Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC
Daniel Migault <mglt.ietf@gmail.com> Wed, 15 September 2021 14:41 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7EBB3A1B94; Wed, 15 Sep 2021 07:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuEJglfrJHXf; Wed, 15 Sep 2021 07:41:17 -0700 (PDT)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7E3D3A1B7F; Wed, 15 Sep 2021 07:41:17 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id i12so6165226ybq.9; Wed, 15 Sep 2021 07:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2DOwUm9f2Svx/VSTe961In2r1TlF8413kO5JWTyNIgA=; b=IE+bK2vZZvIOUJmEJboc+OnY40ZpxruaeOSWn2+ljZaD+YM7+aXtxIW/Yw1o4lwNh2 GnXzGWr7ULp26bW3dNP4jI0TD2nCq7cd9FKJAbwud26CavZWTmW8bBFrFzv27EpZd3O3 fs97hozzcW4Yc7vNRto80Xsj+F3wFekUUCJJXkgjw0Uw3lgjG7LdChsyRxFYoYAoXZjG haog0RRPhUBEuB1wK8ewGwnHZzQC1L2J1/ecrEGg/5K8JvNJCww+Z+zHRYI3c/UxBSeK KpZlb7f2jm3jU35TuiTlHauUB3MwlzmBALm4ogrC7mFA558EcZYeJHG/wrYFKb13D1WQ M+uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2DOwUm9f2Svx/VSTe961In2r1TlF8413kO5JWTyNIgA=; b=TH9EqVX3DycG+w3yr0PHYwitTDsRdyebG1gtXV6DaneI53zLBpwBSXEqWVJu+4GAaU 4XIWoeu9sUcX0NikdZ5NPTxyAphyjjDB6yq98AuzC8kmyFFQlZSEX6ZbbxMVNpkhL1jD Yc4XXXS3VBHWVo+9mR0RA1cqT+Uo/glHjbZZ4w0x0F0MG3/vUDw/hm5w4+7L8xpPENmj /sx0QNnGcM7oqOiix3iBthmIBxAfItinl8cLe8QqqONfi1wvbPvLG5TfSxsjfFY5zkT2 UYTRPI7RbWuiFLqW0bH3o5aecyESJme4gpxpsFoWAtWxLjKLJ6O0oeyvvnXHQdVu5Nuh WLYg==
X-Gm-Message-State: AOAM532BuDSYwg4IFvkwkibubIztVi9Dn37zZhuD145y/cE9bQh43e1a 9PToUj3TZ5TuJM4yLCCSoT4LchdVbVm1fyJmwYo=
X-Google-Smtp-Source: ABdhPJxfx8r8rQTSyPbL9w3INB96UxqDwsD8OBPXdkNJXKb754pT5/aW191irxpM95cQWh+34Vgxbk6lRhh1OWXpuDA=
X-Received: by 2002:a25:9d89:: with SMTP id v9mr491639ybp.8.1631716875802; Wed, 15 Sep 2021 07:41:15 -0700 (PDT)
MIME-Version: 1.0
References: <CADyWQ+Fyi1M56t6WQ=0EB1yZf1tKP7uSiaZHLLtvDLn_KUHrng@mail.gmail.com> <CADyWQ+HGP0OTnH9YniM+XQc9dHMkTC4Amid8BoRm-1OZ=6Mkgw@mail.gmail.com>
In-Reply-To: <CADyWQ+HGP0OTnH9YniM+XQc9dHMkTC4Amid8BoRm-1OZ=6Mkgw@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Wed, 15 Sep 2021 10:41:04 -0400
Message-ID: <CADZyTk=bQxJHw8b2eXYLnJYx+2hpEKZBerR5FN0_n5nEnQc3kA@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c19aab05cc09b03e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/guod7eXAGU__Z6J-Qe2tOb419dk>
Subject: Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 14:41:31 -0000
Hi, I apologize for the late answer, but here are my comments regarding the draft. I believe the security considerations section needs to mention the interoperability issue if a hash algorithm is not widely supported by the resolvers. This, in my view, can potentially affect the DNS system, and I believe some text should try to limit non standard algorithms to very specific deployment - including experimentation. I believe that for experimentation the draft is helpful. Outside experimentation, especially for national algorithms, this will lead to nations having their algorithms qualified as standard while other nations having their algorithms qualified as non standard. I would like to understand why this cannot be a problem. For additional transparency, the document needs, in my opinion, additional clarifications. This includes guidelines or criteria for algorithms to qualify as standard as well as the relation with rfc8624 that makes DNSSEC interoperable in terms of cryptography. More specifically it should clarify that standard algorithms may or may not be recommended as well as whether non standard algorithms may or may not be recommended. Yours, Daniel On Tue, Aug 24, 2021 at 3:07 AM Tim Wicinski <tjw.ietf@gmail.com> wrote: > All > > The Working Group Last Call for draft-ietf-dnsop-dnssec-iana-cons ended > last week, and we've filtered through the comments both pro and con. > > We feel there is rough consensus to move this forward. > > thanks > > Benno/Suzanne/Tim > > > On Wed, Aug 4, 2021 at 11:29 AM Tim Wicinski <tjw.ietf@gmail.com> wrote: > >> >> All >> >> This starts a Working Group Last Call for >> draft-ietf-dnsop-dnssec-iana-cons >> >> Current versions of the draft is available here: >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-iana-cons/ >> >> The Current Intended Status of this document is: Standards Track >> >> Please review the draft and offer relevant comments. >> If this does not seem appropriate please speak out. >> If someone feels the document is *not* ready for publication, please >> speak out with your reasons. >> >> This starts a two week Working Group Last Call process, and ends on: 18 >> August 2021 >> >> thanks >> tim >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson
- [DNSOP] Working Group Last Call for Revised IANA … Tim Wicinski
- Re: [DNSOP] Working Group Last Call for Revised I… Donald Eastlake
- Re: [DNSOP] Working Group Last Call for Revised I… Vladimír Čunát
- Re: [DNSOP] Working Group Last Call for Revised I… Dmitry Belyavsky
- Re: [DNSOP] Working Group Last Call for Revised I… Dmitry Belyavsky
- Re: [DNSOP] Working Group Last Call for Revised I… Olafur Gudmundsson
- Re: [DNSOP] Working Group Last Call for Revised I… Paul Wouters
- Re: [DNSOP] Working Group Last Call for Revised I… Joe Abley
- Re: [DNSOP] Working Group Last Call for Revised I… Paul Wouters
- Re: [DNSOP] Working Group Last Call for Revised I… Joe Abley
- Re: [DNSOP] Working Group Last Call for Revised I… Paul Wouters
- Re: [DNSOP] Working Group Last Call for Revised I… Joe Abley
- Re: [DNSOP] Working Group Last Call for Revised I… Brian Dickson
- Re: [DNSOP] Working Group Last Call for Revised I… Murray S. Kucherawy
- Re: [DNSOP] [Ext] Working Group Last Call for Rev… Paul Hoffman
- Re: [DNSOP] Working Group Last Call for Revised I… Tim Wicinski
- Re: [DNSOP] Working Group Last Call for Revised I… Daniel Migault
- Re: [DNSOP] Working Group Last Call for Revised I… Vladimír Čunát
- Re: [DNSOP] Working Group Last Call for Revised I… Daniel Migault
- Re: [DNSOP] Working Group Last Call for Revised I… Daniel Migault
- Re: [DNSOP] Working Group Last Call for Revised I… Vladimír Čunát