What I want to say about draft-ietf-dnsop-algorithm-update-02 are below: 1. About chapter composition
If section 3.2 is "recommendations for operators", Section 3.1 and Section 3.3 are recommendations for software developpers and TLD/Root operators. # Sometimes TLD/Root do not accept newer algorithms and digests. 2. "recommendations for operators" section Section 3.2 lacks texts about RSASHA256 and other algorithms. Currently, both RSASHA256 and ECDSAP256SHA256 are first choices for operators. 3. texts about DS (and CDS) algorithms recommendation for operators needed In section 3.2 or 3.3, please add SHA-256 is necessary and enough DS algorithm for operators now. 4. In my opinion, Ed25519 is best algorithm some yars later. If the document describes both current RECOMMENDATIONS and RECOMMENDATIONS some years later, we can plan. Regards, -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> > From: fujiw...@jprs.co.jp > WGLC comment to draft-ietf-dnsop-algorithm-update-02 > > Section 3.2 is "recommendations for operators". > > There is texts that discuss ECDSAP256SHA256 only in section 3.2. > However, RSASHA256 is still usable. > Please add text about other algorithms. > if there is a table similar to section 3.1, it will help operators. > > For example, > choice of | choice of > sigining algorithm (now) | sigining algorithm (2 years Later) > ---------------------------------------------------------------------------- > RSASHA1* MUST NOT | MUST NOT > RSASHA256 usable | usable/consider change to EC*/Ed* > ECDSAP256* usable | usable > Ed25519 MAY | usable > > > Regards, > > -- > Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
