Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29.

Published byScott Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29."— Presentation transcript:

1 DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29

2 Introduction DNSSEC has following registries where algorithms can be registered –DNSKEY/RRSIG/KEY algorithm 7 codes assigned out of 250 –DS digest algorithm 2 out of 254 –NSEC3 obfuscation function 1 out of 254 –TSIG hash function 8 names allocated Allocation for all these is currently “Standards action”

3 Issue: What is the appropriate action ? Standards action –WG and IESG must agree to the action. Experimental/Informational RFC –RFC published WG will loose veto power but might be able to influence outcome Expert Review –WG and IESG are out of the picture But WG and AD’s appoint the experts. Others: –FCFS not applicable –Close registry once we get unbreakable alg.

4 Required/Optional Currently most DNSKEY algorithms are “required” –The registry has a field saying if algorithm can sign a zone, RSA/MD5 and DH can not sign zones? http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml DS algorithms –Currently both required, envisioned required and retired –http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml NSEC3 new algorithms require protocol and implementation changes –Optional out of the question ? –http://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml TSIG –WG will be adding the concept of optional and “not-recommended” to the registry soon. –http://www.iana.org/assignments/tsig-algorithm-names

5 Possible Paths forward What is right in for one registry may not be the right action for a different one. Options: –Do nothing i.e. keep current state –Sponsor a document defining the new “actions” –Examine the issues and make a decision later

6 BUT: Following new algorithms have been proposed: –DNSKEY RSA/SHA256 –DNSKEY GOST R 34.10-2001 –DNSKEY ECDSAP224SHA256 –DNSKEY ECDSAP256SHA256 –DNSKEY ECDSAP384SHA384 –DNSKEY DSA2048SHA256 –DS SHA384 –DS GOST R 34.11-94 After the NIST SHA-3 competition concludes expect more proposals. Effort required to develop a new Public Key algorithm –1999: Quite difficult –2009: Easy ECC curve + digest function RSA + digest function DSA + digest function

7 Goal We need concrete and fair criteria in evaluating new submissions –How to pick among “equivalent” submissions. We need statement from WG/IAB on the “harm” of adding new algorithms: –None, some, serious, ….

8 Open mic

Download ppt "DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29."

Similar presentations

A Proposal to Improve IETF Productivity Geoff Huston Marshall Rose draft-huston-ietf-pact-00 October 2002.

A Proposal to Improve IETF Productivity Geoff Huston Marshall Rose draft-huston-ietf-pact-00 October 2002.
Olaf M. Kolkman. APNIC, 6 February 2014, Bangkok. DNSSEC and in-addr an update Olaf M. Kolkman

Olaf M. Kolkman. APNIC, 6 February 2014, Bangkok. DNSSEC and in-addr an update Olaf M. Kolkman
RRSIG:“I certify that this DNS record set is correct” Problem: how to certify a negative response, i.e. that a record doesn’t exist? NSEC:“I certify that.

RRSIG:“I certify that this DNS record set is correct” Problem: how to certify a negative response, i.e. that a record doesn’t exist? NSEC:“I certify that.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Russ Housley IETF Chair 23 July 2012 Introduction to the IETF Standards Process.

Russ Housley IETF Chair 23 July 2012 Introduction to the IETF Standards Process.
IETF-751 Olafur Gudmundsson Andrew Sullivan.

IETF-751 Olafur Gudmundsson Andrew Sullivan.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
What is a Working Group ID (and when to adopt one) Adrian Farrel Maastricht, July 2010.

What is a Working Group ID (and when to adopt one) Adrian Farrel Maastricht, July 2010.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.

L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.
SIP working group status Keith Drage, Dean Willis.

SIP working group status Keith Drage, Dean Willis.
DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson

DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson
Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.

Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.
1 IETF Status at IETF 76 Russ Housley, IETF Chair.

1 IETF Status at IETF 76 Russ Housley, IETF Chair.
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
MPTCP – MULTIPATH TCP Interim meeting #3 20 th October 2011 audio Yoshifumi Nishida Philip Eardley.

MPTCP – MULTIPATH TCP Interim meeting #3 20 th October 2011 audio Yoshifumi Nishida Philip Eardley.
LMAP WG IETF 89, London, UK Dan Romascanu Jason Weil.

LMAP WG IETF 89, London, UK Dan Romascanu Jason Weil.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SIRs, or AIRs, or something draft-carpenter-solution-sirs-01.txt Brian Carpenter without consulting my co-author Dave Crocker IETF 57, 07/03.

SIRs, or AIRs, or something draft-carpenter-solution-sirs-01.txt Brian Carpenter without consulting my co-author Dave Crocker IETF 57, 07/03.

Similar presentations

Ads by Google