Re: draft-ietf-dnsext-dnssec-gost
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 11 February 2010 18:04 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 306DE3A6EDE; Thu, 11 Feb 2010 10:04:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.032
X-Spam-Level:
X-Spam-Status: No, score=-6.032 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fP2BS39YMN9; Thu, 11 Feb 2010 10:04:34 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 5732A3A7551; Thu, 11 Feb 2010 10:04:34 -0800 (PST)
Received: from [192.168.1.70] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o1BI5iAa032778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Feb 2010 11:05:45 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240857c799f700c394@[192.168.1.70]>
In-Reply-To: <p06240806c799d87e7406@[128.89.89.170]>
References: <p06240806c799d87e7406@[128.89.89.170]>
Date: Thu, 11 Feb 2010 10:05:42 -0800
To: Stephen Kent <kent@bbn.com>, ietf@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: draft-ietf-dnsext-dnssec-gost
Content-Type: text/plain; charset="us-ascii"
Cc: iesg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2010 18:04:35 -0000
At 12:57 PM -0500 2/11/10, Stephen Kent wrote: >I recommend that the document not be approved by the IESG in its current form. Section 6.1 states: > >>6.1. Support for GOST signatures >> >> DNSSEC aware implementations SHOULD be able to support RRSIG and >> DNSKEY resource records created with the GOST algorithms as >> defined in this document. > >There has been considerable discussion on the security area directorate list about this aspect of the document. All of the SECDIR members who participated in the discussion argued that the text in 6.1 needs to be changed to MAY from SHOULD. The general principle cited in the discussion has been that "national" crypto algorithms like GOST ought not be cited as MUST or SHOULD in standards like DNESEC. I refer interested individuals to the SECDIR archive for details of the discussion. > >(http://www.ietf.org/mail-archive/web/secdir/current/maillist.html) As usual, I agree completely with Steve Kent. Further, I note that while there was consensus in the DNSEXT WG to put this document on standards track, there was no such consensus for making every DNSSEC implementation come under a new SHOULD-level requirement. --Paul Hoffman, Director --VPN Consortium
- Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Paul Hoffman
- Re: draft-ietf-dnsext-dnssec-gost Richard L. Barnes
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Michael Dillon
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Stephen Farrell
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost David Conrad
- Re: draft-ietf-dnsext-dnssec-gost Edward Lewis
- Re: draft-ietf-dnsext-dnssec-gost Sean Turner
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost ned+ietf
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- Re: draft-ietf-dnsext-dnssec-gost Stephen Kent
- RE: draft-ietf-dnsext-dnssec-gost Rex, Martin
- Re: draft-ietf-dnsext-dnssec-gost Spencer Dawkins
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Mark Andrews
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson
- Re: draft-ietf-dnsext-dnssec-gost Basil Dolmatov
- Re: draft-ietf-dnsext-dnssec-gost Andrew Sullivan
- Re: draft-ietf-dnsext-dnssec-gost Martin Rex
- Re: draft-ietf-dnsext-dnssec-gost Ran Atkinson
- Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
- Re: draft-ietf-dnsext-dnssec-gost Phillip Hallam-baker
- Re: draft-ietf-dnsext-dnssec-gost Olafur Gudmundsson