Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard

Mats Dufberg <mats.dufberg@internetstiftelsen.se> Fri, 15 February 2019 16:20 UTC

Return-Path: <mats.dufberg@internetstiftelsen.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982B91310E3 for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 08:20:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.189
X-Spam-Level:
X-Spam-Status: No, score=-4.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOwBz2m3sbFA for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 08:20:33 -0800 (PST)
Received: from relay2.iis.se (relay2.iis.se [IPv6:2001:67c:124c:2007::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F320130FDA for <dnsop@ietf.org>; Fri, 15 Feb 2019 08:20:32 -0800 (PST)
Received: from exchange01.office.nic.se (unknown [2001:67c:124c:100e::20]) by relay2.iis.se (Halon) with ESMTPS id 9af4a250-313d-11e9-86d2-00505682e997; Fri, 15 Feb 2019 16:20:27 +0000 (UTC)
Received: from exchange02.office.nic.se (2001:67c:124c:2043::25) by exchange01.office.nic.se (2001:67c:124c:100e::20) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 15 Feb 2019 17:20:27 +0100
Received: from exchange02.office.nic.se ([fe80::681b:9cef:675b:d880]) by exchange02.office.nic.se ([fe80::681b:9cef:675b:d880%14]) with mapi id 15.00.1347.000; Fri, 15 Feb 2019 17:20:26 +0100
From: Mats Dufberg <mats.dufberg@internetstiftelsen.se>
To: "ietf@ietf.org" <ietf@ietf.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard
Thread-Index: AQHUw9KLGKozXl4ll0SlO9p22BRRN6XhDRIA
Date: Fri, 15 Feb 2019 16:20:26 +0000
Message-ID: <811668FC-D40D-495D-B209-4CF1CDA8F31D@iis.se>
References: <155008617010.9548.7174990317415826094.idtracker@ietfa.amsl.com>
In-Reply-To: <155008617010.9548.7174990317415826094.idtracker@ietfa.amsl.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.7.190210
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:67c:124c:5124::1279]
Content-Type: text/plain; charset="utf-8"
Content-ID: <ACCEDBC880AF1B4992BDB6F931C45D35@iis.se>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sHdnirml04tL70ZezL4F-VvD71Q>
X-Mailman-Approved-At: Sun, 17 Feb 2019 11:47:04 -0800
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 16:22:33 -0000

The table in section 3.3 ("DS and CDS Algorithms") of the draft states that SHA-1 is "MUST NOT" for "DNSSEC Delegation" but in the narrative text under the table it states "SHA-1 [...] is NOT RECOMMENDED for use in generating new DS and CDS records."

The two statements should be consistent in the final RFC.


Yours,
Mats

---
Mats Dufberg
DNS Specialist, IIS
Mobile: +46 73 065 3899
https://www.iis.se/en/
 

-----Original Message-----
From: DNSOP <dnsop-bounces@ietf.org> on behalf of The IESG <iesg-secretary@ietf.org>
Reply-To: "ietf@ietf.org" <ietf@ietf.org>
Date: Wednesday, 13 February 2019 at 20:30
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, "draft-ietf-dnsop-algorithm-update@ietf.org" <draft-ietf-dnsop-algorithm-update@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>
Subject: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard

    
    The IESG has received a request from the Domain Name System Operations WG
    (dnsop) to consider the following document: - 'Algorithm Implementation
    Requirements and Usage Guidance for DNSSEC'
      <draft-ietf-dnsop-algorithm-update-05.txt> as Proposed Standard
    
    The IESG plans to make a decision in the next few weeks, and solicits final
    comments on this action. Please send substantive comments to the
    ietf@ietf.org mailing lists by 2019-02-27. Exceptionally, comments may be
    sent to iesg@ietf.org instead. In either case, please retain the beginning of
    the Subject line to allow automated sorting.
    
    Abstract
    
    
       The DNSSEC protocol makes use of various cryptographic algorithms in
       order to provide authentication of DNS data and proof of non-
       existence.  To ensure interoperability between DNS resolvers and DNS
       authoritative servers, it is necessary to specify a set of algorithm
       implementation requirements and usage guidelines to ensure that there
       is at least one algorithm that all implementations support.  This
       document defines the current algorithm implementation requirements
       and usage guidance for DNSSEC.  This document obsoletes [RFC6944].
    
    
    
    
    The file can be obtained via
    https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/
    
    IESG discussion can be tracked via
    https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/ballot/
    
    
    No IPR declarations have been submitted directly on this I-D.
    
    
    
    
    _______________________________________________
    DNSOP mailing list
    DNSOP@ietf.org
    https://www.ietf.org/mailman/listinfo/dnsop