On Wed, Sep 09, 2015 at 09:44:23PM -0400, Paul Wouters wrote:
> >>Once the CFRG algorithms are done, I would also publish an updated
> >>list of MTI algorithms for DNSSEC that would consist of:
> >>
> >>8, 12 and both of the CFRG algorithms.
>
> You listed 12 as both deprecate and MTI ?
Sorr
mailto:ondrej.s...@nic.czhttps://nic.cz/
- Original Message -
> From: "Viktor Dukhovni"
> To: dnsop@ietf.org
> Sent: Wednesday, September 9, 2015 9:29:46 PM
> Subject: Re: [DNSOP] Fwd: New Version Notification fo
On Wed, 9 Sep 2015, Viktor Dukhovni wrote:
I'd like to propose that with the introduction of the CFRG algorithms,
we should deprecate:
3DSA/SHA1 DSAYY RFC3755
6DSA-NSEC3-SHA1DSA-NSEC3-SHA1 YY RFC5155
12 GOST R 34.10-2001
It isn't the count of algorithms, it's the size of the algorithm
field that is the issue (8 bits) though we could hack in a extension.
We can invent lots of algorithms but we really need to have a good
justifation to add it to the table. Why is this algorithm
*significantly* better than all of th
On Wed, Sep 09, 2015 at 08:12:41PM +0200, Ondřej Surý wrote:
> Yes, we are waiting exactly for the cfrg to finish the signature schemas.
> But the rest can get a review early. f.e. it's evident now, we have to
> add more material about motivation to add new curves into the draft(s).
Great. My o
t; To: dnsop@ietf.org
> Sent: Wednesday, September 9, 2015 6:55:15 PM
> Subject: Re: [DNSOP] Fwd: New Version Notification for
> draft-sury-dnskey-ed25519-03.txt
> On Tue, Sep 08, 2015 at 11:19:13AM +0200, Ondřej Surý wrote:
>
>> Dear DNS colleagues,
>>
>>
On Tue, Sep 08, 2015 at 11:19:13AM +0200, Ondřej Surý wrote:
> Dear DNS colleagues,
>
> this might be of some interest to you.
>
Thanks. Shouldn't this wait for the CFRG to finalize the new EC
signature schemes? We already have too many DNSSEC algorithm ids,
and are likely to add very similar
