ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IAB statement on the RPKI.

2010-02-16 12:38:24
from [Dmitry Burkov] [Permanent Link] 
On 16.02.10 4:21, Phillip Hallam-Baker wrote:

deploy as at present does not seem to have occurred to them. It is
quite possible that what is driving the GOST issue is that the GRU
really has a thing about vanity crypto. But I think it much more
likely that they are going to use it as part of a series of
regulations that effectively require Russian ISPs chain their DNSSEC
off the GRU approved root.
I think that it is not a constructive way to discuss this issue following some conspiracy theories. 
I want to refer you to origin of  this discussion on ietf lists
http://dnssec-deployment.org/pipermail/dnssec-deployment/2009-April/thread.html#2932
and want to remind what was initial reason for us to follow this way and to propose GOST as one of standard algorithms for DNSSEC. 

As you know we have some national regulation in crypto.
To implement DNSSEC we should
or to use GOST (at this moment) and to comply regulations
or to ignore DNSSEC (no comments)
or try to change national laws (also no comments).
If someone can give us an advice - what to do else - you are welcome.
After series of dicussions and consultations with many participants of this list we agreed with recommendations and began this process to move forward GOST as one of mandatory standards. 

Otherwise - we can't achieve
"the goal is:
(1) for their zones, e.g. .ru, .su, and any new ones they get, to be signed with GOST, 

(2) for everyone to be able to validate their signatures, and

(3) for them to be able to validate everyone else's signatures.
For (2), they need to promulgate their algorithms into the standard crypto libraries and have an algorithm identifier assigned through IANA. I believe both of these are in progress.
For (3), they simply need to use the standard algorithms in their own resolvers, and I believe they will be able to do this comfortably. We're talking about checking, not signing, signatures, not encrypting." 

Just a quote from this list.


Dima








_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IAB statement on the RPKI., Martin Rex
Next by Date:  Re: IAB statement on the RPKI., Martin Rex
Previous by Thread:  Re: IAB statement on the RPKI., Martin Rex
Next by Thread:  Re: IAB statement on the RPKI., Martin Rex
Indexes:  [Date] [Thread] [Top] [All Lists]