On Mon, 4 Jan 2021, Stephen Farrell wrote:
WRT GOST, we're not really talking about an algorithm but rather a national crypto standards scheme that selects sets of algorithms. For such things, whether from Russia or the US or anywhere, I think it's quite fair to ask "how has version N deployment gone?"
Why is that fair? I'd say the community was quite busy and possibly made some mistakes in the past. I don't think that is a valid barrier for the future. For example, would we bar NIST or the US from ever standarizing a new RNG? :P
And "how to handle" isn't always "adoption" but could as I said result in deprecating version N if nobody really cares about it - in such a case that'd help implementers and better reflect reality.
If a national government wants something, we could ask for at least one implementation to be planned. But using this meassure as a way to stop these seems wrong. It would move the possible standarization from IETF to say openssl or bind. I do think one issue is how often GOST (or FIPS) updates their algorithms and obsoletes older ones. That might cause a faster depletion of the registry then we'd like. But on the other side, if would be nice if we could become faster with obsoleting algorithms too. Why is there still RSASHA1 deployed.... Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
