ietf
[Top] [All Lists]

Re: draft-ietf-dnsext-dnssec-gost

2010-02-12 06:19:11

I agree with Steve and others saying that MAY is appropriate
for this.

S.

Stephen Kent wrote:
I recommend that the document not be approved by the IESG in its current
form.  Section 6.1 states:

6.1.  Support for GOST signatures

   DNSSEC aware implementations SHOULD be able to support RRSIG and
   DNSKEY resource records created with the GOST algorithms as
   defined in this document.

There has been considerable discussion on the security area directorate
list about this aspect of the document. All of the SECDIR members who
participated in the discussion argued that the text in 6.1 needs to be
changed to MAY from SHOULD. The general principle cited in the
discussion has been that "national" crypto algorithms like GOST ought
not be cited as MUST or SHOULD in standards like DNESEC. I refer
interested individuals to the SECDIR archive for details of the discussion.

(http://www.ietf.org/mail-archive/web/secdir/current/maillist.html)

Steve
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>