(Speaking without my chairs hat here) How about instead of loosening the requirement, we take the top 64 values, allocate them as either Experimental or FCFS, and it is explicitly noted NOT REQUIRED (or NO ONE WILL IMPLEMENT THESE FOR YOU).
That would leave the registry with the strict requirements and allow items to get code points. Too simple an answer? tim On Fri, Dec 25, 2020 at 10:53 PM Olafur Gudmundsson <o...@ogud.com> wrote: > > > On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoff...@icann.org> wrote: > > On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.i...@gmail.com> wrote: > > > Hi, > > As the DNS is a global shared resource and its reliability is based on > **all** pieces of software adhering a common standard, I am inclined to > believe that new cryptographic algorithms introduced with anything less > restrictive than "IETF Review" - such as "Specification Required" and "RFC > Required" - does not sufficiently prevent altering the interoperability of > the DNS. > > > Why do you feel that DNSSEC has requirements stronger than other IETF > security prot0cols such as TLS, IPsec, S/MIME, and so on? > > > DNS is a fire-and-forget protocol, all the ones you mention include a > handshake that can be used to agree on algorithms. Such facility does not > exist in DNS. > > I oppose any relaxation of thresholds to add algorithms to DNSSEC, as > there is no need. > > Ólafur > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
