Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

<dnsop@ietf.org> > > Sent: Monday, 31 October, 2016 05:22:43 > > Subject: Re: [DNSOP] FYI - Added note about ECDSA resolver issue in > Sweden - Fwd: New Version Notification for > > draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt > > > It is only my p

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

rk" <y...@isoc.org> > Cc: "dnsop" <dnsop@ietf.org> > Sent: Monday, 31 October, 2016 05:22:43 > Subject: Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - > Fwd: New Version Notification for > draft-york-dnsop-deploying-dnssec-crypto-algs-02.t

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

> On 1 Nov. 2016, at 11:22 am, George Michaelson wrote: > > The net effect is the same in respect of new algorithms. I'm fine with > checking conformance if the algorithm is known, it feels like a low > bar. > > Rejecting sigs because you don't know how to check feels like a

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

The net effect is the same in respect of new algorithms. I'm fine with checking conformance if the algorithm is known, it feels like a low bar. Rejecting sigs because you don't know how to check feels like a huge impediment to technology: The use of the new algorithm is now gated by the ability

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

> On 1 Nov. 2016, at 3:37 am, Matthew Pounsett wrote: > > > > On 31 October 2016 at 00:22, George Michaelson wrote: > It is only my personal opinion, but I believe registrars are incorrect > in performing crypto alg checks on proffered DS, and this is

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

On 31 October 2016 at 00:22, George Michaelson wrote: > It is only my personal opinion, but I believe registrars are incorrect > in performing crypto alg checks on proffered DS, and this is an > entirely unwarranted, and incorrect understanding of their role. It > conflates

Re: [DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

It is only my personal opinion, but I believe registrars are incorrect in performing crypto alg checks on proffered DS, and this is an entirely unwarranted, and incorrect understanding of their role. It conflates one public good (checking) with another public good (registry of data into the DNS)

[DNSOP] FYI - Added note about ECDSA resolver issue in Sweden - Fwd: New Version Notification for draft-york-dnsop-deploying-dnssec-crypto-algs-02.txt

FYI, I submitted a new version of this draft that added some text in the section about "Resolvers" that mentions the case Mikael Abrahamsson brought to us about how they had to disable DNSSEC validation in the CPE they deployed to their customers because the resolver software was not following