Re: [dane] (draft-ietf-dane-smime) SHA-224 not in CryptoAPI

Paul Wouters <> Wed, 07 January 2015 18:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9FD971A014C for <>; Wed, 7 Jan 2015 10:46:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.778
X-Spam-Status: No, score=-0.778 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URI_HEX=1.122] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yrKIUPT8NTNB for <>; Wed, 7 Jan 2015 10:45:59 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1C6151A0242 for <>; Wed, 7 Jan 2015 10:45:56 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 3kHffR0dQdz31J for <>; Wed, 7 Jan 2015 19:45:51 +0100 (CET)
X-Virus-Scanned: amavisd-new at
Received: from ([IPv6:::1]) by localhost ( [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id AdDN8X3pY3YK for <>; Wed, 7 Jan 2015 19:45:49 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTPS for <>; Wed, 7 Jan 2015 19:45:48 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTP id 8B66B809FE for <>; Wed, 7 Jan 2015 13:45:47 -0500 (EST)
Received: from localhost (paul@localhost) by (8.14.7/8.14.7/Submit) with ESMTP id t07Ijk89031173 for <>; Wed, 7 Jan 2015 13:45:47 -0500
X-Authentication-Warning: paul owned process doing -bs
Date: Wed, 7 Jan 2015 13:45:46 -0500 (EST)
From: Paul Wouters <>
To: dane WG list <>
In-Reply-To: <>
Message-ID: <>
References: <> <>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: Re: [dane] (draft-ietf-dane-smime) SHA-224 not in CryptoAPI
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Jan 2015 18:46:01 -0000

On Wed, 7 Jan 2015, Viktor Dukhovni wrote:

> On Tue, Jan 06, 2015 at 09:20:24PM -0800, Sean Leonard wrote:
>> I would like to point out that SHA-224 is not a good choice for a fixed hash
>> algorithm. SHA-224 is not implemented in Microsoft CryptoAPI / Cryptography
>> Next Generation, which means that Windows apps (clients and servers) will
>> have a more difficult time implementing this thing. Reference:
>> <>. I suggest sticking with
>> SHA-256.

Wish we had known that sooner :(

> A base32 encoding of SHA2-224 requires 45 octets, while SHA2-256
> requires 52 octets.  Every little bit of space saved helps, DNS
> names have a limited length.  One could of course truncate SHA2-256,
> if availability of SHA2-224 is a major problem.  IIRC SHA2-224 is
> essentially that, but is "salted" a bit differently to distinguish
> it from truncated SHA2-256 output.

I have no problem with this for OPENPGPKEY.

> The larger question is whether putting per-user keys in DNS is the
> right approach, or whether DNS should instead provide key material
> to authenticate a dedicated lookup service

Actually, this has nothing to do with the problem of the hash of the
username which is needed to _find_ the DNS record. You are talking about
adding another level of indirection for the return _data_ and you'll be
adding another choke/failure/filter point people can attack to prevent
you from publishing your key

Plus, a mechanism already exists to solve what you (not I) deem to be a
problem:  TXT         "v=pka1;fpr=C2063054549295F3349037FFFBBE5A30624BB249;uri="

Perhaps someone wants to run a fetch on the RIPE ATLAS network for:

and see how many sites cannot get the data back?

>  Using something other than DNS would allow the
> lookup service to handle key canonicalization (case folding, handling
> of address extensions, ...), which are otherwise difficult.

We've been waiting for 20 years. Pervasive monitoring etc...

ExecSum: If we use a truncated sha2_256 in smime, we should use it in openpgpkey
too. We should try to keep these two in sync. Not storing key data in
DNS is off-topic.