Technical Summary
This document (which updates RFC 8624 and obsoletes RFC 5933)
describes how to produce digital signatures and hash
functions using the GOST R 34.10-2012 and GOST R 34.11-2012
algorithms for DNSKEY, RRSIG, and DS resource records, for use in the
Domain Name System Security Extensions (DNSSEC).
Working Group Summary
There was significant discussion in the WG around the publication of this document.
The document adds GOST R 34.10-2012 to "DNS Security Algorithm Numbers" and
"Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" IANA registries.
RFC6014 had updated the registry policy for many of the DNSSEC registries from
"Standards Action" to "RFC Required" -- but it hadn't included the "DNSSEC Delegation
Signer (DS) Resource Record (RR) Type Digest Algorithms" registry in this change (leaving
it as "Standards Action").
This meant that, to make an assignment, this document would have to be on the Standards
Track. A number of participants (including some DNS software implementers) expressed concerns that
this might be used to "force" implementations to support the GOST-2012 algorithm (some RFPs
request that implementations support "All applicable standards" or similar).
This issue was addressed through the publication of [RFC9157 - "Revised IANA Considerations
for DNSSEC"](https://datatracker.ietf.org/doc/RFC9157/), which changed the registration policy for
the DS registry to be "RFC Required", thereby aligning it with the other DNSSEC registries (and
probably something that RFC6014 intended to include anyway).
This allowed draft-ietf-dnsop-rfc5933-bis to become Informational and so proceed.
Document Quality
The document is well written and understandable.
Personnel
Tim Wicinski is the DS
Warren Kumari is RAD!!!!!