IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost

Wes Hardaker <wjhns1@hardakers.net> Tue, 30 April 2024 23:20 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6388CC151088 for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2024 16:20:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hardakers.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6K37k5ilGLzW for <dnsop@ietfa.amsl.com>; Tue, 30 Apr 2024 16:20:45 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [107.220.113.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AC5BC14F747 for <dnsop@ietf.org>; Tue, 30 Apr 2024 16:20:45 -0700 (PDT)
Received: from localhost (unknown [10.0.0.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 36AFE201E9; Tue, 30 Apr 2024 16:20:45 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.hardakers.net 36AFE201E9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardakers.net; s=default; t=1714519245; bh=jTzNI3yBR2Eef8s6QNLTBzHeNL+cEc6lKu68m4dC1EI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Qj0AZ5sUTDFs0+qjiH4xBGfS3/rlVEHJf3UNSIAdsLWPCZTcqzyGN7f40E1svg+YL CnYv1Zj0KfqRcXHDGLAA/et9jUZ7t+Yzk5SWwPyAeoJOrQT0l+eboT6cpyYoQWjZUt CF14c+ukUEkU6PgsE8S3pWynxygxTo8AnIuxLlZE=
From: Wes Hardaker <wjhns1@hardakers.net>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: Wes Hardaker <wjhns1@hardakers.net>, dnsop <dnsop@ietf.org>
In-Reply-To: <4907A4B7-1EAE-460D-91E8-4F7D292C7302@icann.org> (Paul Hoffman's message of "Tue, 30 Apr 2024 22:42:21 +0000")
References: <D95A2D1F-1203-4434-B643-DDFB5C24A161@icann.org> <67B93EF4-6B70-402E-9D78-1A079538CA18@strandkip.nl> <m1s1Wur-0000LDC@stereo.hq.phicoh.net> <f0f9c0ce-2911-9b4c-0d60-47c204add2d4@nohats.ca> <DB9D1C93-95D1-4B76-AD74-4C60433D479A@icann.org> <7dd5f090-b8b7-ea5e-82f2-d622298c7299@nohats.ca> <ybl7cgejxcr.fsf@wd.hardakers.net> <4907A4B7-1EAE-460D-91E8-4F7D292C7302@icann.org>
Date: Tue, 30 Apr 2024 16:20:44 -0700
Message-ID: <ybl34r2jv3n.fsf@wd.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iSbdRdPHZCNB-xCip0fw1QOz7rQ>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2024 23:20:50 -0000

Paul Hoffman <paul.hoffman@icann.org> writes:

> This cull-because-of-low usage thread incorrectly assumes that the DNS
> is flat instead of a hierarchy.

A few points:

1. I only pointed at data that people were asking for.  I did not state
my personal opinion.

2. I published the drafts based on desires by people to have them
published.  I'm at the will of the WG in the long run with respect to
publishing vs not (as all document authors should be).

3. The whole discussion, IMHO, is side-stepping the real issue: if not
now, then when?  IE, do we never put something at MUST NOT?  Is there a
usage threshold?  Is it "must be zero"?  Is it "known to be broken and
everyone must have a flag day instead of a slower process"?

These are not easy questions, and there does seem to be many different
opinions.  RedHat led the pack(ish), and maybe Paul and others will be
the tail end at some very late value.  There is no right or wrong, and
the line of people are likely to spread out along the timeline.

And what makes the situation worse is not whether or not "we" want the
timeline to have a fixed transition point, but the roll out and adoption
and abandoning of older software in the DNS(SEC) landscape takes a
really really long time.  So the trade off of when to say "stop using
this" vs "all software has already stopped using it" has a really really
long gap in the middle.  There is no perfect.

-- 
Wes Hardaker
USC/ISI

v2.39.1 | Report a Bug | By Email | System Status