IETF Logo Mail Archive

Re: draft-ietf-dnsext-dnssec-gost

Michael Dillon <wavetossed@googlemail.com> Thu, 11 February 2010 23:38 UTC

Return-Path: <wavetossed@googlemail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D05B3A739E for <ietf@core3.amsl.com>; Thu, 11 Feb 2010 15:38:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQqctyhP+eaf for <ietf@core3.amsl.com>; Thu, 11 Feb 2010 15:38:00 -0800 (PST)
Received: from mail-bw0-f219.google.com (mail-bw0-f219.google.com [209.85.218.219]) by core3.amsl.com (Postfix) with ESMTP id 2A5CA3A726B for <ietf@ietf.org>; Thu, 11 Feb 2010 15:37:59 -0800 (PST)
Received: by bwz19 with SMTP id 19so1032582bwz.28 for <ietf@ietf.org>; Thu, 11 Feb 2010 15:39:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=IeAn5+koPPnUHB/yabYOzzkd7RIToJCE4u9PJABxQ24=; b=B/2I1yc4J9MUN6UT3LhmiGp2HNzzfd15OIxLzdCk+PubMtv7O9pl9RcYDhkAfykUiI yN1OGX/iALvGzIJAfBENe22YAxnAS1pTo3eZO3onHsyAtiR7pBh8q2sSCsVDo1OvCAfs qYv31Wnk0O/ZpYrAkQU4ooKWSGIviep9VfL2o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Qw6udjp7dUVwUYT5PKfyv2CIyq0WaxK7qLhCMXhqo4LTq4OaVZ4RCgfMmYVNPKHDZi k884KQ53hlwPZrsnjrW1IIAQQNLP31td+cjpmVh0w14M5H4U2hEGjx3hTmXam33P7wiT /lKwVvHSu6TpuO4f3bwR2ohwlX5vTRmcdBFic=
MIME-Version: 1.0
Received: by 10.204.132.207 with SMTP id c15mr378143bkt.102.1265931550726; Thu, 11 Feb 2010 15:39:10 -0800 (PST)
In-Reply-To: <201002112243.o1BMhvn1003940@fs4113.wdf.sap.corp>
References: <p06240806c799d87e7406@128.89.89.170> <201002112243.o1BMhvn1003940@fs4113.wdf.sap.corp>
Date: Thu, 11 Feb 2010 23:39:10 +0000
Message-ID: <877585b01002111539i7dc6f6ccl8381289c69ac5fa6@mail.gmail.com>
Subject: Re: draft-ietf-dnsext-dnssec-gost
From: Michael Dillon <wavetossed@googlemail.com>
To: ietf@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2010 23:38:01 -0000

> One of the problems with GOST is its lack of availability of
> documentation/specification and the meaning, purpose and
> characteristics of algorithm parameters.

A bit of Googling turned up this <http://vsegost.com/Catalog/96/9658.shtml>
with scanned GIFs of ГОСТ Р34.10-1994. There is a link to the other one,
ГОСТ Р34.10-2001 on that page as well. This does seem to document
the parameters.

Is the real problem the lack of English language documentation?
If so, I'm sure that the people who would like to use these algorithms
could arrange for translations of the two documents, and perhaps even
make that an individual submission as an Internet draft.

>  Whether and how much the -1994 version is
> deprecated is also a complete mystery.

That may be explained by its use in card payment systems. As you may
know if you follow the news, a Cambridge team has just found a HUGE hole
in the UK's chip and pin payment system, but a subtext of that announcement
is that other weaknesses documented in previous years still have not been fixed.
Signature algorithms used in payment systems get embedded in all kinds
of devices, and software systems, making it hard to deprecate stuff fast.

--Michael Dillon

v2.23.0 | Report a Bug | By Email