Re: [DNSOP] Benjamin Kaduk's No Objection on draft-ietf-dnsop-algorithm-update-07: (with COMMENT)

Tue, 09 Apr 2019 04:55:57 -0700 

On Fri, 5 Apr 2019, Bob Harold wrote:


      I'm a little surprised that this is going for PS rather than BCP,
      which seems like it would reflect the recognized need for recurring
      updates to the guidance given.


Personally, it seems a PS feels like it has a little more weight. Not
just a recommendation but a strong nudge towards doing this.


      In a similar vein, if we stay at PS, a lot of the references seem like
      they would need to move from Informative to Normative, since to
      implement the various MUST-level algorithms you have to follow those
      references.


I would not say those references are normative in that sense. You don't
HAVE to read how GOST is specified to not implement it.


      Section 1.1

         The field of cryptography evolves continuously.  New stronger
         algorithms appear and existing algorithms are found to be less secure
         then originally thought.  [...]

      I'd suggest also noting that attacks previously thought to be
      computationally infeasible become more accessible as the available
      computational resources increase.


Added.


      Section 1.2

                                        For clarification and consistency, an
         algorithm will be specified as MAY in this document only when it has
         been downgraded.

      Does "downgraded" mean that it was formerly mandatory but has been
      rotated out of the mandatory role?  Perhaps explicitly saying
      "downgraded from <blah>" would aid clarity.


Added.


      Section 3.3


         SHA-384 shares the same properties as SHA-256, but offers a modest
         security advantage over SHA-384 (384-bits of strength versus

      nit: SHA-384 has an advantage over ... SHA-384?


Fixed.


         We wish to thank Michael Sinatra, Roland van Rijswijk-Deij, Olafur
         Gudmundsson, Paul Hoffman and Evan Hunt for their imminent feedback.

      IIRC a directorate reviewer noted that "imminent" means "expected to
      arrive in the near future but not yet present"; such text does not seem
      appropriate for final publication since review after that point would
      not be helpful.


That was fixed too :)

Thanks for the review!

Paul

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop






















					Reply via email to