Mastodawn

DELEG working group (changing completely the #DNS delegation). Last big issue: how should a new server reply to an old client, when the server has only DELEG records and no NS records?

Doing some painting at #IETF125

So, when an old resolver (not knowing DELEG) queries a new server for a domain which has only DELEG (and no NS records), what the answer should be? NXDOMAIN? SERVFAIL? Synthesis of some NS?

#DNS #IETF125

Now, SAAG meeting (Security Area Open Meeting, basically examining possible future security work).

There are many IETF working groups in the Security Area...

Among the funny questions: at what point will ML-DSA and ML-KEM no longer regarded "Post-Quantum Cryptography" but just plain "Cryptography"? Before or after IPv6 world domination?

A proposal to run #BGP over #TLS. Obvious issue: we don't want to use the classical PKI (because it would create a chicken-and-egg problem for IP).

A BGP-specific PKI, with short-lived certificates including the AS number of the BGP speaker and new introducers. (Not using the RPKI.)

A talk about the new chinese commercial cryptographic algorithms program at #IETF125 (ping @shaft)
"commercial" as in "no State secrets"

Current algorithms are ZUC, SM2, SM3, SM4, SM9... (All of them ISO standards.) https://en.wikipedia.org/wiki/ZUC_stream_cipher https://en.wikipedia.org/wiki/SM9_(cryptography_standard)

Some are in IANA registries (for instance for TLS) See RFC 8998

Now asking for post-quantum alternatives. (Formal announcement one year ago.) https://niccs.org.cn/niccs/index.html You can still submit a poposal!

ZUC stream cipher - Wikipedia