IETF Logo Mail Archive

Re: [DNSOP] Call for Adoption: draft-belyavskiy-rfc5933-bis

Eric Rescorla <ekr@rtfm.com> Thu, 18 June 2020 13:42 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 755DF3A0F53 for <dnsop@ietfa.amsl.com>; Thu, 18 Jun 2020 06:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMZa5RQerxKL for <dnsop@ietfa.amsl.com>; Thu, 18 Jun 2020 06:42:28 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FFA23A0F52 for <dnsop@ietf.org>; Thu, 18 Jun 2020 06:42:28 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id i3so7303886ljg.3 for <dnsop@ietf.org>; Thu, 18 Jun 2020 06:42:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YWZdFRI/h61XCafR9QWQHvL8YmW0B6RF53jwKvZXM1o=; b=dQ5YIVnbdHcPDzaZzTMrWx1vSnAoY1OW/XjY1kuxEJO3CfRx02RuNZDcuSftbf8Wby AmGvQXr7bqZpKsdTny9PUIe+VzXBORgnPNrkyWNEAkl/orScxKznLqoNy2aus5qRAerN Iwamw7ZorjyzQnC20i4Y0w4VqzQLvameeBU1wRLahvuLmGmekEmrT5xypjKHvDATxTg7 vMaHAHiTn/8+OxqrX04CAdyU8dYXgCc8eKtzf2zxuwC9zfCwMU8TlaOGSLXMsFtnpdYT IsQNbNEh1ABOxoEYuk+dPvoFLcDuTwAYpJH3bUbHEVMbJ2Tn80GOe2A+OtSbTBwIVaCn kOUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YWZdFRI/h61XCafR9QWQHvL8YmW0B6RF53jwKvZXM1o=; b=HOvrGxQvca3Q4mhjJPz4oReOHTv8sBJTK9GVJLKcsF2t/GuYVHy9dk5CytY9sgx0UH l3Ap1DDLSee1IClG53h4DZK0fCvm2ZxGCM6oBwOLPsFrWIjjBQPlB+TLER7s7StR8px1 xY8IieTIZSB8ODzYIn4GhS1sS03pehVNn3WBBAuoY/dYQ4Un2rkoAQPH7pCrJ59kXJ3P JAXLppPAdSi5FNyiBUUV9AhZyyvoGxLfBgLOmN6OrCVFxf6m9ayrQ8fTb/8fohZeHF8V oRuSNsCnhCvIaLs3wXL4r8YC/UUoXm15NJr1NSym0VGvmmpivzi/iPQaszda5j+wSHIW gA2w==
X-Gm-Message-State: AOAM530mHqdTdFKvt9s79ijDp+zu/d60ipM23Hb4xziU6fj2j837cNue Or2dmQ9piLFiNSe/Py39hb/BozTiaWtx4v9i0BFgY1R4TtnnXQ==
X-Google-Smtp-Source: ABdhPJyOuRWQ+19q0gptk2+4do9XAueQ6Au/fd1cnyrTHWi577mJjnMlUOHnz+9o6miiw5jTIZjYZ78Tso5HZrc/ITs=
X-Received: by 2002:a05:651c:299:: with SMTP id b25mr2611600ljo.13.1592487746749; Thu, 18 Jun 2020 06:42:26 -0700 (PDT)
MIME-Version: 1.0
References: <CADyWQ+H4713BnZDntTuVW0FrO59zZ9NFJ=J=n9JFFq2zmfy2pQ@mail.gmail.com> <A930F8C6-9C33-4933-AC37-579ACEF5B325@ogud.com> <7FF83D52-F20B-4FF2-82AA-416835FCA5F4@isc.org> <CADqLbzJsJ6etv-eZuabLsMO4g+XYgktgpuP-fTNSi1cFTwdOGg@mail.gmail.com> <68eb8413-8704-40a3-9765-7eb19ebd0e78@www.fastmail.com>
In-Reply-To: <68eb8413-8704-40a3-9765-7eb19ebd0e78@www.fastmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 18 Jun 2020 06:41:50 -0700
Message-ID: <CABcZeBORz-ustvXvrYaMm15rAHUfA3zR8Sr3ZscLWB6YJ6-s8w@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000074614905a85bf2a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qr0puJTCMl9GBerJmDSziuatI2U>
Subject: Re: [DNSOP] Call for Adoption: draft-belyavskiy-rfc5933-bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 13:42:30 -0000

On Wed, Jun 17, 2020 at 8:51 PM Martin Thomson <mt@lowentropy.net> wrote:

> I agree with Olafur on this.  The reason we standardize is so that we can
> have a single - ideally very small - set of algorithms that are widely
> implemented.  Because you want every one of those algorithms in every
> implementation.
>
> In a system like the DNS, you can't really limit the people who might need
> to consume your signature, so the set of acceptable signing algorithms
> needs to be small.  Ideally you have just two: one that is established, and
> one that is new; or one using one technique and a backup using a different
> technique.
>
> TLS has mostly gotten this part right.  We're much closer to the point of
> having just two in TLS 1.3.  There are a few algorithms that exist to
> address narrow application domains (IoT, *cough*), but at least you can
> make a case for TLS deployments in a closed environment.  For that case,
> TLS allows for codepoint allocation, but avoids an IETF recommendation for
> those algorithms.  I don't think that DNS needs that same capability;
> deciding based on whether algorithms are good for global system is the only
> relevant criterion.
>
> If we all agree that GOST is superior to RSA (it probably is) and EdDSA (I
> doubt it, but I don't have an opinion), then adoption to replace an
> existing algorithm would be fine.  That didn't happen last time, so that
> suggests it would be better for RFC 5933 to be deprecated entirely.
>

largely concur with MT and Olafur.

At a high level, additional algorithms create additional complexity
and interoperability issues. In some cases there are good reasons for
that (for instance, one algorithm is much faster than another),
however that does not appear to be the case here. In the past we were
often quite liberal about standardizing national algorithms but I
believe this was a mistake which created confusion about what
algorithms the IETF actually was encouraging people to use. In
addition to the factors that Martin notes, it created pressure on
implementations to add those algorithms.

I don't see any good argument for the IETF recommending that people
adopt this algorithm, which does not seem to be in any way clearly
superior to EdDSA and which would open the door to us recommending a
proliferation of other national algorithms which also don't seem to
have any real technical advantages. As MT says, the argument for
assigning a code point while not recommending the algorithm seems
weaker here because you want DNSSEC signed data to be universally
verifiable.

My preference would be to not publish this at all, but if it is to
be published, do so in a way that makes clear that the IETF is just
allocating the code point and does not recommend it.

-Ekr

>
>

v2.23.0 | Report a Bug | By Email