Re: draft-ietf-dnsext-dnssec-gost

Stephen Kent <> Fri, 12 February 2010 15:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E70BD3A78D9 for <>; Fri, 12 Feb 2010 07:56:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id H7coX6HerzF4 for <>; Fri, 12 Feb 2010 07:56:41 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0A8443A78D7 for <>; Fri, 12 Feb 2010 07:56:41 -0800 (PST)
Received: from ([] helo=[]) by with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <>) id 1Nfxu2-000AnG-TZ; Fri, 12 Feb 2010 10:57:59 -0500
Mime-Version: 1.0
Message-Id: <p06240805c79b294d87a8@[]>
In-Reply-To: <>
References: <p06240806c799d87e7406@[]> <>
Date: Fri, 12 Feb 2010 10:57:56 -0500
To: Olafur Gudmundsson <>
From: Stephen Kent <>
Subject: Re: draft-ietf-dnsext-dnssec-gost
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Feb 2010 15:56:42 -0000

>As a document shepeard I have made note that this is desired, but at
>the same time this is a topic that was outside the scope of the working
>This is on the other hand a topic that belongs in the IETF review.
>So my questions to the IETF (paraphrashing George Orwell)
>"Are all crypto algorithms equal, but some are more equal than others?"

not all are equal, from a purely cryptanalytic perspective. Among those that
may be equivalent from that perspective, there are other meaningful 
differences, e.g., how widely are the algs implemented and used.

>Who gets to decide on what algorithms get first class status and 
>based on what criteria?

If we look at what the CP developed in the SIDR WG for the RPKI says, 
the answer is the IESG (going forward, after an initial set of algs 
are adopted based on the SIDR WG process). In the IPSEC, TLS, and 
SMIME contexts, the WGs themselves have made the decisions, which the 
IESG then approves by virtue of the usual standards track RFC 
approval process. I do not believe that the criteria have been 
documented uniformly across these WGs.

>Steve brought up "national" algorithm, but we have also "personal" 
>algorithms such as curve25519 or threefish.

WGs like IPsec, TLS, and SMIME have been able to say no to "personal" 
algs for a long time.