Re: [secdir] secdir review of draft-ietf-dnsext-dnssec-alg-allocation-02

Andrew Sullivan <ajs@shinkuro.com> Tue, 02 March 2010 20:31 UTC

Return-Path: <ajs@shinkuro.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA0F828C16F; Tue, 2 Mar 2010 12:31:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.1
X-Spam-Level:
X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaxbNDdv3xe7; Tue, 2 Mar 2010 12:31:05 -0800 (PST)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id B281528C180; Tue, 2 Mar 2010 12:31:05 -0800 (PST)
Received: from crankycanuck.ca (external.shinkuro.com [66.92.164.104]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 6C43C1ECBC22; Tue, 2 Mar 2010 20:31:05 +0000 (UTC)
Date: Tue, 2 Mar 2010 15:31:03 -0500
From: Andrew Sullivan <ajs@shinkuro.com>
To: Barry Leiba <barryleiba@computer.org>
Message-ID: <20100302203103.GJ2901@shinkuro.com>
References: <9abf48a61003021143p6cef437fxb72fe0c3a58a684c@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9abf48a61003021143p6cef437fxb72fe0c3a58a684c@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: draft-ietf-dnsext-dnssec-alg-allocation.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-dnsext-dnssec-alg-allocation-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 20:31:08 -0000

Hi,

Thanks for the review of this document.

On Tue, Mar 02, 2010 at 02:43:07PM -0500, Barry Leiba wrote:

> I understand the reasoning for allowing non-standards-track
> algorithms, but I don't understand the reason not to use "Expert
> Review", specifying that the documentation required is an RFC, and
> giving at least *some* criteria for the expert to consider.
> Otherwise, I wonder whether registration of poorly designed algorithms
> will happen, and those algorithms may present an attractive nuisance,
> getting widely implemented by virtue of being registered, despite what
> this document says about that.

I have a certain amount of sympathy for this comment, but the plain
fact is that the DNS community does not actually have the expertise to
evaluate cryptographic algorithms anyway. 

The upshot therefore of your suggestion is that the expert review
required in this area would probably require an expert panel in each
case, with one member from the DNS community and another from the
security community.  

More importantly, I'm not sure there's actually a problem to solve
here.  Do we have a problem in other protocols where poor crypto
algorithms have won out over better-designed algorithms?

> Even with expert review, we could allow weak or otherwise poor
> algorithms to be registered, if we want to do that, with the addition
> of a field in the registry that indicates the expert's assessment:
> perhaps it could say "not recommended" as a sufficient warning.  That
> would also allow updates later, giving erstwhile-good algorithms a
> status of "compromised", "deprecated", or the like (and would be a
> better place to note the deprecation of RSA/MD5 than in the algorithm
> description, where it is now).

We do in fact have a completely separate effort underway to update the
registry in order to allow certain kinds of indicators like this.  The
WG seemed to agree that these were separate problems and didn't want
to conflate them.  Does that other effort address your concern?

> I'd like to see the text of the last paragraph of section 3 change:
> OLD
> It should be noted that the order of algorithms in the IANA registry
> does not signify or imply cryptographic strength or preference.
> NEW
> It should be noted that the presence of or order of algorithms in the
> IANA registry does not signify or imply cryptographic strength or
> preference.

I see no objection to that alteration.

> I think this should have an informative reference to RFC 5226 section
> 4.1, which defines the IANA registration policies (and gives the
> specific meaning of "RFC Required").

I have no objection to this reference.

Thanks again for the review,

Andrew (doc shepherd)



-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.