Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Olafur Gudmundsson <ogud@ogud.com> Sat, 26 December 2020 03:52 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 526543A08C5 for <dnsop@ietfa.amsl.com>; Fri, 25 Dec 2020 19:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hez_hpTVAkw1 for <dnsop@ietfa.amsl.com>; Fri, 25 Dec 2020 19:52:53 -0800 (PST)
Received: from smtp81.ord1d.emailsrvr.com (smtp81.ord1d.emailsrvr.com [184.106.54.81]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59F7C3A08C3 for <dnsop@ietf.org>; Fri, 25 Dec 2020 19:52:53 -0800 (PST)
X-Auth-ID: ogud@ogud.com
Received: by smtp11.relay.ord1d.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 57C82600A7; Fri, 25 Dec 2020 22:52:52 -0500 (EST)
From: Olafur Gudmundsson <ogud@ogud.com>
Message-Id: <44FC25E1-A0AF-4726-8B3F-0520DD7A5D0F@ogud.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B2626B16-408A-4016-B2DB-0244D60C7E3E"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 25 Dec 2020 22:52:51 -0500
In-Reply-To: <9774B325-FD8E-416F-B553-4EDB058FF98B@icann.org>
Cc: dnsop <dnsop@ietf.org>
To: Paul Hoffman <paul.hoffman@icann.org>
References: <CADyWQ+FpwL=MBbBU=QrAGeDT+j2Jm3aE5fFkYm+VbH-up6mdgg@mail.gmail.com> <1CA7153F-2D70-466E-9DB5-216D3118030C@icann.org> <CADZyTkngFzo2fzpVxbYFo=eXCcYzraVcvb5DFZzSDpGVWOUe=Q@mail.gmail.com> <9774B325-FD8E-416F-B553-4EDB058FF98B@icann.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Classification-ID: 21f99e7a-cf32-4123-a143-da1fcf312006-1-1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/X4M98_9cyKVvUad8E1pJWSLzO98>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Dec 2020 03:52:55 -0000


> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.ietf@gmail.com <mailto:mglt.ietf@gmail.com>> wrote:
>> 
>> Hi, 
>> 
>> As the DNS is a global shared resource and its reliability is based on **all** pieces of software adhering a common standard, I am inclined to believe that new cryptographic algorithms introduced with anything less restrictive than "IETF Review" - such as "Specification Required" and "RFC Required" - does not sufficiently prevent altering the interoperability of the DNS.  
> 
> Why do you feel that DNSSEC has requirements stronger than other IETF security prot0cols such as TLS, IPsec, S/MIME, and so on? 

DNS is a fire-and-forget protocol, all the ones you mention include a handshake that can be used to agree on algorithms. Such facility does not exist in DNS. 

I oppose any relaxation of thresholds to add algorithms to DNSSEC, as there is no need. 

  Ólafur