[DNSOP] Fwd: Re: [saag] code points for brainpool curves for DNSSEC
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 10 December 2015 09:42 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E6CD1A8865 for <dnsop@ietfa.amsl.com>; Thu, 10 Dec 2015 01:42:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exkbfGeprBsu for <dnsop@ietfa.amsl.com>; Thu, 10 Dec 2015 01:42:54 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F4701A885B for <dnsop@ietf.org>; Thu, 10 Dec 2015 01:42:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1C3BCBE64 for <dnsop@ietf.org>; Thu, 10 Dec 2015 09:42:53 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IH-XMgmu625 for <dnsop@ietf.org>; Thu, 10 Dec 2015 09:42:51 +0000 (GMT)
Received: from [10.0.10.19] (unknown [212.76.224.242]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B3A19BE54 for <dnsop@ietf.org>; Thu, 10 Dec 2015 09:42:50 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1449740571; bh=zuXSE0kHUkBTqymbUOnzluff68mCHFXA0mHVyIkoI2Y=; h=Subject:References:To:From:Date:In-Reply-To:From; b=fyEsA+m4f1UhbKP14N/roPmI0oRmmXfCVDAd4lblk5pEpHAyQFEq4l9I3LymxzR/F vjoBtqfEpoM1Rq4yeFZrFykVU8JuahWwcr9WfY6GYVdCsphFfSs4ZY53l+fDOwZXhc WuTvSlqxYRF//Spwbk7yHCIWPypXkAc3dU11/6jA=
References: <56694845.4000102@cs.tcd.ie>
To: dnsop@ietf.org
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
X-Forwarded-Message-Id: <56694845.4000102@cs.tcd.ie>
Message-ID: <5669491A.10301@cs.tcd.ie>
Date: Thu, 10 Dec 2015 09:42:50 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <56694845.4000102@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="PxwpEHc9GkkdjnwjfWQaelkgUGJvbKmNt"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/jfGjceC2UEee4QoQpoQMToPU2nE>
Subject: [DNSOP] Fwd: Re: [saag] code points for brainpool curves for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 09:42:56 -0000
FYI. Please continue to follow up on the saag list for now so the discussion (if more is needed) is in one place. (And thanks for doing that so far.) S. -------- Forwarded Message -------- Subject: Re: [saag] [DNSOP] code points for brainpool curves for DNSSEC Date: Thu, 10 Dec 2015 09:39:17 +0000 From: Stephen Farrell <stephen.farrell@cs.tcd.ie> To: saag@ietf.org Thanks all, that's sufficient feedback for me to propose to the IESG that we return a "potentially disrupts, so please do not publish now" 5742 response so I have proposed that to the IESG. Additional discussion of reasons to not do this allocation now may therefore be redundant. Discussion of what to do in future is still welcome, and if that doesn't happen I at least will raise the issue on the list for the in-formation curdle WG. [1] The text I've proposed is at [2], feel free to suggest edits, but that can be done offlist. Cheers, S. [1] https://datatracker.ietf.org/doc/charter-ietf-curdle/ [2] https://datatracker.ietf.org/doc/conflict-review-schmidt-brainpool-dnssec/ On 10/12/15 09:15, Patrik Fältström wrote: > I have nothing to add to what Ãlafur wrote below. I agree with his statement. > > Patrik > > On 10 Dec 2015, at 1:33, Ãlafur Guðmundsson wrote: > >> Stephen, >> >> Sorry for being so blunt below. >> >> The document totally content free as to why this makes any sense in an operational context. >> DNSSEC algorithms should not be given out lightly as there is a significant COST to deploy support for each additional algorithm. >> >> While I strongly support having better ECC algorithm that the currently specified curves, adding a new ones SHOULD take place via a performance oriented process. >> Thus I strongly advocate that this publication be held up until we can compare this curve with other curves being proposed. >> >> Background I'm currently fighting an multifaceted battle to have various entities adding support for ECDSAP256, specified over 3 years ago. >> >> Adding and deploying a new DNSKEY algorithm does not just require changes to >> -- DNS servers, libraries and resolvers. >> >> That is just the top of the iceberg, but also to >> - DNS provisioning systems, DNSSEC signing systems, DNS testing tools, - user interfaces for registrars, hosting providers, third party DNS operators, CDN's, etc. >> - TLD and ccTLD policy documents, EPP implementations, plus in some cases security evaluations, >> - not to mention firewalls, network monitoring tools .... >> and number of other things I had no idea existed and majority of which is not maintained anymore. >> >> There are only so many times that one can get everyone's attention to upgrade DNS stuff, thus requiring the change process to be run should not be taken lightly. >> If on the other hand if the editors are only interested in vanity algorithm assignment without any deployment then ........... >> >> Olafur >> >> >> On Wed, Dec 9, 2015 at 4:00 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> >> wrote: >> >>> >>> >>> >>> -------- Forwarded Message -------- >>> Subject: code points for brainpool curves for DNSSEC >>> Date: Wed, 9 Dec 2015 18:00:18 +0000 >>> From: Stephen Farrell <stephen.farrell@cs.tcd.ie> >>> To: saag@ietf.org >>> >>> >>> Hiya, >>> >>> The brainpool folks have written an I-D [1] that they are pushing >>> through the rfc editor's independent stream. [2] >>> >>> That I-D wants to register code points for using their curves for >>> DNSSEC. >>> >>> For documents that come through the independent stream, the IESG >>> does an RFC 5742 [3] conflict review. The purpose of that review >>> is to check that the RFC doesn't conflict with ongoing work in >>> the IETF. >>> >>> If you have thoughts on this, please let me know before Dec 17th. >>> I'll forward this to the dnsop, cfrg and curdle mailing lists >>> to check there too. Apologies if you get >1 copy of this. Please >>> try follow up on the saag list if you can. >>> >>> Thanks, >>> Stephen. >>> >>> >>> [1] https://tools.ietf.org/html/draft-schmidt-brainpool-dnssec >>> [2] https://www.rfc-editor.org/pubprocess/ >>> [3] https://tools.ietf.org/html/rfc5742 >>> >>> >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >>> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Fwd: code points for brainpool curves for… Stephen Farrell
- Re: [DNSOP] [saag] code points for brainpool curv… Phillip Hallam-Baker
- Re: [DNSOP] Fwd: code points for brainpool curves… Ólafur Guðmundsson
- Re: [DNSOP] code points for brainpool curves for … Patrik Fältström
- [DNSOP] Fwd: Re: [saag] code points for brainpool… Stephen Farrell
- Re: [DNSOP] Fwd: Re: [saag] code points for brain… Edward Lewis
- Re: [DNSOP] Fwd: Re: [saag] code points for brain… Edward Lewis