Re: [DNSOP] Call for Adoption draft-wouters-sury-dnsop-algorithm-update
"Paul Hoffman" <paul.hoffman@vpnc.org> Tue, 28 February 2017 21:45 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49FD51296B4 for <dnsop@ietfa.amsl.com>; Tue, 28 Feb 2017 13:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlxE8i4sB_3q for <dnsop@ietfa.amsl.com>; Tue, 28 Feb 2017 13:45:08 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C29B8129537 for <dnsop@ietf.org>; Tue, 28 Feb 2017 13:45:08 -0800 (PST)
Received: from [10.32.60.87] (142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id v1SLj5gF020172 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dnsop@ietf.org>; Tue, 28 Feb 2017 14:45:06 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176] claimed to be [10.32.60.87]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: dnsop <dnsop@ietf.org>
Date: Tue, 28 Feb 2017 13:45:06 -0800
Message-ID: <85834F4E-C2BB-4912-8275-3C006B1E41F3@vpnc.org>
In-Reply-To: <alpine.LRH.2.20.1702281627360.22841@bofh.nohats.ca>
References: <78013346-6100-f7e6-a3c8-87d2f92533d8@gmail.com> <F40B69DF-6391-4008-A7CD-C85277952D8A@dnss.ec> <alpine.LRH.2.20.1702281627360.22841@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/u2yN0u6MmiR_lDNjNr9Gyk-IWKo>
Subject: Re: [DNSOP] Call for Adoption draft-wouters-sury-dnsop-algorithm-update
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 21:45:10 -0000
The recommendations in the document are completely unclear if it is talking about: - what should be in signer implementations - what should be in validator implementations - what someone who is starting to sign today SHOULD/MUST use - what someone who is already signing SHOULD/MUST use I think those four lists are probably different. Before the document is picked up by the WG, it would be good if it made clear which lists it is for. My personal feeling is that if we do the third, we should say MUST NOT with any SHA1 algorithm because they're going to get nailed in the future by people who refuse to validate it. If we do the fourth, I would say SHOULD NOT use now and SHOULD change within two years (or some moral equivalent of that). --Paul Hoffman
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Roy Arends
- [DNSOP] Call for Adoption draft-wouters-sury-dnso… Tim Wicinski
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Rose, Scott
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Hoffman
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Roy Arends
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Roy Arends
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Roy Arends
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Tony Finch
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Petr Špaček
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Petr Špaček
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Roy Arends
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… Paul Wouters
- [DNSOP] draft-arends-dnsop-dnssec-algorithm-update Michael StJohns
- Re: [DNSOP] draft-arends-dnsop-dnssec-algorithm-u… Doug Barton
- Re: [DNSOP] Call for Adoption draft-wouters-sury-… tjw ietf
- Re: [DNSOP] draft-arends-dnsop-dnssec-algorithm-u… Michael StJohns