On Mon, 11 Apr 2022, zhangcuiling wrote:
And the main purpose is to improve the diversity of DNSSEC algorithms, and to
make it convenient for people who want to use SM2
digital signature algorithm as an alternative for DNSSEC.
We actually want to prevent as much diversity as we can, to avoid
creating more new long tails of deployment of algorithms. So a new
algorithm should really offer something the others do not. Also having
a number of ECC based algorithms would likely mean if one ends up
broken, all of them end up broken.
So based on:
Due to the similarity between SM2 and ECDSA with curve P-256, some
of the material in this document is copied liberally from RFC 6605
[RFC6605].
I don't see a strong reason to adopt another ECC type of algorithm.
Additionally, in this case SM2/SM3 seems to be ISO standards that are
not freely available, so these are additionally problematic.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
