draft-ietf-dnsext-dnssec-gost

Stephen Kent <kent@bbn.com> Thu, 11 February 2010 17:56 UTC

Mime-Version: 1.0
Message-Id: <p06240806c799d87e7406@[128.89.89.170]>
Date: Thu, 11 Feb 2010 12:57:26 -0500
To: ietf@ietf.org
From: Stephen Kent <kent@bbn.com>
Subject: draft-ietf-dnsext-dnssec-gost
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: list

I recommend that the document not be approved by the IESG in its 
current form.  Section 6.1 states:

>6.1.  Support for GOST signatures
>
>    DNSSEC aware implementations SHOULD be able to support RRSIG and
>    DNSKEY resource records created with the GOST algorithms as
>    defined in this document.

There has been considerable discussion on the security area 
directorate list about this aspect of the document. All of the SECDIR 
members who participated in the discussion argued that the text in 
6.1 needs to be changed to MAY from SHOULD. The general principle 
cited in the discussion has been that "national" crypto algorithms 
like GOST ought not be cited as MUST or SHOULD in standards like 
DNESEC. I refer interested individuals to the SECDIR archive for 
details of the discussion.

(http://www.ietf.org/mail-archive/web/secdir/current/maillist.html)

Steve

Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
draft-ietf-dnsext-dnssec-gost Stephen Kent
Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
Re: draft-ietf-dnsext-dnssec-gost Richard L. Barnes
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Michael Dillon
Re: draft-ietf-dnsext-dnssec-gost Sean Turner
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Sean Turner
Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
Re: draft-ietf-dnsext-dnssec-gost Stephen Farrell
Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost David Conrad
Re: draft-ietf-dnsext-dnssec-gost Edward Lewis
Re: draft-ietf-dnsext-dnssec-gost Sean Turner
Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
Re: draft-ietf-dnsext-dnssec-gost ned+ietf
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
RE: draft-ietf-dnsext-dnssec-gost Rex, Martin
Re: draft-ietf-dnsext-dnssec-gost Spencer Dawkins
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Mark Andrews
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
Re: draft-ietf-dnsext-dnssec-gost Martin Rex
Re: draft-ietf-dnsext-dnssec-gost Ran Atkinson
Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson