On Nov 17, 2022, at 3:02 PM, Roman Danyliw via Datatracker <nore...@ietf.org> wrote: > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The IETF has steered away from publishing protocol mechanisms with > dependencies > on national cryptography as we do not have the ability to validate their > security properties ourselves. IETF stream documents typically rely on > documents published in the Crypto Forum Research Group (CFRG) [1]; an open and > peer-reviewed vetting process; or a review by the IRTF Crypto Panel [2] to > give > us confidence in cryptographic algorithm choices. Since the described GOST > mechanism doesn’t fit into these vetting criteria and the WG (based on the > shepherd’s report) has not provided alternative analysis, it is not > appropriate > to publish this document in the IETF stream. >
This is a note about precedent. draft-ietf-dnsop-rfc5933-bis explicitly states that it obsoletes RFC 5933 (heck, that's even in the filename!). The Datatracker information for RFC 5933 shows that it was in the IETF stream, and it came from the (now-concluded) DNSEXT WG of the IETF. So, even if the "IETF has steered away from publishing...", it has not always been successful in that steering. In fact, other RFCs defining GOST algorithm use also are in the IETF stream. It feels like this DISCUSS ballot is asking for a non-IETF-stream RFC to obsolete an IETF-stream RFC. Yuck. Instead, it might be better to publish this in the IETF stream; separately, the IESG could then publish a statement that future national algorithm documents should not come through the IETF stream. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
