There is a current document that would need to be updated: RFC 6944:
http://tools.ietf.org/html/rfc6944
The RFC needs to be updated to include the new elliptic curve
algorithms. It would also be a good place to move other algorithms to
other categories.
Scott
On 10 Sep 2015, at 10:02, Ondřej Surý wrote:
Viktor,
while I wholeheartedly agree that we might deprecate DSA, and perhaps
issue a recommendation on what is the minimum recommended algorithm,
this is really out-of-the-scope for the cfrg curves draft. I would be
happy to help (co-author, review, etc..) the deprecation I-D/RFC, I
think we should not mix these together, since it will be much harder
to agree upon the deprecated algorithm list.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.s...@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Viktor Dukhovni" <ietf-d...@dukhovni.org>
To: dnsop@ietf.org
Sent: Wednesday, September 9, 2015 9:29:46 PM
Subject: Re: [DNSOP] Fwd: New Version Notification for
draft-sury-dnskey-ed25519-03.txt
On Wed, Sep 09, 2015 at 08:12:41PM +0200, Ondřej Surý wrote:
Yes, we are waiting exactly for the cfrg to finish the signature
schemas.
But the rest can get a review early. f.e. it's evident now, we have
to
add more material about motivation to add new curves into the
draft(s).
Great. My other concern is that at this point, perhaps every time
we consider adding more algorithm ids to DNSSEC we should consider
retiring some old ones, we are starting to have too many:
Id Description Mnemonic ZSIG TSIG Reference
-------------------------------------------------------------------------
1 RSA/MD5 (deprecated) RSAMD5 N Y
[RFC3110][RFC4034]
2 Diffie-Hellman DH N Y [RFC2539]
4 Reserved [RFC6725]
9 Reserved [RFC6725]
11 Reserved [RFC6725]
--
3 DSA/SHA1 DSA Y Y [RFC3755]
5 RSA/SHA-1 RSASHA1 Y Y
[RFC3110][RFC4034]
6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155]
7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y [RFC5155]
8 RSA/SHA-256 RSASHA256 Y * [RFC5702]
10 RSA/SHA-512 RSASHA512 Y * [RFC5702]
12 GOST R 34.10-2001 ECC-GOST Y * [RFC5933]
13 P-256 with SHA-256 ECDSAP256SHA256 Y * [RFC6605]
14 P-384 with SHA-384 ECDSAP384SHA384 Y * [RFC6605]
I'd like to propose that with the introduction of the CFRG
algorithms,
we should deprecate:
3 DSA/SHA1 DSA Y Y [RFC3755]
6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155]
12 GOST R 34.10-2001 ECC-GOST Y * [RFC5933]
and as ideally also announce a sunset date for:
5 RSA/SHA-1 RSASHA1 Y Y
[RFC3110][RFC4034]
7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y [RFC5155]
though of course these are rather widely used at present, it is
time to start encouraging folks to move on.
Once the CFRG algorithms are done, I would also publish an updated
list of MTI algorithms for DNSSEC that would consist of:
8, 12 and both of the CFRG algorithms.
The more secure of the two CFRG algorithms should be supported by
clients, but should not yet be used by servers, concerns about
post-QC crypto don't really apply to short-term signatures, we can
switch to the Goldilocks curve if/when necessary, provided the
client support is there all along.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
==================================
Scott Rose, NIST
sco...@nist.gov
ph: +1-301-975-8439
Google Voice: +1-571-249-3671
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
