Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons

Stephen Farrell <> Fri, 01 January 2021 16:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 45DD93A03FA for <>; Fri, 1 Jan 2021 08:53:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XHmtxh-GK9XR for <>; Fri, 1 Jan 2021 08:53:20 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1EC4D3A03F8 for <>; Fri, 1 Jan 2021 08:53:19 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8F3D2BE2C; Fri, 1 Jan 2021 16:53:16 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oXRz-3zpPJAn; Fri, 1 Jan 2021 16:53:14 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id C4EDABE24; Fri, 1 Jan 2021 16:53:14 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1609519994; bh=lOUodmTHFqgVzUf6tNKBAo09VNB+GaVuFDbvXrV3Tqk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=RSkVcEx5bWAB2WxU2ywPlBqqfE0K7Yy5hKsUUAFrk6yqARVxryMzpY+/RW9aUqe1s bmGnRUQM+8klHj0/OEhahr8OBAjNilmVGO1OVbms6/Mdm8/qEUglT6XEfKv/Zkk/Q2 WtCXBxn3SDCRpw6pg2+vf+iOq2jABrz7F6UbRarU=
To: Paul Hoffman <>
Cc: dnsop <>
References: <> <> <> <> <>
From: Stephen Farrell <>
Message-ID: <>
Date: Fri, 01 Jan 2021 16:53:13 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="tAePPqDVMnTLsCmryoNMJApzYK7784Gt5"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Jan 2021 16:53:22 -0000


I note that you didn't answer my question about actual use
of gost and guess that's because you don't have that data
to hand. I'm still interested in that if someone has info
because grounding this in reality seems likely better.

On 01/01/2021 16:38, Paul Hoffman wrote:
> The status quo (standard required) will likely absorb a lot of time
> for the IETF if the WG decides to move the revised GOST forward. It
> will also probably land in the CFRG. Reducing the requirement to RFC
> required allows their document to be informational.
> The WG already has RFC 8624 that talks about what implementers should
> do with various algorithms. Clearly, it will need to be updated for
> the revised GOST regardless of whether the WG changes the IANA
> considerations.
> Also, as a reminder, this isn't only about GOST. In the coming years,
> there will be a raft of post-quantum signing algorithms with
> different signature and key size ratios that people will want
> adopted. Putting every one of them on standards track seems onerous
> to some of us.
Sure, I get all that, but the trade-off is between our time
vs. some properties of the deployed DNS so it may or may not
be that us spending time is the better/cheaper option overall
even if that's a PITA for us. Personally I could more easily
figure out my position on this if I knew how much gost was
really in use. (If it's negligible, then one could argue that
moving the current gost alg to historic or something might be
the better option.)