Re: draft-ietf-dnsext-dnssec-gost

Edward Lewis <> Fri, 12 February 2010 19:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 097D03A7736 for <>; Fri, 12 Feb 2010 11:18:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.43
X-Spam-Status: No, score=-2.43 tagged_above=-999 required=5 tests=[AWL=0.169, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JFGsvYJ1fkVL for <>; Fri, 12 Feb 2010 11:18:46 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1266B3A787A for <>; Fri, 12 Feb 2010 11:18:45 -0800 (PST)
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id o1CJJZ8B067158; Fri, 12 Feb 2010 14:19:36 -0500 (EST) (envelope-from
Received: from [] by (PGP Universal service); Fri, 12 Feb 2010 14:19:41 -0500
X-PGP-Universal: processed; by on Fri, 12 Feb 2010 14:19:41 -0500
Mime-Version: 1.0
Message-Id: <a06240800c79b554ba0e0@[]>
In-Reply-To: <p06240805c79b294d87a8@[]>
References: <p06240806c799d87e7406@[]> <> <p06240805c79b294d87a8@[]>
Date: Fri, 12 Feb 2010 14:18:29 -0500
To: Stephen Kent <>
From: Edward Lewis <>
Subject: Re: draft-ietf-dnsext-dnssec-gost
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.67 on
Cc:, Olafur Gudmundsson <>,
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Feb 2010 19:18:47 -0000

At 10:57 -0500 2/12/10, Stephen Kent wrote:

>If we look at what the CP developed in the SIDR WG for the RPKI says, the
>answer is the IESG (going forward, after an initial set of algs are adopted
>based on the SIDR WG process). In the IPSEC, TLS, and SMIME contexts, the WGs
>themselves have made the decisions, which the IESG then approves by virtue of
>the usual standards track RFC approval process. I do not believe that the
>criteria have been documented uniformly across these WGs.

What is "CP?"

>At 15:11 -0500 2/11/10, Olafur Gudmundsson wrote:
>>Steve brought up "national" algorithm, but we have also "personal"
>>algorithms such as curve25519 or threefish.
>WGs like IPsec, TLS, and SMIME have been able to say no to "personal" algs
>for a long time.

I've asked this before (see 
what is a "national algorithm?"  I asked that in the DNSEXT WG and 
didn't get a response.  There's a definition in but 
from that I can't distinguish between Skipjack (in that it is labeled 
as national) and DES (not-national but "published by [US] NIST as 

But in the bigger picture, for different reasons, I think the 
"SHOULD" in question be removed/changed.  I think it is up to an 
implementor to choose whether they implement something or not, 
support RFC wxyz or not.  And it is up to the RFP write to require it 
or not.  I don't think any RFC can "MUST" itself into existence.

PS - I think Olafur meant "private algorithms" not personal 
algorithms.  See, 
registrations for 253 and 254.

Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.