Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC

Paul Wouters <paul@nohats.ca> Thu, 22 March 2018 17:28 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE8E126B6D for <dnsop@ietfa.amsl.com>; Thu, 22 Mar 2018 10:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REtOkhWNpm9A for <dnsop@ietfa.amsl.com>; Thu, 22 Mar 2018 10:27:58 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A340A12EB2D for <dnsop@ietf.org>; Thu, 22 Mar 2018 10:27:50 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 406YXN3rTDzCv5; Thu, 22 Mar 2018 18:27:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1521739668; bh=xjwDKDB2EDFDxV1ZcmOqcg12GSg7JgnNelSg92zZGic=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=qWAka1NzqnGJDfS1I20hZIn3TIL70KQyJ/4sViCF5bAiRUsAiDr7WJ70CU/G1PsFz sqA1T8Gf8SIeKjBW3Nm5L/hbgC7+s1grpNA0GRa2yW9KtmdO29+gNXF9QEsE6K44me 3SAgiH0Rgt86jFv2swj+5fm/0uo2BsLLWI7svo4k=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id cQ7Ai7p9NVt8; Thu, 22 Mar 2018 18:27:43 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 22 Mar 2018 18:27:42 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id D7A3030AF10; Thu, 22 Mar 2018 13:27:38 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca D7A3030AF10
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id CE78440008A0; Thu, 22 Mar 2018 13:27:38 -0400 (EDT)
Date: Thu, 22 Mar 2018 13:27:38 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: =?ISO-8859-2?Q?Ond=F8ej_Sur=FD?= <ondrej@isc.org>
cc: dnsop@ietf.org
In-Reply-To: <EBE54422-0A97-4B33-BD55-01CACF1F272A@isc.org>
Message-ID: <alpine.LRH.2.21.1803221314140.11686@bofh.nohats.ca>
References: <EBE54422-0A97-4B33-BD55-01CACF1F272A@isc.org>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dOM4sFXdKz6xlefby9_3uw0HIJ0>
Subject: Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 17:28:00 -0000

On Thu, 22 Mar 2018, Ondřej Surý wrote:

> https://github.com/oerdnj/draft-ietf-dnsop-algorithm-update
>
> Pull/Merge Requests, Issues, etc. are welcome.
>
> The most of the work done between the last version and this is:
>
> * Removal of MUST-, SHOULD+, etc…
> * Upgrade the urgency of deploying ECC
> * Separate operational recommendations for default algorithm to ECDSAP256SHA256
> * Deprecation of ECC-GOST (that actually happened elsewhere, so we reflect it here)

As for the DS algorithm 4, SHA-384 does not really add anything over
SHA-256, so it would be good to move that further down from MAY to MUST
NOT on the creation (not validation) part. I'm afraid the current
listing might appear as "it is MAY now but will become MUST in the
future".

Based on Viktor's data, the ratio of SHA256 to SHA384 is 500:1 with
only 8649 DS SHA384 records. Even GOST which is MUST NOT has 4x more
DS records deployed with 36388 records.

I think this text also needs an update:

 	RSASHA1 and RSASHA1-NSEC3-SHA1 are widely deployed, although zones
 	deploying it are recommended to switch to ECDSAP256SHA256 as there is
 	an industry-wide trend to move to elliptic curve cryptography.

They should switch away from SHA1 as SHA1 is being deprecated industry
wide. Even if we recommend to move away from RSA (which I'm not sure if there
is consensus on) to ECC, I would like to move them to ED25519/ED448 over
the ECDSA* variants. If it is too soon for that now, I would simply not
recommend moving away from RSA. And maybe make ECDSAP256SHA256 a MAY
instead of a MUST.

Paul