On Wed, 15 Jan 2025 at 03:20, Warren Kumari <war...@kumari.net> wrote: > > > > > > On Tue, Jan 14, 2025 at 3:28 AM, Loganaden Velvindron <logana...@gmail.com> > wrote: >> >> On Tue, 7 Jan 2025 at 17:39, Peter Thomassen >> <peter=40desec...@dmarc.ietf.org> wrote: >> >> Hi, >> >> I support draft-ietf-dnsop-rfc8624-bis and draft-ietf-dnsop-must-not-sha1 >> moving forward. >> >> I also support >> >> I don't know enough about GOST to have an opinion on >> draft-ietf-dnsop-must-not-ecc-gost. >> >> How widely deployed is GOST ? do we have data ? > > > Basically not at all — this document is only talking about the (old, > deprecated) ECC-GOST , not the replacement/new ECC-GOST12. > > Unfortunately the terminology here confusing (to me at least!). There are > multiple versions of GOST. GOST R 34.10-2001 and GOST R 34.11-94 were > deprecated by the Orders of the Federal Agency for Technical Regulation and > Metrology of Russia (Rosstandart) in August 2012, and were superseded by GOST > 34.10-2012 and GOST 34.11-2012 respectively. > > This document is just deprecating the old (-2001 and -94) GOSTs from DNSSEC, > and doesn't touch the new (-2012) ones — from the document: "Note that this > document does not change or discuss the use of GOST 34.10-2012 and GOST > 34.11-2012." > Let's go ahead :-)
> The old GOST algorithm has the mnemonic "ECC-GOST" in the registry and the > new one is "ECC-GOST12". This makes talking about things like "How widely > deployed is GOST?" tricky — the "ECC-GOST" algorithms were deprecated a long > time ago, and so don't seem to be in use. > > The document tries to be clear about the whole naming situation: > "The use of the GOST R 34.10-2001 and GOST R 34.11-94 algorithms with > the DNS Security Extensions (DNSSEC) [RFC9364] was documented in > [RFC5933]. These two algorithms were deprecated by the Orders of the > Federal Agency for Technical Regulation and Metrology of Russia > (Rosstandart) in August 2012, and were superseded by GOST 34.10-2012 > and GOST 34.11-2012 respectively. The use of GOST 34.10-2012 and > GOST 34.11-2012 in DNSSEC is documented in [RFC9558], and so > [RFC5933] has been made Historic. > > Thus, the use of GOST R 34.10-2001 (mnemonic GOST-ECC) and and GOST R > 34.11-94 is no longer recommended for use in DNSSEC [RFC9364]. > > Note that this document does not change or discuss the use of GOST > 34.10-2012 and GOST 34.11-2012. > " > > Thanks, > W > > > >> >> Best, >> Peter >> >> On 1/7/25 03:02, Tim Wicinski wrote: >> >> All >> >> Welcome back from holidays, those who have returned. Discussions with the >> working group and authors and we feel these documents are ready to move >> forward. The two deprecation documents are short. The focus of 8624-bis is >> to move the canonical list of DNSSEC algorithms to an IANA registry. >> >> This starts a Working Group Last Call for these three documents: >> >> "DNSSEC Cryptographic Algorithm Recommendation Update Process" >> "Remove SHA-1 from active use within DNSSEC" >> "Remove deprecated GOST algorithms from active use within DNSSEC" >> >> Current versions of the draft is available here: >> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-ecc-gost/ >> <https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-ecc-gost/> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/ >> <https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-sha1/> >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8624-bis/ >> <https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc8624-bis/> >> >> The Current Intended Status of this document are: >> >> draft-ietf-dnsop-rfc8624-bis - Informational >> draft-ietf-dnsop-must-not-sha1 - Proposed Standard >> draft-ietf-dnsop-must-not-ecc-gost - Proposed Standard >> >> Please review the drafts and offer relevant comments. >> >> For WGLC, we need positive support and constructive comments; lack of >> objection is not enough. So if you think any of these drafts should be >> published as an RFC, please say so. >> >> If you feel *any* of these documents are *not* ready for publication, please >> speak out with your reasons. You are welcome to support or reject any or all >> of these documents >> >> This starts a two week Working Group Last Call process, and ends on: >> >> thanks >> >> tim >> >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org >> To unsubscribe send an email to dnsop-le...@ietf.org >> >> -- >> https://desec.io/ >> >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org >> To unsubscribe send an email to dnsop-le...@ietf.org >> >> _______________________________________________ >> DNSOP mailing list -- dnsop@ietf.org >> To unsubscribe send an email to dnsop-le...@ietf.org > > _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
