Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard
Mats Dufberg <mats.dufberg@internetstiftelsen.se> Fri, 15 February 2019 16:20 UTC
Return-Path: <mats.dufberg@internetstiftelsen.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982B91310E3 for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 08:20:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.189
X-Spam-Level:
X-Spam-Status: No, score=-4.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOwBz2m3sbFA for <dnsop@ietfa.amsl.com>; Fri, 15 Feb 2019 08:20:33 -0800 (PST)
Received: from relay2.iis.se (relay2.iis.se [IPv6:2001:67c:124c:2007::38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F320130FDA for <dnsop@ietf.org>; Fri, 15 Feb 2019 08:20:32 -0800 (PST)
Received: from exchange01.office.nic.se (unknown [2001:67c:124c:100e::20]) by relay2.iis.se (Halon) with ESMTPS id 9af4a250-313d-11e9-86d2-00505682e997; Fri, 15 Feb 2019 16:20:27 +0000 (UTC)
Received: from exchange02.office.nic.se (2001:67c:124c:2043::25) by exchange01.office.nic.se (2001:67c:124c:100e::20) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 15 Feb 2019 17:20:27 +0100
Received: from exchange02.office.nic.se ([fe80::681b:9cef:675b:d880]) by exchange02.office.nic.se ([fe80::681b:9cef:675b:d880%14]) with mapi id 15.00.1347.000; Fri, 15 Feb 2019 17:20:26 +0100
From: Mats Dufberg <mats.dufberg@internetstiftelsen.se>
To: "ietf@ietf.org" <ietf@ietf.org>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard
Thread-Index: AQHUw9KLGKozXl4ll0SlO9p22BRRN6XhDRIA
Date: Fri, 15 Feb 2019 16:20:26 +0000
Message-ID: <811668FC-D40D-495D-B209-4CF1CDA8F31D@iis.se>
References: <155008617010.9548.7174990317415826094.idtracker@ietfa.amsl.com>
In-Reply-To: <155008617010.9548.7174990317415826094.idtracker@ietfa.amsl.com>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.7.190210
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:67c:124c:5124::1279]
Content-Type: text/plain; charset="utf-8"
Content-ID: <ACCEDBC880AF1B4992BDB6F931C45D35@iis.se>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sHdnirml04tL70ZezL4F-VvD71Q>
X-Mailman-Approved-At: Sun, 17 Feb 2019 11:47:04 -0800
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 16:22:33 -0000
The table in section 3.3 ("DS and CDS Algorithms") of the draft states that SHA-1 is "MUST NOT" for "DNSSEC Delegation" but in the narrative text under the table it states "SHA-1 [...] is NOT RECOMMENDED for use in generating new DS and CDS records." The two statements should be consistent in the final RFC. Yours, Mats --- Mats Dufberg DNS Specialist, IIS Mobile: +46 73 065 3899 https://www.iis.se/en/ -----Original Message----- From: DNSOP <dnsop-bounces@ietf.org> on behalf of The IESG <iesg-secretary@ietf.org> Reply-To: "ietf@ietf.org" <ietf@ietf.org> Date: Wednesday, 13 February 2019 at 20:30 To: IETF-Announce <ietf-announce@ietf.org> Cc: Tim Wicinski <tjw.ietf@gmail.com>, "draft-ietf-dnsop-algorithm-update@ietf.org" <draft-ietf-dnsop-algorithm-update@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org> Subject: [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-update-05.txt> (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Algorithm Implementation Requirements and Usage Guidance for DNSSEC' <draft-ietf-dnsop-algorithm-update-05.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-02-27. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The DNSSEC protocol makes use of various cryptographic algorithms in order to provide authentication of DNS data and proof of non- existence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify a set of algorithm implementation requirements and usage guidelines to ensure that there is at least one algorithm that all implementations support. This document defines the current algorithm implementation requirements and usage guidance for DNSSEC. This document obsoletes [RFC6944]. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dnsop-algorithm-update/ballot/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Last Call: <draft-ietf-dnsop-algorithm-up… The IESG
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Mats Dufberg
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Paul Wouters
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Mats Dufberg
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Peter van Dijk
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Warren Kumari
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Peter van Dijk
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Paul Wouters
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Warren Kumari
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Michael Sinatra
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Paul Wouters
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-algorith… Warren Kumari