IETF Logo Mail Archive

Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost

John R Levine <johnl@taugh.com> Thu, 02 May 2024 16:38 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B7AC14F683 for <dnsop@ietfa.amsl.com>; Thu, 2 May 2024 09:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="XntzVa4D"; dkim=pass (2048-bit key) header.d=taugh.com header.b="KHOKEU2W"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HZWkxIpwij1x for <dnsop@ietfa.amsl.com>; Thu, 2 May 2024 09:38:46 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EA2FC14F68B for <dnsop@ietf.org>; Thu, 2 May 2024 09:38:46 -0700 (PDT)
Received: (qmail 30617 invoked from network); 2 May 2024 16:38:44 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=778a6633c194.k2405; bh=fZbicKjvLSON9IguiTu0vi2vOc9NlDihDVQgcTtlHZo=; b=XntzVa4DyCv+oBlXJ+e1i3V25v6Obhi5HNkg5HS4/8InBMjlUOdr9bt8UG/UpyiCRQOFil0otXqKnm2erL/0bmvZxdQmL0LYCC4Aw5T08RQly2u943xCRPZsQdPAZAmrkv629pXKSuvLLVfJaJCxBNUJaf0y0KwhBRIHt1pmXjPCzaXsKWfKaByOPgL5XetcDOkw1QYb99ESsoQW1NB7m9XtcHLAmCnl6HLD6q9Mam60Qohhfg+61gDMbsjfwWvICPfYMJ/jzrkOTXOVT3ADO2nLM13VSkYQdbZV/3hG8iYGYTtA5RpEMZRwN0B+USowwE94OXSHWkuyLZz5/ReTQw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=778a6633c194.k2405; bh=fZbicKjvLSON9IguiTu0vi2vOc9NlDihDVQgcTtlHZo=; b=KHOKEU2W4qtgAHy4gtYKZU4RtsKA9moqumSEkNjDWtm5wT553QoH3PxkWXUaNui933eMBu0RmqAxV5gcVGj4gHNuDxAZb0fa6l/QxXp8zNRs636tpVqCXMGGWJ486B2HWWS0SNZx+9sCXLJXBblQP0Fd9RTj7YJfkaohmlsIdEXYm8JqeA+NnxymXKMg+RiPQbJb6gV/SO+uTgOUdpEttbsqxjUKwEoKOQaacXisVHyMsQGc47HoUqvdrGX+fIo711EaDEsoGaRiUh40yYXfrkq40pF0HZk/rgXG93UFys/g76+zQo/4MotkY7+3udkGbm5l36WvcfNw4Xv+iBqm4Q==
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 02 May 2024 16:38:44 -0000
Received: by ary.local (Postfix, from userid 501) id 4E14789F5255; Thu, 2 May 2024 12:38:44 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.local (Postfix) with ESMTP id AB21F89F5237; Thu, 2 May 2024 12:38:44 -0400 (EDT)
Date: Thu, 02 May 2024 12:38:44 -0400
Message-ID: <17fd45e6-56e5-0af4-52bb-7d34acc0e07c@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Scott Morizot <tmorizot@gmail.com>
Cc: dnsop@ietf.org
X-X-Sender: johnl@ary.local
In-Reply-To: <CAFy81rmokg3f=WYCVGDHyizMRn47w+25+tteihDPAL9Tr9gGyA@mail.gmail.com>
References: <m1s2VGb-0000LcC@stereo.hq.phicoh.net> <a208a6ae-f476-0b53-15eb-4e289a1cbabe@taugh.com> <CAFy81rmar-AOPNgbsURDi2i808WH5V_VhuT7byYVFmJVGn2aoQ@mail.gmail.com> <3fc7acdf-783f-fc90-f6b3-eb466c0b5043@taugh.com> <CAFy81rmokg3f=WYCVGDHyizMRn47w+25+tteihDPAL9Tr9gGyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kqyHIQYECQuwF3nURu3IONE1fmY>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2024 16:38:51 -0000

On Thu, 2 May 2024, Scott Morizot wrote:

> I think we need a clean update to RFC 8624 first that includes 
> instructions to IANA to update the table. I don't think the current 
> draft does that very well. And since the IANA table already has a Zone 
> Signing column, I think we just want to change that one so it has more 
> than a yes/no option per algorithm and then add a Validation column.

I think we're agreeing that it would be a good idea to continue to 
discourage SHA1, but not a good idea to surprise people by making it 
suddenly stop working, a la Redhat.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status