It's just a DNS record. It doesn't matter what's inside, so I'll replace the example with something neutral like MX.
O. -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.s...@nic.cz https://nic.cz/ -------------------------------------------- ----- Original Message ----- > From: "Daniel Migault" <daniel.miga...@ericsson.com> > To: "Simon Josefsson" <si...@josefsson.org>, "Ondřej Surý" > <ondrej.s...@nic.cz> > Cc: "dnsop" <dnsop@ietf.org>, "curdle" <cur...@ietf.org> > Sent: Thursday, 3 November, 2016 02:02:00 > Subject: RE: [Curdle] Fwd: I-D Action: draft-ietf-curdle-dnskey-eddsa-01.txt > Hi, > > Thank you for the reviews. Looks we are almost ready for LC. Please take a few > minute and review the document. > > I have a minor comment. It has been suggested that IPv6 was used in the > example. > Does anyone object using only IPv6 example versus IPv4/IPv6 or IPv4 only? > > Yours, > > Rich and Daniel > > -----Original Message----- > From: Curdle [mailto:curdle-boun...@ietf.org] On Behalf Of Simon Josefsson > Sent: Tuesday, November 01, 2016 5:00 AM > To: Ondřej Surý <ondrej.s...@nic.cz> > Cc: dnsop <dnsop@ietf.org>; cur...@ietf.org > Subject: Re: [Curdle] Fwd: I-D Action: draft-ietf-curdle-dnskey-eddsa-01.txt > > Hello. I have reviewed this document, and it looks to be in good shape. > Two minor comments: > > 1) The security considerations should reference draft-irtf-cfrg-eddsa for > security considerations. Both CFRG-EDDSA and RFC 7748 refer to the expected > security level of Ed25519 as "around 128-bit" which reads somewhat better than > "slightly under" in my mind. Citing only the security level characteristics > (incorrectly) give the reader an impression that Ed448 is "more secure" than > Ed25519. More, or less, context is required to give the reader a proper > understanding. > > I suggest to reword the entire security considerations as follows. The third > paragraph below is a direct quote from CFRG-EDDSA. > > Ed25519 and Ed448 offers improved security properties and > implementation characteristics compared to RSA and ECDSA algorithms, > and the introduction of these algorithms are thus expected to improve > security of DNSSEC. > > The security considerations of [CFRG-EDDSA] and [RFC7748] are > inherited in the usage of Ed25519 and Ed448 in DNSSEC. > > Ed25519 is intended to operate at around the 128-bit security level, > and Ed448 at around the 224-bit security level. A sufficiently large > quantum computer would be able to break both. Reasonable projections > of the abilities of classical computers conclude that Ed25519 is > perfectly safe. Ed448 is provided for those applications with > relaxed performance requirements and where there is a desire to hedge > against analytical attacks on elliptic curves. > > These assessments could, of course, change in the future if new > attacks that work better than the ones known today are found. > > 2) Section 9 "Implementation Status" does not seem useful. > > Thanks, > /Simon > > Ondřej Surý <ondrej.s...@nic.cz> writes: > >> Dear colleagues, >> >> this is just a refresh to keep the draft going as we are still waiting >> for irtf-cfrg-eddsa, but that looks like it's in IESG Review, so it >> might be a good time to have a final look and send the comments to /me >> or Robert or curdle WG mailing list. >> >> 1. https://datatracker.ietf.org/doc/draft-irtf-cfrg-eddsa/ >> >> Cheers, >> -- >> Ondřej Surý -- Technical Fellow >> -------------------------------------------- >> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC >> Milesovska 5, 130 00 Praha 3, Czech Republic >> mailto:ondrej.s...@nic.cz https://nic.cz/ >> -------------------------------------------- >> >> ----- Forwarded Message ----- >> From: internet-dra...@ietf.org >> To: i-d-annou...@ietf.org >> Cc: cur...@ietf.org >> Sent: Monday, 10 October, 2016 15:46:46 >> Subject: [Curdle] I-D Action: draft-ietf-curdle-dnskey-eddsa-01.txt >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the CURves, Deprecating and a Little more >> Encryption of the IETF. >> >> Title : EdDSA for DNSSEC >> Authors : Ondrej Sury >> Robert Edmonds >> Filename : draft-ietf-curdle-dnskey-eddsa-01.txt >> Pages : 8 >> Date : 2016-10-10 >> >> Abstract: >> This document describes how to specify EdDSA keys and signatures in >> DNS Security (DNSSEC). It uses the Edwards-curve Digital Security >> Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-curdle-dnskey-eddsa/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-curdle-dnskey-eddsa-01 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-curdle-dnskey-eddsa-01 >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Curdle mailing list >> cur...@ietf.org >> https://www.ietf.org/mailman/listinfo/curdle >> >> _______________________________________________ >> Curdle mailing list >> cur...@ietf.org > > https://www.ietf.org/mailman/listinfo/curdle _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
