Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

DKIM Crypto Update
charter-ietf-dcrup-02

Yes

Warren Kumari

(Alexey Melnikov)

(Alissa Cooper)

(Ben Campbell)

(Eric Rescorla)

(Kathleen Moriarty)

(Spencer Dawkins)

No Objection

(Alia Atlas)

(Alvaro Retana)

(Benoît Claise)

(Deborah Brungard)

(Mirja Kühlewind)

(Suresh Krishnan)

Ballots:

Note: This ballot was opened for revision 00-00 and is now closed.

Ballot question: "Is this charter ready for external review?"

Warren Kumari

Yes

Alexey Melnikov Former IESG member

Yes

Yes (for -00-00) Unknown

Alissa Cooper Former IESG member

Yes

Yes (for -00-00) Unknown

Ben Campbell Former IESG member

Yes

Yes (2017-04-12 for -00-00) Unknown

I aggree with Spencer's comments

Eric Rescorla Former IESG member

Yes

Yes (for -00-00) Unknown

Kathleen Moriarty Former IESG member

Yes

Yes (for -00-00) Unknown

Spencer Dawkins Former IESG member

Yes

Yes (2017-04-07 for -00-00) Unknown

I'm a Yes, although I'm not the responsible AD, because this is the right thing to do.

I wonder if you need to include this in the text:

"The only current algorithm is RSA,
with advice that signing keys should be between 1024 and 2048 bits. While
1024 bit signatures are common, longer signatures are not because bugs in
DNS provisioning software prevent publishing longer keys as DNS TXT records."

With a few re-reads, I can connect the dots between 

RSA -> more algorithms
1024-2048 -> I'm guessing guidance for longer signing keys?
signature doesn't fit in a TXT record -> put it somewhere else

that matches the three work areas in the updated charter, but that took a few re-reads, and the updated charter is at least as clear to me without those two sentences :-)

At most, perhaps 

OLD

"putting the public key in the signature and a hash of the key in the DNS"

NEW

"putting the public key in the signature and a hash of the key in the DNS to bypass bugs in DNS provisioning software that prevent publishing longer keys as DNS TXT records"

to explain why the charter includes this part (adding algorithms and updating guidance on key lengths doesn't require explanation).

But do the right thing, of course (and I am balloting YES even if you don't change anything).

Alia Atlas Former IESG member

No Objection

No Objection (for -00-00) Unknown

Alvaro Retana Former IESG member

No Objection

No Objection (for -00-00) Unknown

Benoît Claise Former IESG member

No Objection

No Objection (2017-04-12 for -00-00) Unknown

Agreed with Spencer. I had to read this sentence multiple times.
"The only current algorithm is RSA,
with advice that signing keys should be between 1024 and 2048 bits. While
1024 bit signatures are common, longer signatures are not because bugs in
DNS provisioning software prevent publishing longer keys as DNS TXT records."

Please detail the milestones.

Deborah Brungard Former IESG member

No Objection

No Objection (for -00-00) Unknown

Mirja Kühlewind Former IESG member

No Objection

No Objection (for -00-00) Unknown

Suresh Krishnan Former IESG member

No Objection

No Objection (for -00-00) Unknown

DKIM Crypto Update charter-ietf-dcrup-02

DKIM Crypto Update
charter-ietf-dcrup-02