Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC

"Paul Hoffman" <paul.hoffman@vpnc.org> Tue, 27 March 2018 17:22 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3091A12E882 for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 10:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IiPM1kW48D0x for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 10:22:33 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9CA912E041 for <dnsop@ietf.org>; Tue, 27 Mar 2018 10:22:26 -0700 (PDT)
Received: from [10.32.60.121] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w2RHLmXx061927 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 27 Mar 2018 10:21:49 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.121]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Michael Sinatra <michael@brokendns.net>
Cc: dnsop@ietf.org
Date: Tue, 27 Mar 2018 10:22:23 -0700
X-Mailer: MailMate (1.11r5462)
Message-ID: <BC4B7324-28B9-4EB4-9BCC-9C85D141E34B@vpnc.org>
In-Reply-To: <09435ace-eadf-d5cb-bd00-c007a9126316@brokendns.net>
References: <EBE54422-0A97-4B33-BD55-01CACF1F272A@isc.org> <525a5b1f-07a6-1fb1-aada-5a5dc07db110@brokendns.net> <524A0C89-F1CE-4D36-BB45-1FDFF210E656@vpnc.org> <09435ace-eadf-d5cb-bd00-c007a9126316@brokendns.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iFtS46NvTBXRBzuPYrQvYyVBMU0>
Subject: Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 17:22:37 -0000

On 27 Mar 2018, at 10:21, Michael Sinatra wrote:

> My goal is to basically avoid confusion and just tell people to use 
> the
> strongest algorithm they can reasonably use.  I.e. follow the CNSA
> recommendations and don't spend a lot of time thinking about the
> application.

The CNSA will likely be updated in the future to actually deal with the 
issues, or be supplanted altogether with something from a different 
agency that is better written. Telling people "just follow this 
poorly-worded doc" is not what this WG should be doing.

--Paul Hoffman