Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05

[Basil Dolmatov <dol@cryptocom.ru>]

Andrew Sullivan пишет:
>
>> BTW, we have had this discussion in SIDR, where the RPKI has a similar 
>> global scope and where Vasily had made a similar request for recognition 
>> of GOST algorithms. So far, that WG has said no, for the reasons I cited 
>> in my comments and above. The current plan there is to go with the two 
>> suite model I described above.
>>     
>
> Ok.  Thanks for this; it's useful feedback.
>   
Andrew, I, being the participant in the quoted process, want to share my 
description of what had happened and I think that it will differ to some 
extent.

I noted that RPKI and SIDR implementations having exactly no possibility 
to support different protocols will definitely meet the problems, which 
DNSSec is overcoming simply by its design.

Steve, in his presentation showed the technology which gives possibility 
to given AS (or group of ASes) to build entirely independent system of 
distribution of routing information from the outer world. That was 
_the_other_way_ to handle possible protocol problems, just to present 
mechanism, which allows to split whole system into several entirely 
independent protocol domains.

Comparing to DNS the IDR ideology is entirely different: DNS is 
wholistic and united service, but main IDR principle is the independence 
of routing decisions for any given AS.

I also noted then that from my point of view the DNSSec protocol 
approach seems much more productive for the development of the network 
as a whole and maintaining its integrity, SIDR approach from that 
perspective seems a restrictive one and leading to the dead end in the 
near future.

I would be very cautious when considering the borrowing of the 
technologies and approaches from SIDR to any other protocols and 
services, these technologies though allowing to "overcome" possible 
protocol problems in fact will lead to the network split.


dol@




> Best,
>
> A
>
>