Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05
Basil Dolmatov <dol@cryptocom.ru> Sat, 23 January 2010 18:33 UTC
Return-Path: <dol@cryptocom.ru>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 932BA3A6962 for <secdir@core3.amsl.com>; Sat, 23 Jan 2010 10:33:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.285
X-Spam-Level: *
X-Spam-Status: No, score=1.285 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ViIHV3GKM8m9 for <secdir@core3.amsl.com>; Sat, 23 Jan 2010 10:33:39 -0800 (PST)
Received: from mx.cryptocom.ru (mx.cryptocom.ru [89.188.97.107]) by core3.amsl.com (Postfix) with ESMTP id 7CAF93A692D for <secdir@ietf.org>; Sat, 23 Jan 2010 10:33:38 -0800 (PST)
Received: from [192.168.63.201] (ppp91-76-185-255.pppoe.mtu-net.ru [91.76.185.255]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.cryptocom.ru (Postfix) with ESMTP id 2765C46501; Sat, 23 Jan 2010 21:33:31 +0300 (MSK)
Message-ID: <4B5B40FB.8060007@cryptocom.ru>
Date: Sat, 23 Jan 2010 21:33:31 +0300
From: Basil Dolmatov <dol@cryptocom.ru>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Andrew Sullivan <ajs@shinkuro.com>
References: <p06240810c76be77be756@[128.89.89.161]> <20100107222809.GA25747@shinkuro.com> <p06240818c76c1a38cbf8@[128.89.89.161]> <20100108144431.GB26259@shinkuro.com>
In-Reply-To: <20100108144431.GB26259@shinkuro.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Sun, 24 Jan 2010 22:57:34 -0800
Cc: Ralph Droms <rdroms@cisco.com>, ogud@ogud.com, secdir@ietf.org
Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2010 18:33:40 -0000
Andrew Sullivan пишет: > >> BTW, we have had this discussion in SIDR, where the RPKI has a similar >> global scope and where Vasily had made a similar request for recognition >> of GOST algorithms. So far, that WG has said no, for the reasons I cited >> in my comments and above. The current plan there is to go with the two >> suite model I described above. >> > > Ok. Thanks for this; it's useful feedback. > Andrew, I, being the participant in the quoted process, want to share my description of what had happened and I think that it will differ to some extent. I noted that RPKI and SIDR implementations having exactly no possibility to support different protocols will definitely meet the problems, which DNSSec is overcoming simply by its design. Steve, in his presentation showed the technology which gives possibility to given AS (or group of ASes) to build entirely independent system of distribution of routing information from the outer world. That was _the_other_way_ to handle possible protocol problems, just to present mechanism, which allows to split whole system into several entirely independent protocol domains. Comparing to DNS the IDR ideology is entirely different: DNS is wholistic and united service, but main IDR principle is the independence of routing decisions for any given AS. I also noted then that from my point of view the DNSSec protocol approach seems much more productive for the development of the network as a whole and maintaining its integrity, SIDR approach from that perspective seems a restrictive one and leading to the dead end in the near future. I would be very cautious when considering the borrowing of the technologies and approaches from SIDR to any other protocols and services, these technologies though allowing to "overcome" possible protocol problems in fact will lead to the network split. dol@ > Best, > > A > >
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- [secdir] review of draft-ietf-dnsext-dnssec-gost-… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Paul Hoffman
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Uri Blumenthal
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Paul Hoffman
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… David McGrew
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Nicolas Williams
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Eric Rescorla
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Basil Dolmatov
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Basil Dolmatov
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Uri Blumenthal
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Sandra Murphy
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Sandra Murphy
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Nicolas Williams
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Basil Dolmatov
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Basil Dolmatov
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Stephen Kent
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Jeffrey Hutzelman
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Andrew Sullivan
- Re: [secdir] review of draft-ietf-dnsext-dnssec-g… Jeffrey Hutzelman