Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt

Robert Story <rstory@isi.edu> Tue, 19 February 2019 20:41 UTC

Return-Path: <rstory@isi.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2953D130F79 for <dnsop@ietfa.amsl.com>; Tue, 19 Feb 2019 12:41:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0MiUuk6U8z6D for <dnsop@ietfa.amsl.com>; Tue, 19 Feb 2019 12:41:41 -0800 (PST)
Received: from mail-c.ads.isi.edu (mail-c.ads.isi.edu [128.9.180.198]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ADCD130F75 for <dnsop@ietf.org>; Tue, 19 Feb 2019 12:41:41 -0800 (PST)
IronPort-PHdr: =?us-ascii?q?9a23=3A1eqnuRWpLOkh1RuIbCS2mL6J9pHV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYbBCGt8tkgFKBZ4jH8fUM07OQ7/iwHzRYqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjWwba9xIRmssQndqtQdjJd/JKo21hbHuGZDdf?= =?us-ascii?q?5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXM?= =?us-ascii?q?TRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlD?= =?us-ascii?q?kIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94RWGhPUdtLVyFZDI2y?= =?us-ascii?q?b5UBAfcCM+laoYn9oFwAohSiCgejH+7v1iZIi2Xq0aAgz+gsEwfL1xEgEdIUt3?= =?us-ascii?q?TUqc34OrsVUe+u0qbI1ynDZO5L1zfh74jIaBAgquyLULJqasrR1U4vFxnFj1iL?= =?us-ascii?q?qIzlJDKV2v4TvGeG8uptTOSigHMppQF2pzig3MYsio/Ri4IU0VDE9D91z5goKt?= =?us-ascii?q?2lTkNwfN2qEINIui2HKYd7QdkuTmVytConybALtoS3cSsExZkh2hXRceaIc5KS?= =?us-ascii?q?7RLmTOuRJDB4i297d7+nnBay9FSgyvX7VsmpzFZGtipFncfItnAKzxHT9smHSu?= =?us-ascii?q?dn8UenwzqP1gbT6v1eLUA6iKrbN58gzqQ3lpoJvkTPBi72mEPog6+Kbkgo5/ak?= =?us-ascii?q?5uf9brjivJOQKox5hw7kPqktlMGzGeE4PRIPX2if9+S8zrrj/UjhTbVQlf02jq?= =?us-ascii?q?7ZsIraJMkAp665GA5V3pw95BmiEjeqyM4YkmUfLFJZZBKHiJDkO1TUL/DiDvew?= =?us-ascii?q?mU+hkDZwx//aJLHhBY/NLnfbmrf7Ybl981JcyBY0zd1H/5JUF6oBL+jvWkDvrt?= =?us-ascii?q?zYDwQ0PBeuzObhB9V91JkSVn6IAq+cKKnSq0OH5vozI+mQY48YoCvyK/4+5/7p?= =?us-ascii?q?lX80gl4dcre13ZsZcny4Ge5mI0rKKUbr1/IIC2RClwwyVuH1kxXWVDdJZH+aXr?= =?us-ascii?q?k3oDYhB9T1I53EQ9WXh7aMxjvzJYFRfHEOXkqXDXDyZq2FQPZKZS6PdJwy2gcY?= =?us-ascii?q?XKSsHtdynSqlsxX3nv8+drLZ?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2ESAACiaWxc/1O4CYBjFgQBAQEBAQIBA?= =?us-ascii?q?QEBBwIBAQEBgVQCAQEBAQsBggNngQOELZQJgg2aFgErDAEChD4Cg2wiNwYNAQM?= =?us-ascii?q?BAQIBAQIBAQJpHAyCOikBFE0LBS4BAQFTAhRdAQIDI1QCEAsNCwICBRMOAgIPS?= =?us-ascii?q?AYygwKBcq1YgS8aAohEAQeBS4ELizkXgUA/gRGDEoRrCQ2DCYJXAoo6hxeReAm?= =?us-ascii?q?STQwZgXCJAwOIDotVh3SKfSOBVjMaCB0TgygIgh4YE4QiigckgTUBAYoRgksBA?= =?us-ascii?q?Q?=
X-IPAS-Result: =?us-ascii?q?A2ESAACiaWxc/1O4CYBjFgQBAQEBAQIBAQEBBwIBAQEBgVQ?= =?us-ascii?q?CAQEBAQsBggNngQOELZQJgg2aFgErDAEChD4Cg2wiNwYNAQMBAQIBAQIBAQJpH?= =?us-ascii?q?AyCOikBFE0LBS4BAQFTAhRdAQIDI1QCEAsNCwICBRMOAgIPSAYygwKBcq1YgS8?= =?us-ascii?q?aAohEAQeBS4ELizkXgUA/gRGDEoRrCQ2DCYJXAoo6hxeReAmSTQwZgXCJAwOID?= =?us-ascii?q?otVh3SKfSOBVjMaCB0TgygIgh4YE4QiigckgTUBAYoRgksBAQ?=
X-IronPort-AV: E=Sophos;i="5.58,388,1544515200"; d="scan'208";a="17552809"
Received: from unknown (HELO titan.int.futz.org) ([128.9.184.83]) by mail-c.ads.isi.edu with SMTP; 19 Feb 2019 12:41:41 -0800
Date: Tue, 19 Feb 2019 15:41:38 -0500
From: Robert Story <rstory@isi.edu>
To: Mark Andrews <marka@isc.org>
Cc: Tom Pusateri <pusateri@bangj.com>, dnsop WG <dnsop@ietf.org>
Message-ID: <20190219154138.49ad5256@titan.int.futz.org>
In-Reply-To: <205A5BE4-C2B0-4314-B83C-B90D05766C3E@isc.org>
References: <155053239541.25848.12960190085730298684.idtracker@ietfa.amsl.com> <969D8BA1-6ED3-47E8-AFFD-2BEE8EA3E66B@bangj.com> <EEF5A840-432E-4E87-A4C6-8C44DB733BC4@isc.org> <C890EB92-59A3-4C70-865F-1C62DEC7FE1E@bangj.com> <205A5BE4-C2B0-4314-B83C-B90D05766C3E@isc.org>
Organization: USC Information Sciences Institute
X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jPI_Bs4RvpoW8QpU0VAsI_kqs3I>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2019 20:41:43 -0000

On Tue 2019-02-19 12:28:08+1100 Mark wrote:
> Where is the need to use SHA-3?  This is introducing a new algorithm
> for the sake of introducing a new algorithm.  Just because TLS 1.3
> uses SHAKE128 is not a reason for DNS to use SHAKE128.  There are
> plenty of platforms that don’t need to use TLS at all.  They don’t
> have web interfaces.  Transaction security is provided by something
> other than TLS.
> 
> There are also lots of old server platforms that just won’t ever
> upgrade their OpenSSL package.  Adding SHA-3 creates yet another
> dependancy / impediment-to upgrading the DNS server.

I agree with Mark. Even the draft says:

5.  Cryptographic Hash Requirements

   The cryptographic hash algorithm used SHOULD provide the following
   properties:

   1.  Well known algorithm with implementations easily available

I have no objections to SHAKE128 being one of the supported algorithms,
but one of the SHA-2 algorithms should be selected for MUST implement.

-- 
Robert Story <http://www.isi.edu/~rstory>
USC Information Sciences Institute <http://www.isi.edu/>