'Fwd: [dnsext] draft-crocker-dnssec-algo-signal-03 -- more time please!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       namedroppers
Subject:    Fwd: [dnsext] draft-crocker-dnssec-algo-signal-03 -- more time please!
From:       Patrik_Fältström <paf () cisco ! com>
Date:       2009-08-27 4:18:29
Message-ID: 434ECD68-79BB-45F1-8A68-A4CD8E4A3E11 () cisco ! com
[Download RAW message or body]


So, my final conclusion after talking with people is what I describe  
here. That we before starting accepting drafts that "signal" crypto  
algorithms, we need something stating:

- what the impact *really* is on DNSSEC deployment if we have multiple  
algorithms
- how an algorithm change is to handled
- how to handle the selection process of preferred (plural) algorithms  
(one main, and one secondary that is rolled in or out?)

Given this, we can talk about how to do the wording in documents that  
talk about how to register/signal algorithms.

In short, people are worried about non-interoperability regarding  
deployment.

So for this document (draft-crocker-dnssec-algo-signal-03) people said  
"I think we should wait...nothing wrong with *this* document, but we  
are missing some pieces in the architecture".

    Patrik

Begin forwarded message:

> From: "Patrik Faltstrom (pfaltstr)" <pfaltstr@cisco.com>
> Date: to 30 jul 2009 09.54.07 GMT+02:00
> To: <namedroppers@ops.ietf.org>
> Subject: [dnsext] draft-crocker-dnssec-algo-signal-03 -- more time  
> please!
>
> A status report...
>
> People are still reaching out to me, and it is pretty clear to me  
> that many people have problems answering yes or no to the question,  
> and that seems to be similar reasons as both yes and no people want  
> to talk so much about the issue.
>
> I will next week summarize in a bit more detail, but it seems people  
> have the feeling that as the overall goal for standards in the IETF  
> is interoperability, and the question is really what impact multiple  
> algorithms have on real life interoperability. How are the  
> algorithms selected? What if everyone "just pick" a favorite? If we  
> are going to have preferred algorithms, how do we shift in and shift  
> out algorithms in that pool (that might have only one entry)? How do  
> we roll over algorithms? Etc...
>
> Everyone (almost) I have talked with think that if we only talked  
> about the real problem, then most certainly one of the things that  
> will be needed is some kind of signalling, for example in the  
> transition from one algorithm to another, but at this point in time  
> -- that is impossible to say.
>
> So at the moment, I see the consensus in the wg is "not yet, we need  
> to work on other documents first, or at least in parallell".
>
> But, I at the same time think I have been contacted by "no" sayers  
> more than "yes" sayers, so I ask the wg chairs for another week of  
> work on what my findings on what the consensus of the wg is.
>
>    Patrik
>


["PGP.sig" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic