On Tue, Jan 14, 2025 at 3:28 AM, Loganaden Velvindron <logana...@gmail.com> wrote:
> On Tue, 7 Jan 2025 at 17:39, Peter Thomassen > <peter=40desec...@dmarc.ietf.org> wrote: > > Hi, > > I support draft-ietf-dnsop-rfc8624-bis and draft-ietf-dnsop-must-not-sha1 > moving forward. > > I also support > > I don't know enough about GOST to have an opinion on > draft-ietf-dnsop-must-not-ecc-gost. > > How widely deployed is GOST ? do we have data ? > Basically not at all — this document is only talking about the (old, deprecated) ECC-GOST , not the replacement/new ECC-GOST12. Unfortunately the terminology here confusing (to me at least!). There are multiple versions of GOST. GOST R 34.10-2001 and GOST R 34.11-94 were deprecated by the Orders of the Federal Agency for Technical Regulation and Metrology of Russia (Rosstandart) in August 2012, and were superseded by GOST 34.10-2012 and GOST 34.11-2012 respectively. This document is just deprecating the old (-2001 and -94) GOSTs from DNSSEC, and doesn't touch the new (-2012) ones — from the document: "Note that this document does not change or discuss the use of GOST 34.10-2012 and GOST 34.11-2012." The old GOST algorithm has the mnemonic "ECC-GOST" in the registry and the new one is "ECC-GOST12". This makes talking about things like "How widely deployed is GOST?" tricky — the "ECC-GOST" algorithms were deprecated a long time ago, and so don't seem to be in use. The document tries to be clear about the whole naming situation: "The use of the GOST R 34.10-2001 and GOST R 34.11-94 algorithms with the DNS Security Extensions (DNSSEC) [RFC9364] was documented in [RFC5933]. These two algorithms were deprecated by the Orders of the Federal Agency for Technical Regulation and Metrology of Russia (Rosstandart) in August 2012, and were superseded by GOST 34.10-2012 and GOST 34.11-2012 respectively. The use of GOST 34.10-2012 and GOST 34.11-2012 in DNSSEC is documented in [RFC9558], and so [RFC5933] has been made Historic. Thus, the use of GOST R 34.10-2001 (mnemonic GOST-ECC) and and GOST R 34.11-94 is no longer recommended for use in DNSSEC [RFC9364]. Note that this document does not change or discuss the use of GOST 34.10-2012 and GOST 34.11-2012. " Thanks, W > Best, > Peter > > On 1/7/25 03:02, Tim Wicinski wrote: > > All > > Welcome back from holidays, those who have returned. Discussions with the > working group and authors and we feel these documents are ready to move > forward. The two deprecation documents are short. The focus of 8624-bis is > to move the canonical list of DNSSEC algorithms to an IANA registry. > > This starts a Working Group Last Call for these three documents: > > "DNSSEC Cryptographic Algorithm Recommendation Update Process" > "Remove SHA-1 from active use within DNSSEC" > "Remove deprecated GOST algorithms from active use within DNSSEC" > > Current versions of the draft is available here: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-ecc-gost/ < > https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-ecc-gost/> > https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/ <https:// > datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/> https:// > datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8624-bis/ <https:// > datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8624-bis/> > > The Current Intended Status of this document are: > > draft-ietf-dnsop-rfc8624-bis - Informational > draft-ietf-dnsop-must-not-sha1 - Proposed Standard > draft-ietf-dnsop-must-not-ecc-gost - Proposed Standard > > Please review the drafts and offer relevant comments. > > For WGLC, we need positive support and constructive comments; lack of > objection is not enough. So if you think any of these drafts should be > published as an RFC, please say so. > > If you feel *any* of these documents are *not* ready for publication, > please speak out with your reasons. You are welcome to support or reject > any or all of these documents > > This starts a two week Working Group Last Call process, and ends on: > > thanks > > tim > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org > > -- > https://desec.io/ > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org > > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
