On Jul 6, 2020, at 6:07 PM, Tim Wicinski <tjw.i...@gmail.com> wrote: > > > All > > I've been going over the CfA comments, and discussing this with my chairs and > Warren, and > perhaps the best way to walk through the logic in our decision is to work > backwards. > > > The authors are requesting a code point for their algorithm in this IANA > registry: > > https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml#ds-rr-types-1 > > To receive such a code point a "Standards Action", which is defined as: > > For the Standards Action policy, values are assigned only through > Standards Track or Best Current Practice RFCs in the IETF Stream. > > Which means that 1) Informational will not work; and 2) Independent Stream > will not work. > > In the excellent discussion on this, what seems to be the underlying > consensus is > the need to publish the document to establish the code point, and document it > as such.
So far, so good. > > To not adopt this means, the implementers could easily pick their own This seems unlikely. If they step on unallocated code points, few implementers will go along with that because implementers generally respect the IETF and IANA more than they respect a country's crypto regime. If we fix the registries in question to not require standards-track RFCs, then we don't need to adopt this document: the authors could publish them through the ISE. > There was also discussion on updating the table in > https://tools.ietf.org/html/rfc8624#page-5 [tools.ietf.org] > (implementation recommendations for DNSKEY algorithms), and here seemed to be > some consensus around MAY Yes, great. > There was also an orthogonal discussion around changing the registry from > "Standards Action" > to "RFC Required". That was not orthogonal at all. It was directly intended to allow the WG to not adopt this document and yet allow the authors to get what they want, which are IANA code point allocations that implementers can then find the relevant documents for. It feels weird for the DNSOP WG to recommend to the IETF that it publish a standards-track document that virtually no one in the WG understands. The DNSOP WG could use the same pattern as other IETF WGs (TLS, SMIME, IPsec, ...) for the past 25+ years. And, before anyone says "but we'll run out of code points!", please take a look at how small the registries are for those other crypto protocols. There are a handful of countries with their own crypto, but the number is surprisingly low. > While this seems to be a simple procedural move, I fear that doing > so haphazardly without understanding the operational considerations is > completely > wrong (Remember, We are DNS OPerations) I'm not seeing how following what the other WGs have been doing for decades as "haphazard". > Mr. Wouters made the very correct comment that "no one outside the IETF > really knows the difference for RFCs anyway." > This was something I was reminded of all too well during the DNS RPZ > discussions. This document is not for people outside the IETF: it's for implementers. They do indeed consider standards-track RFCs different than informational RFCs. That is why we had to create RFC 8624. > Summary: Adopt as Standards Track because we have to add text to the state > as such. We will not spend a lot > of WG time on this document, and Warren and I will end up doing the heavy > lifting on all the process portions. That feels exactly wrong. "We didn't really read this draft, but we want you to make it an IETF standard". My counter-proposal was "we made it easier for folks with national algorithms to get their code points without having to deal with the WG process". --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
