Re: [Curdle] Some work for the group
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 09 December 2016 02:18 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64256129616 for <curdle@ietfa.amsl.com>; Thu, 8 Dec 2016 18:18:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_RPPCVPHUPh for <curdle@ietfa.amsl.com>; Thu, 8 Dec 2016 18:18:41 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EF69129619 for <curdle@ietf.org>; Thu, 8 Dec 2016 18:18:41 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id a197so6089093wmd.0 for <curdle@ietf.org>; Thu, 08 Dec 2016 18:18:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jJTw7JLq8fd2NhckupHazh1rc0DmGpgaN2eerdPjENE=; b=E+XESrbahJJmpKh+7zyRCrvzwK3EQ5dYDXOkSLMiXG4qZzBI4YHZLv9iZN6PLCkpcV mltHch9qsTyH/7LttV/KBvu/QsNXAJt9QzUOk3Ou+W6kBEfkQJkMCgWdrzhn4jgKnBz2 sCLH9zgegHyuKlKwrYXzlmc6bWiM/kvfMBV8pKDU1heUxROruUkNE7vFKTibMtJdXFFi CpamzVmDkuEr0i7D8WRkryFLgq3TeiOpXwX/iKboNqGreA0R4JHqft5VNAg+avoh/UMo v4ghnAukdTgeUKGXooG0nuHAcH5u/pEVmU61lihEP+ZTdIvNydFyhFLS/zKc4FbG25uR f2oA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=jJTw7JLq8fd2NhckupHazh1rc0DmGpgaN2eerdPjENE=; b=AdS0XlrJ88jgrFXqYWpZC8IpmVlFwE6YxI3uyc4F0f7SmKB1EF5LBCSbqRiFnpn+SU QKqWQMufcAjMtskljO0iXgEAgYMLUJfOMSqIWDl3KOGD9Ar6OMf5xZy+IDZKhzQE/cDD hgwAIWmtfasQlDuDNaVz88HAuRGnnspQrlgxMGoxWHEzYC4IECF6tcN0mKYAHx5B5FAH EWvnEuuc29TM/eN/zd0leZiF4cNuDnE3EP2uX9gDvoRNg5hs03KnTUrkb56H0HXUIvxF vae6H1qMRokYct3uAnaRdHME70Kah0QymTmceAwyGgh8TyyxoFgUWChinn6oXmto6Lgg QlgQ==
X-Gm-Message-State: AKaTC03hn4JvINpQpZ1o5wAORwd5VKT6EOJYA90LtIOXP+YfxwQQ5TO7A2v8urA77vXTJcwnvKsyEtvj2oeyVA==
X-Received: by 10.28.218.129 with SMTP id r123mr4291919wmg.137.1481249919606; Thu, 08 Dec 2016 18:18:39 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.83.101 with HTTP; Thu, 8 Dec 2016 18:18:38 -0800 (PST)
In-Reply-To: <ada1784daf4349afae3ec29414bb4444@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <ada1784daf4349afae3ec29414bb4444@usma1ex-dag1mb1.msg.corp.akamai.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 08 Dec 2016 21:18:38 -0500
X-Google-Sender-Auth: D34i0oFv7DWE5T7KAFZiXc5WNXs
Message-ID: <CAMm+LwjfkAg=mw6yME3uXYfkZ5V6C+Q8s_+s==UVX07mCUNqCw@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="001a114697bc4829fc0543305f6e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/rtxNTAP6zjGNDsdD7OD3L_I7VHE>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: [Curdle] Some work for the group
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 02:18:45 -0000
I don't much care from a CA point of view unless there is going to be difficult getting the hardware we need to implement the signatures. Since that hardware does not currently exist and since we would assume that any suppliers would make sure they support the required mode, I doubt that will be an issue. There is a modest efficiency hit. As far as making the system more robust goes, we are going to have to drop SHA-2 if there is any significant compromise regardless of whether this detail makes an exploit infeasible. It is far more expensive to explain why faulty algorithms are safe than to switch to a safe one. We are not shutting down use of SHA-1 because there is a real risk of a bogus cert being generated by a competent CA. The security justification such as it is is that the system should be fail safe and require at least two failures before a catastrophe. What the collision resistance property does provide is a cushion that makes a compromise during the transition highly unlikely. And given the refusal to consider issue of code points for SHA-3, we will probably need quite a cushion. On Thu, Dec 8, 2016 at 7:23 PM, Salz, Rich <rsalz@akamai.com> wrote: > Hi there! > > > > We are looking for feedback on the following items, my memory spurred by > the draft minutes found here: https://datatracker.ietf.org/ > doc/minutes-97-curdle/ > > > > Please review the minutes by the end of the month. Speak up on the list > if anything’s wrong. Thanks to Ben Kaduk for taking them. > > > > Has anyone (besides Kyle Rose) reviewed curdle-rsa-sha2 ? Are we ready > for WGLC? Please respond within a week. > > > > The text in draft-ietf-curdle-pkix says CA’s MUST NOT use pre-hash version > of signatures. Does anyone object to this? There is a mention of the > trade-offs in doing that at the end of section 5. Please respond within a > week. > > > > curdle-ssh-ext-info, curdle-ssh-kex-sha2, curdle-ssh-modp-dh-sha2 > > Has anyone read these? Will one or more people commit to doing so within > a week? (Commit, not actually read) > > > > Contexts – has anyone got a use for signature contexts? See the minutes. > If you’re opposed to the (slight) consensus, speak up. > > > > Thanks. > > > > -- > > Senior Architect, Akamai Technologies > > Member, OpenSSL Dev Team > > IM: richsalz@jabber.at Twitter: RichSalz > > > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle > >
- [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Phillip Hallam-Baker
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Phillip Hallam-Baker
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Jim Schaad
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Jim Schaad
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Phillip Hallam-Baker
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Brian Smith
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Brian Smith
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Ilari Liusvaara
- Re: [Curdle] Some work for the group Daniel Migault
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Dang, Quynh (Fed)
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Peter Gutmann
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group santosh.chokhani
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group santosh.chokhani
- Re: [Curdle] Some work for the group Salz, Rich
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Erwann Abalea
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Erwann Abalea
- Re: [Curdle] Some work for the group Santosh Chokhani
- Re: [Curdle] Some work for the group Santosh Chokhani
- Re: [Curdle] Some work for the group Carl Wallace
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Carl Wallace
- Re: [Curdle] Some work for the group Stephen Farrell
- Re: [Curdle] Some work for the group Yoav Nir
- Re: [Curdle] Some work for the group Peter Gutmann
- Re: [Curdle] Some work for the group Manger, James
- Re: [Curdle] Some work for the group Peter Gutmann
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Russ Housley
- Re: [Curdle] Some work for the group Peter Gutmann
- Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
- Re: [Curdle] Some work for the group Peter Gutmann
- Re: [Curdle] Some work for the group Salz, Rich