Re: [dnsext] Report from chairs
Federico Lucifredi <flucifredi@acm.org> Fri, 30 July 2010 00:58 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C30383A69CD; Thu, 29 Jul 2010 17:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.895
X-Spam-Level:
X-Spam-Status: No, score=-97.895 tagged_above=-999 required=5 tests=[BAYES_50=0.001, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id adVIxIt9uqfa; Thu, 29 Jul 2010 17:58:38 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 941933A677C; Thu, 29 Jul 2010 17:58:38 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OedpU-000DtD-Ax for namedroppers-data0@psg.com; Fri, 30 Jul 2010 00:52:04 +0000
Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <namedroppers@stora.ogud.com>) id 1OedpR-000Dsx-PU for namedroppers@ops.ietf.org; Fri, 30 Jul 2010 00:52:02 +0000
Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id o6U0q0Qn040123 for <namedroppers@ops.ietf.org>; Thu, 29 Jul 2010 20:52:00 -0400 (EDT) (envelope-from namedroppers@stora.ogud.com)
Received: (from namedroppers@localhost) by stora.ogud.com (8.14.4/8.14.4/Submit) id o6U0q0hN040122 for namedroppers@ops.ietf.org; Thu, 29 Jul 2010 20:52:00 -0400 (EDT) (envelope-from namedroppers)
Received: from [69.17.117.52] (helo=mail7.sea5.speakeasy.net) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <flucifredi@acm.org>) id 1OdYoT-00007u-2R for namedroppers@ops.ietf.org; Tue, 27 Jul 2010 01:18:33 +0000
Received: (qmail 10405 invoked from network); 27 Jul 2010 01:18:26 -0000
Received: from unknown (HELO [164.99.130.58]) (federico@[130.57.22.201]) (envelope-sender <flucifredi@acm.org>) by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <Francis.Dupont@fdupont.fr>; 27 Jul 2010 01:18:26 -0000
Message-ID: <4C4E33DF.6070301@acm.org>
Date: Mon, 26 Jul 2010 21:18:23 -0400
From: Federico Lucifredi <flucifredi@acm.org>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Francis Dupont <Francis.Dupont@fdupont.fr>
CC: Andrew Sullivan <ajs@shinkuro.com>, namedroppers@ops.ietf.org
Subject: Re: [dnsext] Report from chairs
References: <201007260710.o6Q7AjoB025253@givry.fdupont.fr>
In-Reply-To: <201007260710.o6Q7AjoB025253@givry.fdupont.fr>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.67 on 66.92.146.20
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
[ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] I support this draft and will be glad to put the footwork in to get it passed if help is needed. The issue seems overtly clear, Francis summed it up pretty well. I would not underestimate the importance of security certification, so I would be happy to help eliminating a paradox in that angle. Best -F Francis Dupont wrote: > In your previous mail you wrote: > > 4. EXPIRED DRAFTS > > - draft-ietf-dnsext-tsig-md5-deprecated > > Is anyone still interested in this draft? We have no movement on it. > > => there is a clear lack of support for this draft. I propose to give > the question to the security area so they should say if it is fine to > keep MD5 mandatory in an IETF protocol. > > Two comments: > - MD5 is used in a way (HMAC) it is not proved to be weak > > - the issue is MD5 it is forbidden for most (i.e., all I know of :-) > certified cryptos so it is not possible to run a both certified (for > the crypto) and conformant (to standards) TSIG tool. > Now it seems to be only a formal concern... > > Thanks > > Francis.Dupont@fdupont.fr > -- _________________________________________ -- "'Problem' is a bleak word for challenge" - Richard Fish (Federico L. Lucifredi) - http://www.lucifredi.com
- [dnsext] Report from chairs Andrew Sullivan
- Re: [dnsext] Report from chairs Francis Dupont
- Re: [dnsext] Report from chairs Federico Lucifredi
- Re: [dnsext] Report from chairs Phillip Hallam-Baker
- Re: [dnsext] Report from chairs Francis Dupont
- Re: [dnsext] Report from chairs Federico Lucifredi
- Re: [dnsext] Report from chairs Joe Abley
- Re: [dnsext] Report from chairs Jeffrey A. Williams
- Re: [dnsext] Report from chairs Federico Lucifredi