Viktor, while I wholeheartedly agree that we might deprecate DSA, and perhaps issue a recommendation on what is the minimum recommended algorithm, this is really out-of-the-scope for the cfrg curves draft. I would be happy to help (co-author, review, etc..) the deprecation I-D/RFC, I think we should not mix these together, since it will be much harder to agree upon the deprecated algorithm list.
Cheers, Ondrej -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.s...@nic.cz https://nic.cz/ -------------------------------------------- ----- Original Message ----- > From: "Viktor Dukhovni" <ietf-d...@dukhovni.org> > To: dnsop@ietf.org > Sent: Wednesday, September 9, 2015 9:29:46 PM > Subject: Re: [DNSOP] Fwd: New Version Notification for > draft-sury-dnskey-ed25519-03.txt > On Wed, Sep 09, 2015 at 08:12:41PM +0200, Ondřej Surý wrote: > >> Yes, we are waiting exactly for the cfrg to finish the signature schemas. >> But the rest can get a review early. f.e. it's evident now, we have to >> add more material about motivation to add new curves into the draft(s). > > Great. My other concern is that at this point, perhaps every time > we consider adding more algorithm ids to DNSSEC we should consider > retiring some old ones, we are starting to have too many: > > Id Description Mnemonic ZSIG TSIG Reference > ------------------------------------------------------------------------- > 1 RSA/MD5 (deprecated) RSAMD5 N Y [RFC3110][RFC4034] > 2 Diffie-Hellman DH N Y [RFC2539] > 4 Reserved [RFC6725] > 9 Reserved [RFC6725] > 11 Reserved [RFC6725] > -- > 3 DSA/SHA1 DSA Y Y [RFC3755] > 5 RSA/SHA-1 RSASHA1 Y Y [RFC3110][RFC4034] > 6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155] > 7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y [RFC5155] > 8 RSA/SHA-256 RSASHA256 Y * [RFC5702] > 10 RSA/SHA-512 RSASHA512 Y * [RFC5702] > 12 GOST R 34.10-2001 ECC-GOST Y * [RFC5933] > 13 P-256 with SHA-256 ECDSAP256SHA256 Y * [RFC6605] > 14 P-384 with SHA-384 ECDSAP384SHA384 Y * [RFC6605] > > I'd like to propose that with the introduction of the CFRG algorithms, > we should deprecate: > > 3 DSA/SHA1 DSA Y Y [RFC3755] > 6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155] > 12 GOST R 34.10-2001 ECC-GOST Y * [RFC5933] > > and as ideally also announce a sunset date for: > > 5 RSA/SHA-1 RSASHA1 Y Y [RFC3110][RFC4034] > 7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y [RFC5155] > > though of course these are rather widely used at present, it is > time to start encouraging folks to move on. > > Once the CFRG algorithms are done, I would also publish an updated > list of MTI algorithms for DNSSEC that would consist of: > > 8, 12 and both of the CFRG algorithms. > > The more secure of the two CFRG algorithms should be supported by > clients, but should not yet be used by servers, concerns about > post-QC crypto don't really apply to short-term signatures, we can > switch to the Goldilocks curve if/when necessary, provided the > client support is there all along. > > -- > Viktor. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
