Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt

[John Dickinson]

On Tue, 2017-03-14 at 09:04 +0100, Jakob Schlyter wrote:
> This draft should be of interest to this WG, providing an alternative
> to 
> draft-wouters-sury-dnsop-algorithm-update.
> 
>   jakob

I like this simple short draft. I prefer its terminology. The only tiny
issue I have is with the wording "Must Not Implement". Since there is
no capability exchange you can not avoid talking with a peer that
happens to support RSAMD5. However, I do of course agree with the
sentiment.

John



> 
> 
> Forwarded message:
> 
> > From: internet-dra...@ietf.org
> > To: Roy Arends , Jakob Schlyter 
> > , Matt Larson 
> > Subject: New Version Notification for 
> > draft-arends-dnsop-dnssec-algorithm-update-00.txt
> > Date: Mon, 13 Mar 2017 10:47:24 -0700
> > 
> > A new version of I-D, 
> > draft-arends-dnsop-dnssec-algorithm-update-00.txt
> > has been successfully submitted by Roy Arends and posted to the
> > IETF repository.
> > 
> > Name:   draft-arends-dnsop-dnssec-algorithm-update
> > Revision:   00
> > Title:  DNS Security (DNSSEC) DNSKEY Algorithm IANA
> > Registry Updates
> > Document date:  2017-03-12
> > Group:  Individual Submission
> > Pages:  6
> > URL:
> > https://www.ietf.org/internet-drafts/draft-arends-dnsop-dnssec-algo
> > rithm-update-00.txt
> > Status: 
> > https://datatracker.ietf.org/doc/draft-arends-dnsop-dnssec-algorith
> > m-update/
> > Htmlized:   
> > https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-upd
> > ate-00
> > 
> > 
> > Abstract:
> >    The DNS Security Extensions (DNSSEC) require the use of 
> > cryptographic
> >    algorithm suites for generating digital signatures and 
> > cryptographic
> >    hashes over DNS data.  The algorithms specified for use with
> > DNSSEC
> >    are reflected in IANA registries.  This document updates some 
> > entries
> >    in these registries.  The main reason for these updates is to 
> > retire
> >    the use of SHA1.
> > 
> > 
> > 
> > 
> > Please note that it may take a couple of minutes from the time of 
> > submission
> > until the htmlized version and diff are available at
> > tools.ietf.org.
> > 
> > The IETF Secretariat
> 
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt

[Petr Špaček]

Thank you for the draft.

I have to say that from my perspective the
draft-wouters-sury-dnsop-algorithm-update selected a better approach to
the problem. IMHO it is important to distinguish consumers and producers
of signatures as discussed in the original thread.

While I agree that draft-wouters-sury-dnsop-algorithm-update requires
substantial editorial changes the spirit seems to be correct to me so I
would rather advance draft-wouters-sury-dnsop-algorithm-update instead
of this new draft.

Sorry for being mean!

Petr Špaček  @  CZ.NIC

On 14.3.2017 09:04, Jakob Schlyter wrote:
> This draft should be of interest to this WG, providing an alternative to
> draft-wouters-sury-dnsop-algorithm-update.
> 
> jakob
> 
> 
> Forwarded message:
> 
>> From: internet-dra...@ietf.org
>> To: Roy Arends , Jakob Schlyter
>> , Matt Larson 
>> Subject: New Version Notification for
>> draft-arends-dnsop-dnssec-algorithm-update-00.txt
>> Date: Mon, 13 Mar 2017 10:47:24 -0700
>>
>> A new version of I-D, draft-arends-dnsop-dnssec-algorithm-update-00.txt
>> has been successfully submitted by Roy Arends and posted to the
>> IETF repository.
>>
>> Name:draft-arends-dnsop-dnssec-algorithm-update
>> Revision:00
>> Title:DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry
>> Updates
>> Document date:2017-03-12
>> Group:Individual Submission
>> Pages:6
>> URL:   
>> https://www.ietf.org/internet-drafts/draft-arends-dnsop-dnssec-algorithm-update-00.txt
>>
>> Status:
>> https://datatracker.ietf.org/doc/draft-arends-dnsop-dnssec-algorithm-update/
>>
>> Htmlized:  
>> https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-update-00
>>
>>
>> Abstract:
>>The DNS Security Extensions (DNSSEC) require the use of cryptographic
>>algorithm suites for generating digital signatures and cryptographic
>>hashes over DNS data.  The algorithms specified for use with DNSSEC
>>are reflected in IANA registries.  This document updates some entries
>>in these registries.  The main reason for these updates is to retire
>>the use of SHA1.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
> 
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt

[Frederico A C Neves]

Jakob,

On Tue, Mar 14, 2017 at 09:04:53AM +0100, Jakob Schlyter wrote:
> This draft should be of interest to this WG, providing an alternative to 
> draft-wouters-sury-dnsop-algorithm-update.
> 
>   jakob
> 

> > https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-update-00

This is a cleaner guidance to implementers but I would like to see the
new curves, ED25519 ED448, included at least as recommended to
implement.

Fred

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop