IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Tim Wicinski <tjw.ietf@gmail.com> Sun, 27 December 2020 18:40 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045853A0E97 for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2020 10:40:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLaxwSg6eaQ6 for <dnsop@ietfa.amsl.com>; Sun, 27 Dec 2020 10:40:26 -0800 (PST)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0953A0E95 for <dnsop@ietf.org>; Sun, 27 Dec 2020 10:40:26 -0800 (PST)
Received: by mail-ot1-x335.google.com with SMTP id r9so7499134otk.11 for <dnsop@ietf.org>; Sun, 27 Dec 2020 10:40:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wTBGYlEOl3JbPzC9ltW4XhUrIJB+JmaaeTlDkVyrev4=; b=V0N89axyz2Z/E6wrqEpsVwdv+++n8uVf7PyVJLXkEvxcrlzVMONVqh+qngoDr9m1TL DGLICCGHFr/MU3tBZxqtC8y61pVdA1yRVxZGbx23OZABM9tQG/l8t2JSJH+mk+Qhc7PL 7YkzL8jpgTxCdK8w6uwPyNqF2UlON+Qsxo+qR/Upt+GoIKx5/0TG/n6MhhDS4ruXUo/o mxWezL6TlPgO2rid2Af91JRNi8vGlojOLrUFQxdTRGB8yZjyYfti9UDWw/BYTnBKg1zg VEm8U3JwifJLybqqSw2/OrZR1c+7eSpcXklOLvHi6/z0GjPkcbi13EfryNbNMoKp5mQM Wcbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wTBGYlEOl3JbPzC9ltW4XhUrIJB+JmaaeTlDkVyrev4=; b=tuwsNPcBOMHAoPF3UMhDU7J6maM2QM3H8DNUhRO//63FHb2JT/ipTd3VK1uwCJrksf FSKT+rdg3f1TuPXCROpl0B17hR1cUBbr2BcCOuqe6oOjJ3njE/NFSGFOhlXWp3HC0B5u oZ/aFNAZ8ZnoxYtlZbxQRNq05GWibJRNnpLTDEggTFxzJP531eW+/7swdoAjXZnTIK0d H2WrUgQB8NMWG7yXHxOXVDhc1Mc+P3AUzk7nMJQ2sv8sJQuZRf6awihQ1RcxxFDyOSkJ BZmJ/vYuwHvOYIKFguoGd24yw7qWjRPhxoy/1akPk5x5AqVh8Juk9UTxv+27HUAKSXDR sWlQ==
X-Gm-Message-State: AOAM533rWYuWt/WMNBf7ZtEoykahHdOR+X3er0YPDKUvDhX1M8Q0kDYC bvctDB6ZG1Dp+4ay+nCoEe3USKo+rRn/ELGhm/8=
X-Google-Smtp-Source: ABdhPJxhaCyQz5ttP/1m05eeuAPOD9muqj3KXbl5hXjPvX/+4uhDctSHml1bB+zi3eDcA31dtLP2E5eZ/YH7dzYT1Hw=
X-Received: by 2002:a9d:3ef6:: with SMTP id b109mr31329002otc.288.1609094425821; Sun, 27 Dec 2020 10:40:25 -0800 (PST)
MIME-Version: 1.0
References: <CADyWQ+FpwL=MBbBU=QrAGeDT+j2Jm3aE5fFkYm+VbH-up6mdgg@mail.gmail.com> <1CA7153F-2D70-466E-9DB5-216D3118030C@icann.org> <CADZyTkngFzo2fzpVxbYFo=eXCcYzraVcvb5DFZzSDpGVWOUe=Q@mail.gmail.com> <9774B325-FD8E-416F-B553-4EDB058FF98B@icann.org> <44FC25E1-A0AF-4726-8B3F-0520DD7A5D0F@ogud.com>
In-Reply-To: <44FC25E1-A0AF-4726-8B3F-0520DD7A5D0F@ogud.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Sun, 27 Dec 2020 13:40:15 -0500
Message-ID: <CADyWQ+Fq2YvHQeq_k9ntnJMdhpmUtu_ainuR1pNCcXDpJ0yc_A@mail.gmail.com>
To: Olafur Gudmundsson <ogud@ogud.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a9462005b7767d1e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZF9IppxHJcp_frdGT54oztMgx8s>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Dec 2020 18:40:28 -0000

(Speaking without my chairs hat here)

How about instead of loosening the requirement, we take the top 64 values,
allocate them as either Experimental or FCFS, and it is explicitly noted
NOT REQUIRED (or NO ONE WILL IMPLEMENT THESE FOR YOU).

That would leave the registry with the strict requirements and allow items
to get code points.

Too simple an answer?

tim


On Fri, Dec 25, 2020 at 10:53 PM Olafur Gudmundsson <ogud@ogud.com> wrote:

>
>
> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
>
> On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.ietf@gmail.com> wrote:
>
>
> Hi,
>
> As the DNS is a global shared resource and its reliability is based on
> **all** pieces of software adhering a common standard, I am inclined to
> believe that new cryptographic algorithms introduced with anything less
> restrictive than "IETF Review" - such as "Specification Required" and "RFC
> Required" - does not sufficiently prevent altering the interoperability of
> the DNS.
>
>
> Why do you feel that DNSSEC has requirements stronger than other IETF
> security prot0cols such as TLS, IPsec, S/MIME, and so on?
>
>
> DNS is a fire-and-forget protocol, all the ones you mention include a
> handshake that can be used to agree on algorithms. Such facility does not
> exist in DNS.
>
> I oppose any relaxation of thresholds to add algorithms to DNSSEC, as
> there is no need.
>
>   Ólafur
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.30.2 | Report a Bug | By Email | System Status