Re: [DNSOP] [Ext] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost
On Apr 27, 2024, at 17:38, Tim Wicinski wrote: > Please review these drafts to see if you think they are suitable for adoption > by DNSOP, and send any comments to the list, clearly stating your view. The WG already has many important DNSSEC-related documents that are not getting enough attention from WG participants. Each of those documents would have much more significant effects on the security of the DNS than these proposed documents. The WG should not adopt these proposed documents until the more important documents have been standardized. In the future, there may be more relevant attacks on SHA-1 and ECC-GOST, and adopting these documents would make sense then. The advances in practical attacks on SHA-1 have been slow and somewhat predictable. The use of ECC-GOST outside of regions where it was required is nearly non-existent. The WG's attention is valuable, and spending that attention on documents that do not noticeably affect the actual security of the DNS is not a good use of our time. I propose that Wes keep the drafts alive as personal documents until the WG's DNSSEC documents with much more impact are finished. --Paul Hoffman ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Fwd: New Version Notification for draft-heard-dnsop-udp-opt-large-dns-responses-00.txt
Greetings, TSVWG currently has the document "Transport Options for UDP" ( https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-udp-options) in Working Group Last Call. It includes a capability to fragment datagrams at the UDP layer rather than the IP layer, and one of the use cases that has been discussed over there is using that capability to transmit large DNS responses without suffering the disadvantages of IP fragmentation or fallback to TCP. But we need a reality check from the subject matter experts over here to help us determine whether this idea is viable. Accordingly, I put together a short (and at this point not very polished) individual draft describing how this might work. Your feedback will be greatly appreciated. Thanks and regards, Mike Heard -- Forwarded message - From: Date: Sun, Apr 28, 2024 at 12:52 PM Subject: New Version Notification for draft-heard-dnsop-udp-opt-large-dns-responses-00.txt To: C. M. Heard (Mike) A new version of Internet-Draft draft-heard-dnsop-udp-opt-large-dns-responses-00.txt has been successfully submitted by C. M. (Mike) Heard and posted to the IETF repository. Name: draft-heard-dnsop-udp-opt-large-dns-responses Revision: 00 Title:Use of UDP Options for Transmission of Large DNS Responses Date: 2024-04-28 Group:Individual Submission Pages:8 URL: https://www.ietf.org/archive/id/draft-heard-dnsop-udp-opt-large-dns-responses-00.txt Status: https://datatracker.ietf.org/doc/draft-heard-dnsop-udp-opt-large-dns-responses/ HTMLized: https://datatracker.ietf.org/doc/html/draft-heard-dnsop-udp-opt-large-dns-responses Abstract: This document describes an experimental method for using UDP Options to facilitate the transmission of large DNS responses without the use of IP fragmentation or fallback to TCP. The IETF Secretariat ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-rfc8624-bis, must-not-sha1, must-not-ecc-gost
On Apr 27, 2024, at 20:39, Tim Wicinski wrote: > > M > > > This starts a Call for Adoption for: > draft-hardaker-dnsop-rfc8624-bis > draft-hardaker-dnsop-must-not-sha1 > draft-hardaker-dnsop-must-not-ecc-gost I support adoption for all three drafts. Willing to help with text and well forced to review them eventually 藍 Paul ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Weekly github digest (DNSOP Working Group GitHub Activity Summary)
Issues -- * ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques (+0/-0/1) 1 issues received 1 new comments: - #69 Multi-provider / multi-CDN setups (1 by moonshiner) https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques/issues/69 Repositories tracked by this digest: --- * https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-dnssec-automation * https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-domain-verification-techniques * https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-structured-dns-error * https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-qdcount-is-one * https://github.com/ietf-wg-dnsop/draft-ietf-dnsop-avoid-fragmentation ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop