Re: [dane] draft-ietf-dane-openpgpkey-00 comments
Viktor Dukhovni <viktor1dane@dukhovni.org> Tue, 22 April 2014 12:50 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4DE51A0416 for <dane@ietfa.amsl.com>; Tue, 22 Apr 2014 05:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Run02t1PIhir for <dane@ietfa.amsl.com>; Tue, 22 Apr 2014 05:50:03 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 8B07D1A0418 for <dane@ietf.org>; Tue, 22 Apr 2014 05:50:01 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 778542AAB20; Tue, 22 Apr 2014 12:49:54 +0000 (UTC)
Date: Tue, 22 Apr 2014 12:49:54 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140422124954.GZ18879@mournblade.imrryr.org>
References: <20140410175623.1767.25701.idtracker@ietfa.amsl.com> <53562BA6.6010808@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <53562BA6.6010808@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/EEwwO-9J_lZxm6enXqQQAFPrHuk
Subject: Re: [dane] draft-ietf-dane-openpgpkey-00 comments
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2014 12:50:04 -0000
On Tue, Apr 22, 2014 at 10:43:18AM +0200, Petr Spacek wrote:
> 3) Algorithm agility:
> It is clear to me that SHA2-224 hashing is there "just" for privacy and
> nothing else. Still, I think it would be beneficial to have algorithm
> agility built-in.
In this specification sha2-224 does not play a security role. It
is used not for privacy but rather as a short-enough and yet strongly
collision resistant representation of potentially longer email
addresses that would not fit into a DNS label. It is expected that
the number of email addresses with SMIMEA or OPENPGP keys in any one
domain will be substantially less than 2^{112} (~ 10^{34}). A domain
with 10^9 users will have two users with the same lookup key
with probability roughly 2^{-62} or ~10^{-16}.
There is no need for "algorithm agility" here. This is a lookup
key construct, not a tamper-resistant signature. In fact multiple
algorithms would be entirely counter-productive in this context.
--
Viktor.
- [dane] I-D Action: draft-ietf-dane-openpgpkey-00.… internet-drafts
- [dane] draft-ietf-dane-openpgpkey-00 comments Petr Spacek
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Petr Spacek
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Viktor Dukhovni
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Petr Spacek
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments James Cloos
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Paul Wouters
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Mark Andrews
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Paul Wouters
- Re: [dane] draft-ietf-dane-openpgpkey-00 comments Mark Andrews