Strength - equivalent to ECDSA p256, assuming no fundamental weakness in
the curve parameters.
The Net::DNS::SEC implementation of algorithm 12 verification involves an
algebraic transformation of ECC-GOST into a mathematically equivalent ECDSA
verification. Unless I am missing something, the same
On 6/16/20 11:05 PM, Brian Dickson wrote:
> Nit: I think this should be "code points" (plural), one for HTTPS and
> one for SVCB, right?
There's even a new registry to be added. Whole IANA section should get
"executed", I expect.
--Vladimir
___
DNSOP
On 6/17/20 8:30 AM, Mats Dufberg wrote:
>> I wonder if there is a way to extend
>> https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
>>
>> to add signing/validation recommendations. This seems "hard" from
>> the world of IANA, but I'm not an expert.
>
> What strikes m
Hi all,
i'm a developer of Knot DNS authoritative server. I have some comments
on the SVCB draft and some suggestions for improvements. Just consider
my thoughts and then do whatever is best.
(1) The format of SVCB (and HTTPS) RR is too complicated, especially for
parsing presentation format
> On Jun 17, 2020, at 5:10 AM, libor.peltan wrote:
>
> Hi all,
>
> i'm a developer of Knot DNS authoritative server. I have some comments on the
> SVCB draft and some suggestions for improvements. Just consider my thoughts
> and then do whatever is best.
>
> (1) The format of SVCB (and HTTP
Well 2 is a DNS requirement from the word dot. I’m surprised any DNS developer
would not know that. It allows records to pass through servers that don’t know
the rdata fields structure.
--
Mark Andrews
> On 17 Jun 2020, at 22:57, libor.peltan wrote:
>
> Hi all,
>
> i'm a developer of Kno
On Wed, 17 Jun 2020, Vladimír Čunát wrote:
On 6/17/20 8:30 AM, Mats Dufberg wrote:
I wonder if there is a way to extend
https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
to add signing/validation recommendations. This seems "hard" from the world of
IA
On Wed, Jun 17, 2020, at 04:49, Dmitry Belyavsky wrote:
> I don't think there are good or bad time periods to adopt nation-wide
> crypto profiles. For me, the difference between the GOST profile and
> hypothetical Korean or German profile is close to zero, and if anybody
> brings such a profile
ships are passing in the night on this topic. GOST is what the russian
government has to use for its crypto. if GOST is not a standard, then the
russian federation's government won't be using DNSSEC, or they'll do it with a
pirated code point. neither of those is desirable and there's no third w
