Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt
On Tue, 2017-03-14 at 09:04 +0100, Jakob Schlyter wrote: > This draft should be of interest to this WG, providing an alternative > to > draft-wouters-sury-dnsop-algorithm-update. > > jakob I like this simple short draft. I prefer its terminology. The only tiny issue I have is with the wording "Must Not Implement". Since there is no capability exchange you can not avoid talking with a peer that happens to support RSAMD5. However, I do of course agree with the sentiment. John > > > Forwarded message: > > > From: internet-dra...@ietf.org > > To: Roy Arends, Jakob Schlyter > > , Matt Larson > > Subject: New Version Notification for > > draft-arends-dnsop-dnssec-algorithm-update-00.txt > > Date: Mon, 13 Mar 2017 10:47:24 -0700 > > > > A new version of I-D, > > draft-arends-dnsop-dnssec-algorithm-update-00.txt > > has been successfully submitted by Roy Arends and posted to the > > IETF repository. > > > > Name: draft-arends-dnsop-dnssec-algorithm-update > > Revision: 00 > > Title: DNS Security (DNSSEC) DNSKEY Algorithm IANA > > Registry Updates > > Document date: 2017-03-12 > > Group: Individual Submission > > Pages: 6 > > URL: > > https://www.ietf.org/internet-drafts/draft-arends-dnsop-dnssec-algo > > rithm-update-00.txt > > Status: > > https://datatracker.ietf.org/doc/draft-arends-dnsop-dnssec-algorith > > m-update/ > > Htmlized: > > https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-upd > > ate-00 > > > > > > Abstract: > > The DNS Security Extensions (DNSSEC) require the use of > > cryptographic > > algorithm suites for generating digital signatures and > > cryptographic > > hashes over DNS data. The algorithms specified for use with > > DNSSEC > > are reflected in IANA registries. This document updates some > > entries > > in these registries. The main reason for these updates is to > > retire > > the use of SHA1. > > > > > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at > > tools.ietf.org. > > > > The IETF Secretariat > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt
Thank you for the draft. I have to say that from my perspective the draft-wouters-sury-dnsop-algorithm-update selected a better approach to the problem. IMHO it is important to distinguish consumers and producers of signatures as discussed in the original thread. While I agree that draft-wouters-sury-dnsop-algorithm-update requires substantial editorial changes the spirit seems to be correct to me so I would rather advance draft-wouters-sury-dnsop-algorithm-update instead of this new draft. Sorry for being mean! Petr Špaček @ CZ.NIC On 14.3.2017 09:04, Jakob Schlyter wrote: > This draft should be of interest to this WG, providing an alternative to > draft-wouters-sury-dnsop-algorithm-update. > > jakob > > > Forwarded message: > >> From: internet-dra...@ietf.org >> To: Roy Arends, Jakob Schlyter >> , Matt Larson >> Subject: New Version Notification for >> draft-arends-dnsop-dnssec-algorithm-update-00.txt >> Date: Mon, 13 Mar 2017 10:47:24 -0700 >> >> A new version of I-D, draft-arends-dnsop-dnssec-algorithm-update-00.txt >> has been successfully submitted by Roy Arends and posted to the >> IETF repository. >> >> Name:draft-arends-dnsop-dnssec-algorithm-update >> Revision:00 >> Title:DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry >> Updates >> Document date:2017-03-12 >> Group:Individual Submission >> Pages:6 >> URL: >> https://www.ietf.org/internet-drafts/draft-arends-dnsop-dnssec-algorithm-update-00.txt >> >> Status: >> https://datatracker.ietf.org/doc/draft-arends-dnsop-dnssec-algorithm-update/ >> >> Htmlized: >> https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-update-00 >> >> >> Abstract: >>The DNS Security Extensions (DNSSEC) require the use of cryptographic >>algorithm suites for generating digital signatures and cryptographic >>hashes over DNS data. The algorithms specified for use with DNSSEC >>are reflected in IANA registries. This document updates some entries >>in these registries. The main reason for these updates is to retire >>the use of SHA1. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Fwd: New Version Notification for draft-arends-dnsop-dnssec-algorithm-update-00.txt
Jakob, On Tue, Mar 14, 2017 at 09:04:53AM +0100, Jakob Schlyter wrote: > This draft should be of interest to this WG, providing an alternative to > draft-wouters-sury-dnsop-algorithm-update. > > jakob > > > https://tools.ietf.org/html/draft-arends-dnsop-dnssec-algorithm-update-00 This is a cleaner guidance to implementers but I would like to see the new curves, ED25519 ED448, included at least as recommended to implement. Fred ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop