> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoff...@icann.org> wrote:
> 
> On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.i...@gmail.com 
> <mailto:mglt.i...@gmail.com>> wrote:
>> 
>> Hi, 
>> 
>> As the DNS is a global shared resource and its reliability is based on 
>> **all** pieces of software adhering a common standard, I am inclined to 
>> believe that new cryptographic algorithms introduced with anything less 
>> restrictive than "IETF Review" - such as "Specification Required" and "RFC 
>> Required" - does not sufficiently prevent altering the interoperability of 
>> the DNS.  
> 
> Why do you feel that DNSSEC has requirements stronger than other IETF 
> security prot0cols such as TLS, IPsec, S/MIME, and so on? 

DNS is a fire-and-forget protocol, all the ones you mention include a handshake 
that can be used to agree on algorithms. Such facility does not exist in DNS. 

I oppose any relaxation of thresholds to add algorithms to DNSSEC, as there is 
no need. 

  Ólafur

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to