I recommend that the document not be approved by the IESG in its
current form. Section 6.1 states:
6.1. Support for GOST signatures
DNSSEC aware implementations SHOULD be able to support RRSIG and
DNSKEY resource records created with the GOST algorithms as
defined in this document.
There has been considerable discussion on the security area
directorate list about this aspect of the document. All of the SECDIR
members who participated in the discussion argued that the text in
6.1 needs to be changed to MAY from SHOULD. The general principle
cited in the discussion has been that "national" crypto algorithms
like GOST ought not be cited as MUST or SHOULD in standards like
DNESEC. I refer interested individuals to the SECDIR archive for
details of the discussion.
(http://www.ietf.org/mail-archive/web/secdir/current/maillist.html)
Steve
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf