DNS Extensions (dnsext)

headers Francis Dupont | 4 May 2009 16:16

 In your previous mail you wrote:

   >Abstract

=> changed goal into purpose and added something about MD5 and TKEY.

   >1.  Introduction
   "lower than expected" -> "weaker than expected"?
   (RFC 4635 uses "stronger")

   >    1.  Mark HMAC-MD5.SIG-ALG.REG.INT as optional in the TSIG algorithm
   >        name registry managed by the IANA under the IETF Review Policy
   >        [RFC5226]

   Can we mark it "historic" instead of "optional?"  Or even "deprecated?"

=> about this (and similar other comments): this point was proposed but
was rejected by rough consensus. The two problems are:
 - there is no deprecated or historic requirement keywords
 - there is no crypto reason to ban HMAC-MD5

   >5.  Availability Considerations

   And SHA1 "is [eventually?} likely to suffer" - any time soon?  This 
   doc title is about HMAC-MD5, not SHA1.

=> SHA1 end of life is planned in 2010 (cf NIST, BTW 2010 is next year)
so even there is nothing against HMAC-SHA1 the same availability problem
could occur so between the two remaining "mandatory to support" algos
HMAC-SHA256 is the best candidate.

Mon	Tue	Wed	Thu	Fri	Sat	Sun

				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

55	May 2013
197	April 2013
42	March 2013
29	February 2013
10	January 2013
46	December 2012
9	November 2012
90	October 2012
31	September 2012
30	August 2012
65	July 2012
62	June 2012
22	May 2012
65	April 2012
137	March 2012
97	February 2012
120	January 2012
69	December 2011
41	November 2011
192	October 2011
72	September 2011
131	August 2011
51	July 2011
122	June 2011
85	May 2011
58	April 2011
331	March 2011
324	February 2011
210	January 2011
167	December 2010
74	November 2010
138	October 2010
206	September 2010
417	August 2010
171	July 2010
297	June 2010
275	May 2010
420	April 2010
288	March 2010
341	February 2010
199	January 2010
231	December 2009
116	November 2009
177	October 2009
277	September 2009
528	August 2009
343	July 2009
518	June 2009
344	May 2009
246	April 2009
143	March 2009
139	February 2009
135	January 2009
120	December 2008
158	November 2008
239	October 2008
272	September 2008
441	August 2008
297	July 2008
189	June 2008
32	May 2008
45	April 2008
203	March 2008
224	February 2008
208	January 2008
49	December 2007
119	November 2007
77	October 2007
44	September 2007
64	August 2007
49	July 2007
66	June 2007
33	May 2007
28	April 2007
111	March 2007
49	February 2007
96	January 2007
133	December 2006
86	November 2006
139	October 2006
54	September 2006
196	August 2006
144	July 2006
179	June 2006
99	May 2006
126	April 2006
254	March 2006
161	February 2006
76	January 2006
134	December 2005
268	November 2005
207	October 2005
135	September 2005
87	August 2005
71	July 2005
189	June 2005
67	May 2005
92	April 2005
271	March 2005
134	February 2005
281	January 2005
74	December 2004
134	November 2004
164	October 2004
239	September 2004
225	August 2004
142	July 2004
460	June 2004
391	May 2004
16	April 2004
107	March 2004
129	February 2004
121	January 2004
142	December 2003
145	November 2003
199	October 2003
209	September 2003
141	August 2003
109	July 2003
231	June 2003
195	May 2003
205	April 2003
255	March 2003
426	February 2003
70	January 2003
189	December 2002
267	November 2002
91	October 2002
211	September 2002
254	August 2002
308	July 2002
254	June 2002
41	May 2002
181	April 2002

Re: [dnsext] I-D Action:draft-ietf-dnsext-tsig-md5-deprecated-02.txt

Last Call: draft-ietf-dnsext-dnsproxy (DNS Proxy Implementation Guidelines) to BCP

[dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] Domain "Flag" to indicate (non-)availability of automatic DNS updates for reverse DNS

Re: [dnsext] I-D Action:draft-ietf-dnsext-tsig-md5-deprecated-02.txt

Re: [dnsext] I-D Action:draft-ietf-dnsext-tsig-md5-deprecated-02.txt