[DNSOP] Interest in moving forward with draft-york-dnsop-deploying-dnssec-crypto-algs ?
Dan York <york@isoc.org> Fri, 02 November 2018 17:38 UTC
Return-Path: <york@isoc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBD0130E19 for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 10:38:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ff3UfCw0s1pq for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 10:38:46 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0050.outbound.protection.outlook.com [104.47.38.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34EB8130E25 for <dnsop@ietf.org>; Fri, 2 Nov 2018 10:38:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GRnx2EMxk6SD8+dLKR+rEdk36Ghca9Vfv7aToKREeBo=; b=WTjvmgax+gOgPl41um1lA5G9feQSg7y7LHir+Xpy+n+4Gvdh2Etjo+K1YmKADRJ76jeMKZ5rctYGjfYfywhMJdkhuSWnsSDYnzlfTL7HXxiqRs79xQCTvtVN4oFW7s9c8nf0ih+qFIj5/1JM6n/VsqbU0Z5EjYOP4677CsJxIe8=
Received: from BN3PR0601MB1314.namprd06.prod.outlook.com (10.161.210.139) by BN3PR0601MB1348.namprd06.prod.outlook.com (10.161.210.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.26; Fri, 2 Nov 2018 17:38:37 +0000
Received: from BN3PR0601MB1314.namprd06.prod.outlook.com ([fe80::6ddc:e11:56b8:b6ba]) by BN3PR0601MB1314.namprd06.prod.outlook.com ([fe80::6ddc:e11:56b8:b6ba%9]) with mapi id 15.20.1273.030; Fri, 2 Nov 2018 17:38:37 +0000
From: Dan York <york@isoc.org>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Thread-Topic: Interest in moving forward with draft-york-dnsop-deploying-dnssec-crypto-algs ?
Thread-Index: AQHUctLizjrgOkvk0UGdSdaRNULSlQ==
Date: Fri, 02 Nov 2018 17:38:36 +0000
Message-ID: <D2FE2817-8EBC-4A1C-A1F1-4AB82550F0A4@isoc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=york@isoc.org;
x-originating-ip: [65.119.211.164]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0601MB1348; 6:ydzOXYE6RbjOS4hi6IjLyHyeCQv/67p7WWsYPYPxKf8J3RNPZwJYRO+5GoGYswSQC7PJ6KNJPtl9jN+1Tl6I95Rekve5casw15hNgkkV0HnrMP4sGzaWpwLcPtSuL5gLMnRUnPD5gzirfCBe08/+sI03pmWsgYka1zm68LB4jdVhvZcNSVHD9lgrsh4V5J04qwdQWQJ0aWfaY9MemwSF2OdUkYf7iktDgMpsYQrqlRtQVhVNZX0ReTNGoewHSAjYRmTByCN60D3S1s4fcX/v3Zr6fFsJ7Z6Mdhat5Y2bgrm/kA3AVMz7WoLyzTT07HOWBZi6REIfsRSo0T/slwgvpNs224GQkIyidilMy/huxZZTUWycf1zKGeWaO7GoeC681d7OIUeCxvxq1x3O+ZNnW3EX6isGixkxdLiKckvnFJu1SqWpI2/Eojn1qqWixPGqTcjjLq68EHvuj0hqBXldIw==; 5:4KM4H8jSpg4xuliVsv9h7MZBa6g6YrHZbT9E0GAG/znJCA/X0543h6RfmoIcjrRhg/7owLbjiXYZCkW+2xIEe9dHdly9kki8UEqpYF+HnUrSBEynMN5b7aJI26ZuBWJWkUaeeCJsBRVGYpgnAsH2UaNjtLT5F/cFNjyR5lHp/ig=; 7:x2p8+E5j11BEQVj++kf37ZO1Q0k4n3ld3TVeZep0Pf/LSQK5aT8WuJlQ2Q3Rf7SUOUQayhjLX+dXifDSFQbwnrftz9Zg1D50ojeq5MtK0GhW9i70PUBjCFSeUMPyKY/TJxPiAgScddmHnMnCFA+TAQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7e4a0161-8683-401a-517d-08d640ea0509
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN3PR0601MB1348;
x-ms-traffictypediagnostic: BN3PR0601MB1348:
x-microsoft-antispam-prvs: <BN3PR0601MB134860329DDC17D195C584A8B7CF0@BN3PR0601MB1348.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(31418570063057);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(3231382)(944501410)(4983020)(4982022)(52105095)(3002001)(10201501046)(93006095)(93001095)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:BN3PR0601MB1348; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0601MB1348;
x-forefront-prvs: 08444C7C87
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(39850400004)(136003)(366004)(376002)(199004)(189003)(97736004)(6916009)(6486002)(6506007)(26005)(316002)(81166006)(81156014)(102836004)(606006)(8676002)(6436002)(54896002)(236005)(25786009)(5660300001)(99286004)(6306002)(8936002)(7736002)(6512007)(186003)(476003)(105586002)(86362001)(2616005)(53936002)(36756003)(106356001)(68736007)(14454004)(2900100001)(99936001)(53376002)(486006)(966005)(71190400001)(82746002)(66066001)(478600001)(33656002)(256004)(14444005)(2906002)(83716004)(3846002)(71200400001)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN3PR0601MB1348; H:BN3PR0601MB1314.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-microsoft-antispam-message-info: UKuvwqz5GmKoaaEDA8JSBQ/4Yud9Inb+D41P3sH6unIWkwueUOrhsC6euEraNvT0z6kwV6MwIDAXeyTWfw9pR6i1Ucn8x9m1WoWHrWyNT91LJIr4CXSu6FXQzUYgpeLL2rM9tnEwt0/6PoY0u1wou3GnXiYHh39AG2lx46ClEPaePvTnNUwVEEF/8Szds2P5lp6wd6u3e2hCJEmpkipQhpC6AGotcE/tqaMp0bfc7N6dEUC/vlD+1Cjhsmi8Mmx0EcgQhlQ66hnIYfm3nhxldPZXHiB6vtk/J5/SUpu05LvkZyRMzW0SREfBAPwzRFBgIhMxLMDhCkakNEKUdDp1FKvARlBdegCRBFNrkWiWCYM=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_A1608EC9-C496-49E1-8F01-EDBE42B60F25"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e4a0161-8683-401a-517d-08d640ea0509
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2018 17:38:36.9334 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0601MB1348
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ty_BWigBsGilQ2OQrU8BIbbTYn0>
Subject: [DNSOP] Interest in moving forward with draft-york-dnsop-deploying-dnssec-crypto-algs ?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Nov 2018 17:38:50 -0000
During the time leading up to the Root KSK Rollover on October 11, I had multiple people from outside of DNS circles asking me why DNS was so hard to upgrade. Basically - why was this Root KSK Rollover such a big concern? I recalled the draft a few of us wrote a bit ago with observations on the challenges of deploying DNSSEC cryptographic algorithms: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-06 While we originally wrote that draft to feed into some of the KSK rollover design discussions that were happening, it occurred to me that it might be useful to have out there and available in some public form for people to be able to find and refer to. Is there interest from this group in moving this draft forward? And if so, do people have comments on what is in the draft? Thanks, Dan P.S. There are certainly other places this kind of document could be published. For instance, I could turn that into a short paper we publish on the Internet Society's website in the Deploy360 section. But there is also a logical value to including it along with the other DNSSEC documents in the RFCs. -- Dan York Director, Content & Web Strategy, Internet Society york@isoc.org +1-802-735-1624 Jabber: york@jabber.isoc.org Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/