Re: [DNSOP] Would you please review our draft on deploying new DNSSEC crypto algorithms?

Thu, 01 Dec 2016 13:07:53 -0800 

I have read the draft and support it being made into a WG document.
I do have some minor comments - none that change the tone of the document: 

1. Introduction 5th paragraph
“DNSSEC algorithms are used…” Probably should be “DNSSEC registered algorithms…” There are no crypto algorithms that are part of DNSSEC only, just defined for use with DNSSEC.
2. There is also RFC 6975 - algorithm signaling in DNSSEC. I don’t know how widely deployed or used the EDNS option is, but it was proposed to help gather data about this very thing. 

Scott
        
On 15 Nov 2016, at 7:41, Dan York wrote:
As mentioned at the very end of DNSOP, Olafur Gudmundsson, Ondrej Sury, Paul Wouters and I have a draft published that aims to document the steps involved with deploying a new cryptographic algorithm for DNSSEC. The overall goal is to make it easier to get new DNSSEC crypto algorithms deployed, both through documenting existing steps - and then potentially building off of this work with new documents to improve some of the steps. Right now we'd like to get ECDSA out, but EdDSA is coming out soon and it would be great to get that deployed sooner rather than later.
As I said in the session, we'd like to get reviewers and then get the document adopted by the WG and moved along toward publication. 

The draft is at either of:

https://datatracker.ietf.org/doc/draft-york-dnsop-deploying-dnssec-crypto-algs/
https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-04

Please send any comments to the list or to us as authors.
I also am maintaining this over in Github at: https://github.com/danyork/draft-deploying-dnssec-crypto-algs If you are a Github user you are welcome to file an issue there or send text in a pull request.
Regardless, we'd just like any feedback (even if to say that it looks good). 

Thanks,
Dan



--
Dan York
Senior Content Strategist, Internet Society
y...@isoc.org<mailto:y...@isoc.org>   +1-802-735-1624
Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/




_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop



==================================
Scott Rose, NIST
sco...@nist.gov
ph: +1-301-975-8439
Google Voice: +1-571-249-3671

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to