[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94

To: Ólafur Guðmundsson /DNSEXT chair <ogud at ogud.com>
Subject: Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
From: David McGrew <mcgrew at cisco.com>
Date: Mon, 27 Apr 2009 06:00:58 -0700
Authentication-results: sj-dkim-2; header.From=mcgrew at cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: cfrg at irtf.org
Delivered-to: cfrg at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1793; t=1240837260; x=1241701260; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew at cisco.com; z=From:=20David=20McGrew=20<mcgrew at cisco.com> |Subject:=20Re=3A=20[Cfrg]=20DNSSEC=20considering=20adoptin g=20GOST=20R=2034.10-2001=20and=20GOST=20R=2034.11-94 |Sender:=20; bh=ToO9HiiCZrTAbI0JkJHQelxEK9zFDBcnQiU0fGAIrew=; b=HT4rONr6/b+unxqCMYFAti6db/FEstLAqzRcQHgi0Se33E8ZmFZdCuRfeZ J4QiPfGDHgtSuxuYqpAZu9EPef9jN60uC2Tup1RKu8EvtRoHS9LxnApjTuXs 6UiqGpcP9r;
In-reply-to: <200904221514.n3MFE413047502 at stora.ogud.com>
List-archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-help: <mailto:cfrg-request@irtf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.irtf.org>
List-post: <mailto:cfrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
References: <200904221514.n3MFE413047502 at stora.ogud.com>

Hi Olafur,

some other important questions: how widely reviewed is thatalgorithm? What are the claimed security levels? Where is guidanceon how to use the algorithm?

I cannot find any references to it in the peer-reviewed literature.Perhaps I am not using the right keyword or something.

If anyone on the CFRG list has reviewed the algorithm, it would begreat if we could hear from them.


best,

David


On Apr 22, 2009, at 8:13 AM, Ólafur Guðmundsson /DNSEXT chair wrote:


This message is a request for information.
In an old CFRG thread
http://www.ietf.org/mail-archive/web/cfrg/current/msg01170.html
I asked for some guidance on defining ECC algorithms for DNSSEC.

We now have the first concrete proposal for an ECC algorithm,
       GOST R 34.10-2001 a ECC public key algorithm
       GOST R 34.11-94  a hash algorithm
preliminary ID: (more politics than technical)
http://www.ietf.org/internet-drafts/draft-dolmatov-dnsext-dnssec-gost-00.txt

Both algorithms have been added to at least one IETF protocol(RFC4490).The DNS community is inclined to seriously consider the adoption ofthese

algorithms, but we are not crypto experts.

Question #1: Is there a cryptographic reason why GOST R 34.10-2001
should NOT be considered for adoption by DNS?


Previously I have received suggestions for following ECC curves:
       P-256, P-384 and Curve25519.

Question #2: Is there a cryptographic reason why GOST R 34.11-94
should NOT be considered for adoption by DNS?

       thanks
       Olafur

_______________________________________________
Cfrg mailing list
Cfrg at irtf.org
http://www.irtf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
  - From: Paul Hoffman

References:
- [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
  - From: Ólafur Guðmundsson /DNSEXT chair

Prev by Date: Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
Next by Date: Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
Previous by thread: Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
Next by thread: Re: [Cfrg] DNSSEC considering adopting GOST R 34.10-2001 and GOST R 34.11-94
Index(es):
- Date
- Thread