Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
Roman Danyliw <rdd@cert.org> Fri, 12 April 2019 12:57 UTC
Return-Path: <rdd@cert.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3278D12049E; Fri, 12 Apr 2019 05:57:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4LzyC0Fyb2V; Fri, 12 Apr 2019 05:56:58 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF9F41204A8; Fri, 12 Apr 2019 05:56:57 -0700 (PDT)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x3CCuth3018356; Fri, 12 Apr 2019 08:56:55 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x3CCuth3018356
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1555073816; bh=E2TN8ADHHF48wofN7Buf2GKJwQEAITySOL/QhKDN66k=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=X02qKV+skz7WSEXKlrstZnJlGiic3YyIxplaMXmtRvY6MdQNGp2/PW+XEPfVvdJDy BRDN+5IrdedSMFF+4gj8cdGaQnOifyZXaswRIluQ1vvQaYbhqb5kQSaCpHIy58ScIz lvfB0Qg3OC3FhQCFpGQL74EXBwHp2NKTiDVFQnd8=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x3CCurZ9010541; Fri, 12 Apr 2019 08:56:53 -0400
Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0435.000; Fri, 12 Apr 2019 08:56:53 -0400
From: Roman Danyliw <rdd@cert.org>
To: Paul Wouters <pwouters@redhat.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-algorithm-update@ietf.org" <draft-ietf-dnsop-algorithm-update@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
Thread-Index: AQHU77JQKu/IEQHXDUK2cBCxgPIJRqY13k8AgAKfD4A=
Date: Fri, 12 Apr 2019 12:56:51 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B332A50A@marchand>
References: <155491020552.9385.6655700279959491253.idtracker@ietfa.amsl.com> <CAAQVWxFXusAuUB_1KwFxLr0YYO0XmAT2=OC9_HwCc71SOJaEdA@mail.gmail.com>
In-Reply-To: <CAAQVWxFXusAuUB_1KwFxLr0YYO0XmAT2=OC9_HwCc71SOJaEdA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: multipart/alternative; boundary="_000_359EC4B99E040048A7131E0F4E113AFC01B332A50Amarchand_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OMx7EEHtH-Bqo8kJ9V3jwcYQCGI>
Subject: Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 12:57:00 -0000
Hi! From: Paul Wouters [mailto:pwouters@redhat.com] Sent: Wednesday, April 10, 2019 12:49 PM To: Roman Danyliw <rdd@cert.org> Cc: The IESG <iesg@ietf.org>; draft-ietf-dnsop-algorithm-update@ietf.org; Tim Wicinski <tjw.ietf@gmail.com>; dnsop-chairs@ietf.org; dnsop@ietf.org Subject: Re: Roman Danyliw's No Objection on draft-ietf-dnsop-algorithm-update-08: (with COMMENT) Thanks for the review! On Wed, Apr 10, 2019 at 5:30 PM Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Abstract. Nit. There is a reference, [RFC6944], in the abstract which isn’t permitted. Hmm, it is really just giving a clickable reference to the document we are obsoleting. It's kind of nice to have there. But I guess you are right that it is not allowed, so I've made the text without a reference. [Roman] Thanks. (2) Section 1.2, Per “This document only provides recommendations with respect to mandatory-to-implement algorithms or algorithms so weak that recommendation cannot be recommended” ** Editorial: s/algorithms so weak that recommendation cannot be recommended/ algorithms so weak that they cannot be recommended/ Was fixed in -08 [Roman] Thanks. ** The first part of the sentence doesn’t appear to be consistent with the RFC2119 words in the Section 3.1 Table which also includes RECOMMENDED/MAY (which is neither MTI or NOT RECOMMENDED) It is recommended in lower case, not in 2119 meaning? [Roman] Ok. I didn’t read it like that. (3) Section 1.3, Typo, s/from from/from/ (4) Section 3.1, Typo, s/cryptographics/cryptographic/ Were already fixed. (5) Section 3.1, ED448 appears to be the only algorithm that doesn’t have treatment in even briefly describing its designated implementation recommendation. It does get mentioned in the beginning of the paragraph. But there isn't much to say really. It's there but just slightly stronger than 25519, so not really worth the effort. I think it is okay to leave it as motsly uninteresting, but if someone has some text, I'm fine with that too. (6) Section 3.1, The sentence “It is expected that ED25519 will become the future RECOMMENDED default algorithm …” is clear on the future. However, looking back at the table in this section, it wasn’t clear what the current default algorithm is. I've changed it a little bit to indicate this by adding a sentence here: RSASHA256 is in wide use and considered strong. It has been the default algorithm for a number of years and is now slowly being replaced with ECDSAP256SHA256 due to its shorter key and signature size, resulting in smaller DNS packets. [Roman] This is clearer. Thanks. (7) Section 3.2, The sentence “Operation recommendation for new and existing deployments.” Seems to stand alone or is missing some words. Should it be something along the lines of “This section provides operational recommendations …” I've removed the sentence. (8) Section 3.2, Typo, s/is RECOMMENDED/is the RECOMMENDED/ (9) Section 3.4, Editorial, s/The SHA-256/SHA-256/ Were already fixed in -08. (10) Section 4, Typo, s/seciton/section/ Fixed. (11) Section 5, Editorial, s/for the use of DNSSEC/for use in DNSSEC/ Fixed. The -09 should appear shortly with these fixes. [Roman] Thanks so much for closing the loop on these and making the changes. Thanks! Paul
- [DNSOP] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Paul Wouters
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Roman Danyliw