On Mar 21, 2025, at 15:40, Paul Wouters <p...@nohats.ca> wrote: > This is a one octet registry. This specific registry was mentioned by me a > few times as one of the problem ones where a very lose registration policy > mifgt not well suited for allocation for early drafts or code points. > > DNS itself also has a very long tail (decade) so in the past, algorithms have > been controlled fairly strictly to avoid large amounts of mostly dead code. > > It might make sense to instead update the registry to allocate 5 private use > code points and use those for the various experiments.
The registry has over 200 unused code points. Even if we assume that a massive signature comparison effort happens every 20 years, we can easily afford to burn 20 per effort. RFC 6014 hinted at this. Please remember that, if we get anywhere close to running out of code points in this registry, it is trivial to extend the registry. 100 years from now, when we are all dead, someone can define a new signature algorithm whose first two bytes of the digest are codepoints in another registry that has a more sensible length than what we gave to this one. I propose that someone who is already working on testing many algorithms (such as Ondřej) create a short Internet Draft that is little more than a table whose columns are: - algorithm name - a number starting at 50 - stable reference to the algorithm Those interested in PQC algorithms bounce that draft around on the pq-dns...@ietf.org mailing list (not here on DNSOP) for a few months, then ask the ISE to publish it. Any algorithm that did not make the list in the draft can write its own draft for later RFC publication. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
