Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
Eric Rescorla <ekr@rtfm.com> Wed, 06 January 2021 22:01 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99F583A1318 for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 14:01:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ngupUHKrPY2 for <dnsop@ietfa.amsl.com>; Wed, 6 Jan 2021 14:01:27 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D22FE3A07C8 for <dnsop@ietf.org>; Wed, 6 Jan 2021 14:01:26 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id h22so10105316lfu.2 for <dnsop@ietf.org>; Wed, 06 Jan 2021 14:01:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3OQFA/uP+BrwN95RIoxdCzTiBpV4w7wFQ/rG8A3GRf8=; b=O8YNBjG8+ePKTv+ECem33BARPfoKcYE/9jPx7bo+BB46VIpX/APxbdAI7z2euhABdQ P1F81eUjhNveLJ9NTexbN7pOjmZF/sZERoE/POSe7nv3p8Lq9iLsdLkh9f54lyjhR5kr xfnirw0J97MaOO0tzYmcCpO+29eTxvi9rsbWzy9YhsWEWPEfH3xJCcja9HGFE286bElu Y/1HtWVSErHU3PEVrGhv+ZQEEqqOLVY4v+xrTOPUCnYRcfKnglIRuUsO8he5j+a9NKYD +hoKDx8iDI9iCq1PZWoYKigRL99KTO2oWFMMqeIzlGQBxpEIUFMeuMifOHxoM/aITmCJ 4ukg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3OQFA/uP+BrwN95RIoxdCzTiBpV4w7wFQ/rG8A3GRf8=; b=fw9aEthWyqOeEbIV/3oRKT//3XYjmEPBNnpsCjj+kUhCJ9L59QG9tXKTrfOPVDIHFR fUMWg0JwRUl+o16pm0zWzspfEpDRRenfqaUhNier6oD3BUBY+mTxcPoyBXTAO1KSIv6v JK2q3xcqoPUoFxASXme+ia5Z6WpRH79lo4SqbeR935ZiNsGGyU9b6WVWEGvm6HZCB0BV yigjFGlN0wR9VjxVehdE9YQY3uyB80mgND/S3lbo5d2nWtszshvxKrDMbPirBT2YYhBh YmYm0Gb6gvinQOi/FjwdI+84bJIknh+sxfLC5oHcgu7k6PB1PKGmTliQ28pHaIFVS6zS mRDg==
X-Gm-Message-State: AOAM530t72cgbLXvF3cveKx5lmThNPk0m+4V+m0j2TSt0xNtCAyU7voM ecYAP8Rx+dGFY7aTN2c1rdgUfQd20C4kEO8QxUq5BzQsdyrRMw==
X-Google-Smtp-Source: ABdhPJz0uNdlhyKziSlE34N3gNBXHa59Umffn1RszV8p2lMBDiwS3zB56qdf+AH7Vpg9FqyI3cVfIDBf2hVl6orVFtU=
X-Received: by 2002:a2e:918f:: with SMTP id f15mr2696844ljg.82.1609970485028; Wed, 06 Jan 2021 14:01:25 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTkn1QuvjencR8+wVtQ9bzQHJT9JXXNku1LPr3YRmRt4KQg@mail.gmail.com> <CABcZeBMr5Muijx5V7Se1UcxTB9DbAzF1iXZb7_FzEGfw982x8w@mail.gmail.com> <65e3288d-bdfe-ff10-2fbc-63a5d2dd9508@cs.tcd.ie> <797AAE77-2D50-4189-81D8-44BA495146F5@icann.org> <546e60c6-b109-8552-dfb4-7d3ba2ecbc71@cs.tcd.ie> <E58B4013-9491-43ED-83C9-250FF7647570@icann.org> <0746397c-ed85-429c-ff6e-a4a559520e86@cs.tcd.ie> <487928351.1557.1609759876775@appsuite-gw1.open-xchange.com> <60ba1f68-b07f-7a06-539f-60ce442ffbff@cs.tcd.ie> <195eb4c7-306f-97e1-b0df-f6678ebe732@nohats.ca> <ebb27f27-a243-67cd-2b5c-d2ecea741942@cs.tcd.ie> <24505bb1-cf40-25a7-337c-9b50fedfedc1@nohats.ca> <98299ffc-056b-16ee-1929-78543f5ec6d5@cs.tcd.ie> <F66DA99B-910E-4324-895D-F617B447612F@gmail.com> <CAHbrMsAqNXENeP2AdkEs7OC+YL6_z9VU89B7mNu3qOFBc7PQ=A@mail.gmail.com> <3a914ab5-2744-cec0-bbc8-bf39ec64a051@nohats.ca> <CAHbrMsDAMsXzAhcu35_GqL54JNF2jO-HhYWEZyE2VLP=V8dN5A@mail.gmail.com> <47a8a8df-c4d8-78e-ec5e-cfdc6daea130@nohats.ca> <BE8EEAE6-A33A-41FF-908E-821FB3850422@icann.org>
In-Reply-To: <BE8EEAE6-A33A-41FF-908E-821FB3850422@icann.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 06 Jan 2021 14:00:48 -0800
Message-ID: <CABcZeBNi=RzB6=Yz2oXsjqvo30d9bqDYeicp0==K65iJ8E9qGg@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dbfe9105b84276eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yESSIJTfUsHVhnrku1xluYPCIlU>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-hoffman-dnssec-iana-cons
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 22:01:29 -0000
On Wed, Jan 6, 2021 at 1:30 PM Paul Hoffman <paul.hoffman@icann.org> wrote: > On Jan 6, 2021, at 1:19 PM, Paul Wouters <paul@nohats.ca> wrote: > > Remember also that TLS ciphers are negotiated. > > A better analogy might be "although TLS key exchange and encryption > ciphers are negotiated, the signing algorithm on the server's certificate > is not negotiated". DNSSEC signing is much more akin to the latter, I think. > > > There is no negotiation > > in DNSSEC. > > Quite right, just as there is no negotiation for the authentication in TLS. > This is not strictly correct: TLS allows both the client and the server to advertise their supported signature algorithms, which can be used by the peer to guide certificate selection. -Ekr
- [DNSOP] Call for Adoption: draft-hoffman-dnssec-i… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Olafur Gudmundsson
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Tim Wicinski
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Valery Smyslov
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Daniel Migault
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Vittorio Bertola
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Vixie
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Stephen Farrell
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- [DNSOP] Code Point Assignment Suggestion - was Re… Brian Dickson
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Василий Долматов
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Василий Долматов
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Jim Reid
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-hoffma… Eric Rescorla