Hi Tim, Just to answer the question and maybe clarify my opinion. I also considered that we might need some experimental RFCs, but came to the conclusion that it was not necessary. The experimentation seems quite straight forward. On the other hand, I see two issues with allocating code points with non Standard Actions. Firstly, it will make hard to prevent any code point to be assigned, so management of the registry might become harder. Then, I do believe it will be hard to not implement any code point being used. As a I believe the registry should be the gatekeeper as opposed to developers. For that reason I still believe that sticking to Standard Action is the preferred way to do.
Note it is not uncommon that for some people every code points in the registry should be supported, so requiring Standard Action only also avoids many confusions. Yours, Daniel On Sun, Dec 27, 2020 at 1:40 PM Tim Wicinski <tjw.i...@gmail.com> wrote: > (Speaking without my chairs hat here) > > How about instead of loosening the requirement, we take the top 64 values, > allocate them as either Experimental or FCFS, and it is explicitly noted > NOT REQUIRED (or NO ONE WILL IMPLEMENT THESE FOR YOU). > > That would leave the registry with the strict requirements and allow items > to get code points. > > Too simple an answer? > > tim > > > On Fri, Dec 25, 2020 at 10:53 PM Olafur Gudmundsson <o...@ogud.com> wrote: > >> >> >> On Dec 25, 2020, at 3:27 PM, Paul Hoffman <paul.hoff...@icann.org> wrote: >> >> On Dec 24, 2020, at 10:28 AM, Daniel Migault <mglt.i...@gmail.com> wrote: >> >> >> Hi, >> >> As the DNS is a global shared resource and its reliability is based on >> **all** pieces of software adhering a common standard, I am inclined to >> believe that new cryptographic algorithms introduced with anything less >> restrictive than "IETF Review" - such as "Specification Required" and "RFC >> Required" - does not sufficiently prevent altering the interoperability of >> the DNS. >> >> >> Why do you feel that DNSSEC has requirements stronger than other IETF >> security prot0cols such as TLS, IPsec, S/MIME, and so on? >> >> >> DNS is a fire-and-forget protocol, all the ones you mention include a >> handshake that can be used to agree on algorithms. Such facility does not >> exist in DNS. >> >> I oppose any relaxation of thresholds to add algorithms to DNSSEC, as >> there is no need. >> >> Ólafur >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
