> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoff...@icann.org> wrote: > > On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.i...@gmail.com > <mailto:mglt.i...@gmail.com>> wrote: >> >> Hi, >> >> As the DNS is a global shared resource and its reliability is based on >> **all** pieces of software adhering a common standard, I am inclined to >> believe that new cryptographic algorithms introduced with anything less >> restrictive than "IETF Review" - such as "Specification Required" and "RFC >> Required" - does not sufficiently prevent altering the interoperability of >> the DNS. > > Why do you feel that DNSSEC has requirements stronger than other IETF > security prot0cols such as TLS, IPsec, S/MIME, and so on?
DNS is a fire-and-forget protocol, all the ones you mention include a handshake that can be used to agree on algorithms. Such facility does not exist in DNS. I oppose any relaxation of thresholds to add algorithms to DNSSEC, as there is no need. Ólafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop