Re: [DNSOP] Call for Adoption: draft-belyavskiy-rfc5933-bis
Ondřej Surý <ondrej@isc.org> Tue, 16 June 2020 07:52 UTC
Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 428CA3A110E; Tue, 16 Jun 2020 00:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ew5HowHcrn7i; Tue, 16 Jun 2020 00:52:50 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DE963A110D; Tue, 16 Jun 2020 00:52:50 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 8741B3AB002; Tue, 16 Jun 2020 07:52:50 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 6D05D16007B; Tue, 16 Jun 2020 07:52:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 504E016006B; Tue, 16 Jun 2020 07:52:50 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rFheDjvaGjEn; Tue, 16 Jun 2020 07:52:50 +0000 (UTC)
Received: from [10.10.11.185] (adria.kvarteto.net [82.113.55.18]) by zmx1.isc.org (Postfix) with ESMTPSA id 2AE49160006; Tue, 16 Jun 2020 07:52:49 +0000 (UTC)
From: Ondřej Surý <ondrej@isc.org>
Message-Id: <7FF83D52-F20B-4FF2-82AA-416835FCA5F4@isc.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_C975CBC1-94D8-4EF4-AC36-BFE2A0E60E06"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 16 Jun 2020 09:52:45 +0200
In-Reply-To: <A930F8C6-9C33-4933-AC37-579ACEF5B325@ogud.com>
Cc: Tim WIcinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
To: Olafur Gudmundsson <ogud@ogud.com>
References: <CADyWQ+H4713BnZDntTuVW0FrO59zZ9NFJ=J=n9JFFq2zmfy2pQ@mail.gmail.com> <A930F8C6-9C33-4933-AC37-579ACEF5B325@ogud.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UkVjQhbA4tz8NesBolB83BN81O4>
Subject: Re: [DNSOP] Call for Adoption: draft-belyavskiy-rfc5933-bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 07:52:52 -0000
Hi, I do not hold as strong position as Olafur here, but I concur that the document needs much better rationale. There’s no rationale for adopting the new GOST algorithm at the moment and I would especially like to hear why GOST 2012 should be standardized and EC-KCDSA (Korean) and ECGDSA (German) should not. I specifically think that we should only standardize algorithms recommended by cfrg such as RFC 7748 or RFC 8439 (just example, not applicable). I consider the previous GOST standardization for DNSSEC to be a fiasco. I would also ask the WG to require a implementation report before we send this to WGLC. The support for GOST family of algorithms varies between the various crypto libraries. I found it problematic for the DNS vendors that OpenSSL supports the algs only in form of OpenSSL engine, and that said engine had last release in 2018. The project activity looks fine, but issues like this[1] don’t exactly fill me with trust, but at least there’s an active maintainer for the project. As of the adoption - I am indifferent, the things I mentioned could be done with or without WG adopting the document, but I think that the document should not become a RFC (not even Informational) before the items I mentioned are cleared. 1. https://github.com/gost-engine/engine/issues/91 Ondrej -- Ondřej Surý ondrej@isc.org > On 16 Jun 2020, at 04:42, Olafur Gudmundsson <ogud@ogud.com> wrote: > > > Thom > As I have before stated in the past, adding new DNSSEC algorithm is bad for interoperability, > I oppose the adoption of this document unless there are better reasons put forward why this algorithm is better than > the 4 ECC algorithms that have been standardized so far. > Better in this case could be stronger, faster, better post-quantum resistance etc > > Also I want to point out this last call did not specify track so my opposition is against all tracks, at this point. > > Olafur > > > > >> On Jun 3, 2020, at 5:07 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote: >> >> >> All, >> >> As we stated in the meeting and in our chairs actions, we're going to run >> regular call for adoptions over next few months. >> We are looking for *explicit* support for adoption. >> >> >> This starts a Call for Adoption for draft-belyavskiy-rfc5933-bis >> >> The draft is available here: https://datatracker.ietf.org/doc/draft-belyavskiy-rfc5933-bis/ >> >> Please review this draft to see if you think it is suitable for adoption >> by DNSOP, and comments to the list, clearly stating your view. >> >> Please also indicate if you are willing to contribute text, review, etc. >> >> This call for adoption ends: 15 June 2020 >> >> Thanks, >> tim wicinski >> DNSOP co-chair >> >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Call for Adoption: draft-belyavskiy-rfc59… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Warren Kumari
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Brian Dickson
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Dmitry Belyavsky
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Dmitry Belyavsky
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Stanislav V. Smyshlyaev
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Olafur Gudmundsson
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Ondřej Surý
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Dmitry Belyavsky
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Василий Долматов
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Dick Franks
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Martin Thomson
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Paul Vixie
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… S Moonesamy
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Eric Rescorla
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Eric Rescorla
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Dmitry Belyavsky
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Valery Smyslov
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Jim Reid
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Eric Rescorla
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Eric Rescorla
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Daniel Migault
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Töma Gavrichenkov
- Re: [DNSOP] Call for Adoption: draft-belyavskiy-r… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Martin Thomson
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Vladimír Čunát
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Dick Franks
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… John Levine
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Olafur Gudmundsson
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Василий Долматов
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Töma Gavrichenkov
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Wes Hardaker
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Töma Gavrichenkov
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Ondřej Surý
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… John Levine
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-belyav… Paul Wouters