqeCL23aeOWii6vR P5WcYdyv2LYauzo3Jy2RbfUtk3CfIYnE39exV3A1mo09TAhCVpdgJ3D78YEmMj3VjAeA Xy3rUig7uOva/9VhHvwM4utSqOPkFqcs+PSVuoU56WimDmkSX45+Q88s37t+lXv6bZD1 PxlZmmhmHCLc664wg/IOUwD8YkS0Elfa7ksz1jwS6hKr+t32P5L1lz/M0hw5OTl7Cjnm FWNT/ABxVmqu0J6DnkxsKh8kJDF1Yb5u+aplQhpaPp8Ea959xeXakSzsT5sDe0LO03F/ 5EBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VkiST58YIOBJZVQaq9w0aaKK1e8Awg1iyC2nGQiBUJI=; b=pxBX9CvAcqLvj0XmzGvrTgd6UULIs5ih7Xyllrhtix9ZFdcOw99CiD5C9gA9TnRY/Q buk1CmpncRaB66TJh6fc1qy4hYsBlywllQ4vHrG8Bu02Z9sBbmvlPuwrUW9XIaGFUUVP J4b+8MK3jIRS+aRbJ2GbTG98B83UKsMUGHbCuq5cSnHYYq3H0PscH+P/TPWMzNCLXDI9 2xHaLsqKuSXOq+zL8nEPF8ndRhVnBd3e5a7zYgFDEMVXfi9Yy3N5i/oYyRpAbmz2nNut zrVThUgd8QgxzbX872jh0ETAX8FxRNU0YiKhHgcv35lTLmxsokaz0HRQf6AeERT3n3Uz u9fw==
X-Gm-Message-State: AKS2vOzlCiR13q1SwvKkVGQOFzSG2qSpViDAh/l5Zvw6/lPY1oDUuowx NbKfJ8wl9zfP2BTRGIEmvoHa5cZC4yRIiMY=
X-Received: by 10.176.66.34 with SMTP id i31mr17604250uai.11.1499182976521; Tue, 04 Jul 2017 08:42:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.79.231 with HTTP; Tue, 4 Jul 2017 08:42:56 -0700 (PDT)
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 4 Jul 2017 11:42:56 -0400
Message-ID: <CAHPuVdUVQqvFZJFV4D88cg4fGfFqxnzAwj1VRr6oK7Y1n9hDUw@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c088606c4d91105537fbc74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/M8Nqwwbs16Ze_iwYLo2DZGb55MU>
Subject: [DNSOP] New draft: Algorithm Negotiation in DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 15:43:00 -0000

Hi folks,

We've posted a new draft on algorithm negotiation which we're hoping to
discuss at IETF99 (and on list of course). I've discussed this topic with
several folks at DNS-OARC recently.

    https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00


A New Internet-Draft is available from the on-line Internet-Drafts
directories.


        Title           : Algorithm Negotiation in DNSSEC
        Authors         : Shumon Huque
                          Haya Shulman
 Filename        : draft-huque-dnssec-alg-nego-00.txt
 Pages           : 9
 Date            : 2017-07-03

Abstract:
   This document specifies a DNS extension that allows a DNS client to
   specify a list of DNSSEC algorithms, in preference order, that the
   client desires to use.  A DNS server upon receipt of this extension
   can choose to selectively respond with DNSSEC signatures using the
   most preferred algorithm they support.  This mechanism may make it
   easier for DNS zone operators to support signing zone data
   simultaneously with multiple DNSSEC algorithms, without significantly
   increasing the size of DNS responses.  It will also allow an easier
   way to transition to new algorithms while still retaining support for
   older DNS validators that do not yet support the new algorithms.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-huque-dnssec-alg-nego/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00
https://datatracker.ietf.org/doc/html/draft-huque-dnssec-alg-nego-00

-- 
Shumon Huque