[DNSOP] New draft: Algorithm Negotiation in DNSSEC
Shumon Huque <shuque@gmail.com> Tue, 04 July 2017 15:42 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B681320F6 for <dnsop@ietfa.amsl.com>; Tue, 4 Jul 2017 08:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVuDDjXCo9Ct for <dnsop@ietfa.amsl.com>; Tue, 4 Jul 2017 08:42:57 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A04581320F4 for <dnsop@ietf.org>; Tue, 4 Jul 2017 08:42:57 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id g40so128877184uaa.3 for <dnsop@ietf.org>; Tue, 04 Jul 2017 08:42:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=VkiST58YIOBJZVQaq9w0aaKK1e8Awg1iyC2nGQiBUJI=; b=cbwAhhR6v6eWxYlbuQxOBm8r/VUvRZQCVpxezkk3si3km0qyoRZqeCL23aeOWii6vR P5WcYdyv2LYauzo3Jy2RbfUtk3CfIYnE39exV3A1mo09TAhCVpdgJ3D78YEmMj3VjAeA Xy3rUig7uOva/9VhHvwM4utSqOPkFqcs+PSVuoU56WimDmkSX45+Q88s37t+lXv6bZD1 PxlZmmhmHCLc664wg/IOUwD8YkS0Elfa7ksz1jwS6hKr+t32P5L1lz/M0hw5OTl7Cjnm FWNT/ABxVmqu0J6DnkxsKh8kJDF1Yb5u+aplQhpaPp8Ea959xeXakSzsT5sDe0LO03F/ 5EBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VkiST58YIOBJZVQaq9w0aaKK1e8Awg1iyC2nGQiBUJI=; b=pxBX9CvAcqLvj0XmzGvrTgd6UULIs5ih7Xyllrhtix9ZFdcOw99CiD5C9gA9TnRY/Q buk1CmpncRaB66TJh6fc1qy4hYsBlywllQ4vHrG8Bu02Z9sBbmvlPuwrUW9XIaGFUUVP J4b+8MK3jIRS+aRbJ2GbTG98B83UKsMUGHbCuq5cSnHYYq3H0PscH+P/TPWMzNCLXDI9 2xHaLsqKuSXOq+zL8nEPF8ndRhVnBd3e5a7zYgFDEMVXfi9Yy3N5i/oYyRpAbmz2nNut zrVThUgd8QgxzbX872jh0ETAX8FxRNU0YiKhHgcv35lTLmxsokaz0HRQf6AeERT3n3Uz u9fw==
X-Gm-Message-State: AKS2vOzlCiR13q1SwvKkVGQOFzSG2qSpViDAh/l5Zvw6/lPY1oDUuowx NbKfJ8wl9zfP2BTRGIEmvoHa5cZC4yRIiMY=
X-Received: by 10.176.66.34 with SMTP id i31mr17604250uai.11.1499182976521; Tue, 04 Jul 2017 08:42:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.79.231 with HTTP; Tue, 4 Jul 2017 08:42:56 -0700 (PDT)
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 04 Jul 2017 11:42:56 -0400
Message-ID: <CAHPuVdUVQqvFZJFV4D88cg4fGfFqxnzAwj1VRr6oK7Y1n9hDUw@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c088606c4d91105537fbc74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/M8Nqwwbs16Ze_iwYLo2DZGb55MU>
Subject: [DNSOP] New draft: Algorithm Negotiation in DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 15:43:00 -0000
Hi folks, We've posted a new draft on algorithm negotiation which we're hoping to discuss at IETF99 (and on list of course). I've discussed this topic with several folks at DNS-OARC recently. https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Algorithm Negotiation in DNSSEC Authors : Shumon Huque Haya Shulman Filename : draft-huque-dnssec-alg-nego-00.txt Pages : 9 Date : 2017-07-03 Abstract: This document specifies a DNS extension that allows a DNS client to specify a list of DNSSEC algorithms, in preference order, that the client desires to use. A DNS server upon receipt of this extension can choose to selectively respond with DNSSEC signatures using the most preferred algorithm they support. This mechanism may make it easier for DNS zone operators to support signing zone data simultaneously with multiple DNSSEC algorithms, without significantly increasing the size of DNS responses. It will also allow an easier way to transition to new algorithms while still retaining support for older DNS validators that do not yet support the new algorithms. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-huque-dnssec-alg-nego/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-huque-dnssec-alg-nego-00 https://datatracker.ietf.org/doc/html/draft-huque-dnssec-alg-nego-00 -- Shumon Huque
- [DNSOP] New draft: Algorithm Negotiation in DNSSEC Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Bob Harold
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Michael H. Warfield
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Paul Wouters
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Ólafur Guðmundsson
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Mark Andrews
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Paul Wouters
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Ted Lemon
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Stephane Bortzmeyer
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Stephane Bortzmeyer
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Ólafur Guðmundsson
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Ólafur Guðmundsson
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Willem Toorop
- Re: [DNSOP] New draft: Algorithm Negotiation in D… Shumon Huque
- [DNSOP] The DNSSEC club and surprises (was Re: Ne… Andrew Sullivan
- Re: [DNSOP] The DNSSEC club and surprises (was Re… Tony Finch
- Re: [DNSOP] The DNSSEC club and surprises (was Re… Warren Kumari
- Re: [DNSOP] The DNSSEC club and surprises (was Re… George Michaelson
- Re: [DNSOP] The DNSSEC club and surprises (was Re… Warren Kumari
- Re: [DNSOP] The DNSSEC club and surprises (was Re… Peter van Dijk