Hello Ondrej, > 16 июня 2020 г., в 10:52, Ondřej Surý <ond...@isc.org> написал(а): > > > > I consider the previous GOST standardization for DNSSEC to be a fiasco. I do not think that _standartization_ was a fiasco. The implementation - definitely was one.
That has an explanation, when RFC5933 was published, soon it was announced that these algorithms will be superseded by new ones. So, all implementors prefer not to realize the algorithms which will be defunct in three years (as was stated, in reality this intermediate period was prolonged and was more than five years). Now, the situation is stable and the implementors are waiting for the standard to refer to. > > I would also ask the WG to require a implementation report before we send > this to WGLC. I agree that WGLC will require working reference implementation. And we will go for that. > The support for GOST family of algorithms varies between > the various crypto libraries. That problem has been noted also some time ago, and for TLS and IPSEC implementations with GOST algorithms there is now independent test service provided, which allows to test implementations by different vendors for compatibility with current standards (list of RFCs checked is provided there). When DNSSEC implementation wil go forward it will be added to this independent testbed to give vendors and developers possibility to check compatibility with the standards, > dol@ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
