On Dec 5, 2015, at 12:29 AM, Sandra Murphy <sa...@tislabs.com> wrote:
> The AD, the chairs and the authors have discussed the draft change suggested > below. > > To summarize: The language Terry’s DISCUSS objects to is SHOULD > recommendations of how to handle algorithm transitions, and being SHOULD > only, leads to potential differences in implementation and operation choice. > RFC6916 made much more stringent descriptions of algorithm transition and > mandates certain actions. RFC6916 was published a year after RFC6485 and > rfc6485bis attempts to meld the two by pointing to it, but leaves the SHOULD > language in place. > > The decision of AD, chairs and authors is that the wg consensus for > rfc6485bis was focussed on the OID problem, so it could not be said that this > section was carefully considered by the wg. > > So the draft draft-ietf-sidr-rfc6485bis-04 is being returned to the wg to > address this problem and then to do a wglc (and IETF Last Call) before it is > returned to the IESG. > > > —Sandy, speaking as one of the co-chairs speaking as document shepherd. This message is intended to spark discussion. Terry agreed that his preference is to remove the SHOULD language. He did not insist that this was the only way to go. >>> >>> >>> >>> Would you prefer that RFC6485bis remove the inherited ³SHOULD² language >>> and point only to RFC6916? >> >> Yes, That is certainly one way to address this. And I would be OK with >> that. >> > If we did do that, it could look like: OLD It is anticipated that the RPKI will require the adoption of updated key sizes and a different set of signature and hash algorithms over time, in order to maintain an acceptable level of cryptographic security to protect the integrity of signed products in the RPKI. This profile should be replaced to specify such future requirements, as and when appropriate. Certification Authorities (CAs) and RPs SHOULD be capable of supporting a transition to allow for the phased introduction of additional encryption algorithms and key specifications, and also accommodate the orderly deprecation of previously specified algorithms and keys. Accordingly, CAs and RPs SHOULD be capable of supporting multiple RPKI algorithm and key profiles simultaneously within the scope of such anticipated transitions. The recommended procedures to implement such a transition of key sizes and algorithms is specified in [RFC6916] NEW It is anticipated that the RPKI will require the adoption of updated key sizes and a different set of signature and hash algorithms over time, in order to maintain an acceptable level of cryptographic security to protect the integrity of signed products in the RPKI. This profile should be replaced to specify such future requirements, as and when appropriate. The mandated procedures to implement a transition of key sizes and algorithms are specified in [RFC6916]. Comments? —Sandy, speaking as document shepherd and regular ol’ member
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
