Roman Danyliw has entered the following ballot position for draft-ietf-dnsop-must-not-ecc-gost-04: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-must-not-ecc-gost/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I agree with the intuition of the authors expressed in the abstract. Formally updating a document (RFC5922) marked as “historic” doesn’t make sense. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Abstract This document retires the use of ECC-GOST within DNSSEC. I acknowledge that neither “retired” or “historic” are well defined. In my view, "ECC-GOST" is already "retired". RFC5933 has historic status. Additionally, even without this document making registry updates: -- https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml already records this code point as deprecated, “GOST R 34.10-2001 (DEPRECATED)”. -- https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml does the same with “GOST R 34.11-94” by noting a status of “DEPRECATED”. Practically, I don’t understand the rationale for a separate document to explicitly map “DEPRECATED” to “MUST NOT” and why this couldn’t have just been done with draft-ietf-dnsop-rfc8624-bis-09. In his ballot on draft-ietf-dnsop-rfc8624-bis, Med points out that RSAMD5, also marked as DEPRECATED, was updated in the registry without a separate document. ** Section 1. Thus, the use of GOST R 34.10-2001 (mnemonic GOST-ECC) and and GOST R 34.11-94 is no longer recommended for use in DNSSEC [RFC9364]. -- Editorial. s/and and/ -- The text here says, “no longer recommended”, but in Section 2 a much strong statement of “MUST NOT” is use. Those don’t seem congruent. ** Section 1. The second sentence conflicts with the text in the first. -- “The use of GOST 34.10-2012 and GOST 34.11-2012 in DNSSEC is documented in [RFC9558], …” -- “Note that this document does not change or discuss the use of GOST 34.10-2012 and GOST 34.11-2012.” Recommend removing the reference to RFC9558. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
