IETF Logo Mail Archive

Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC

Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Wed, 15 September 2021 17:45 UTC

Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 441573A07B8 for <dnsop@ietfa.amsl.com>; Wed, 15 Sep 2021 10:45:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBdoSCuE2x00 for <dnsop@ietfa.amsl.com>; Wed, 15 Sep 2021 10:45:34 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36CAD3A07B3 for <dnsop@ietf.org>; Wed, 15 Sep 2021 10:45:33 -0700 (PDT)
Received: from [IPV6:2a02:768:2d1c:226::a2e] (unknown [IPv6:2a02:768:2d1c:226::a2e]) by mail.nic.cz (Postfix) with ESMTPSA id D7BF21406FE; Wed, 15 Sep 2021 19:45:28 +0200 (CEST)
Message-ID: <f8997302-0325-7499-9cb4-4d971db2ec9d@nic.cz>
Date: Wed, 15 Sep 2021 19:45:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.0.3
Content-Language: en-US
To: Daniel Migault <mglt.ietf@gmail.com>
Cc: dnsop <dnsop@ietf.org>
References: <CADyWQ+Fyi1M56t6WQ=0EB1yZf1tKP7uSiaZHLLtvDLn_KUHrng@mail.gmail.com> <CADyWQ+HGP0OTnH9YniM+XQc9dHMkTC4Amid8BoRm-1OZ=6Mkgw@mail.gmail.com> <CADZyTk=bQxJHw8b2eXYLnJYx+2hpEKZBerR5FN0_n5nEnQc3kA@mail.gmail.com>
From: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
In-Reply-To: <CADZyTk=bQxJHw8b2eXYLnJYx+2hpEKZBerR5FN0_n5nEnQc3kA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.102.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/gyyUb99UAxJjbaDDZrV9U9loEn8>
Subject: Re: [DNSOP] Working Group Last Call for Revised IANA Considerations for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 17:45:39 -0000

On 15/09/2021 16.41, Daniel Migault wrote:
> Outside experimentation, especially for national algorithms, this will 
> lead to nations having their algorithms qualified as standard while 
> other nations having their algorithms qualified as non standard. I 
> would like to understand why this cannot be a problem.

I'm sorry, I'm a bit confused about which nations would get standard 
algorithms.  Are P-256 and P-384 considered "national" crypto?  I know 
they're from NIST, but they seem widely popular outside USA.  
Technically we have old GOST algo(s) on standards track, though they are 
already obsolete in its nation, so those? Or some other (planned) 
algorithm I've missed?  Apart from that, I personally think that 
allowing "cheaper" allocations of algorithm numbers *reduces* this 
disparity/problem instead of making it worse, but perhaps I'm missing 
the essence of the issue.

Interoperability could be mentioned for reference, though in practice 
having a standard does not necessarily help that much, e.g. Ed25519 
validation levels are still rather low after four years with standard 
and Ed448 is probably even worse: 
https://www.potaroo.net/ispcol/2021-06/eddi.html

--Vladimir

v2.23.0 | Report a Bug | By Email