Re: draft-ietf-dnsext-dnssec-gost
Martin Rex <mrex@sap.com> Mon, 15 February 2010 18:20 UTC
Return-Path: <mrex@sap.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE99428C245 for <ietf@core3.amsl.com>; Mon, 15 Feb 2010 10:20:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.214
X-Spam-Level:
X-Spam-Status: No, score=-10.214 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Ebw6lAUVOzI for <ietf@core3.amsl.com>; Mon, 15 Feb 2010 10:20:34 -0800 (PST)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 00B7128C266 for <ietf@ietf.org>; Mon, 15 Feb 2010 10:20:29 -0800 (PST)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id o1FILwoE018609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Feb 2010 19:21:58 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201002151821.o1FILvoF009275@fs4113.wdf.sap.corp>
Subject: Re: draft-ietf-dnsext-dnssec-gost
To: dol@cryptocom.ru
Date: Mon, 15 Feb 2010 19:21:57 +0100
In-Reply-To: <4B76E19E.8040103@cryptocom.ru> from "Basil Dolmatov" at Feb 13, 10 08:30:06 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2010 18:20:39 -0000
Basil Dolmatov wrote: > > Martin Rex пиÑеÑ: > > > > I'm still quite confused. > > > > All references to GOST signature algorithms of the kind [GOST3410] > > ought to be fixed to say [GOST3410-2001]. > > I think that can de done, despite the fact that there is no other > algorithm coded as GOST 3410, except GOST 34.10-2001. Slightly OT: There some more confusing aspect abouth GOST R34.10-xxxx The math behind GOST bears some similarities with Diffie Helman (DH). RFC-4357 describes "VKO GOST R34.10-94" and "VKO GOST R34.10-2001" under a section called "Key Derivation Algorithms", and defines parameter sets for these algorithms. To me, it looks like the GOST algorithms in RFC4357 would be better described as "Key agreement" instead of "Key Derivation" algorithms (consistent with the X.509v3 use of the terminology). In detail, the key exchange algorithm for GOST in TLS seems to significantly differ from DH key agreement. What I don't understand is whether the deprecation applies to GOST R34.10-1994 in general, or only to GOST R34.10-1994 as a signature algorithm. I am somewhat illiterate to crypto math, so I'm wondering whether it is technicall possible to use a GOST R34.10-1994 key agreement (ephemeral keys) in conjunction with GOST R34.10-2001 certs&signatures, and if yes -- whether that is still permitted by russian authorities. -Martin
- Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
- Re: draft-ietf-dnsext-dnssec-gost Richard L. Barnes
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Michael Dillon
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Stephen Farrell
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost David Conrad
- Re: draft-ietf-dnsext-dnssec-gost Edward Lewis
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost ned+ietf
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- RE: draft-ietf-dnsext-dnssec-gost Rex, Martin
- Re: draft-ietf-dnsext-dnssec-gost Spencer Dawkins
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Mark Andrews
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Ran Atkinson
- Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
- Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson