> On Apr 10, 2017, at 11:09 AM, Mukund Sivaraman <m...@isc.org
> <mailto:m...@isc.org>> wrote:
>
> We kind of restarted the draft adopting RSASSA-PSS, so please can you
> review it this time from scratch without looking at the diff?
>
> Many of the examples will need updating once algorithm numbers are
> assigned for them (as for some calculations, the algorithm number is an
> input), so we didn't spend time on wrapping the long lines in this
> revision.
I suggest that many of the options be dropped from this document before the
working group accepts it.
I strongly support the move toward RSASSA-PSS or ECDSA. Both of these offer an
improvement over RSA PKCS#1 v1.5. That said, we have a lot of experience that
shows algorithm transitions are slow, so I think the working group should pick
one of these signature algorithms, not both.
Why does this document support both SHA2 and SHA3? We know that theses
families of hash algorithms offer the same security. That is, SHA2-256 and
SHA3-256 offer exactly the same security. One could argue that the reason to
support both is because a flaw might be found in one and the other is there for
safety. Instead, I suggest that picking one family of hash algorithms already
provides that safety. One can use SHA2-384 or SHA2-512 if a flaw is discovered
in SHA2-256. So, again, pick one, not both.
Russ
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop