Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
Matt McCutchen <matt@mattmccutchen.net> Wed, 06 November 2013 01:42 UTC
Return-Path: <matt@mattmccutchen.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F47221E818E for <dane@ietfa.amsl.com>; Tue, 5 Nov 2013 17:42:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOWkLw8d10Wh for <dane@ietfa.amsl.com>; Tue, 5 Nov 2013 17:42:14 -0800 (PST)
Received: from homiemail-a10.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 061F721E81A9 for <dane@ietf.org>; Tue, 5 Nov 2013 17:40:47 -0800 (PST)
Received: from homiemail-a10.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a10.g.dreamhost.com (Postfix) with ESMTP id 2E57C28006C for <dane@ietf.org>; Tue, 5 Nov 2013 17:40:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= message-id:subject:from:to:date:in-reply-to:references :content-type:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=bByf3WTfdWyxdNUxQtnyulNOSTA=; b=rfWdtXpQ4H zPFPAyYpfMEZLA/0lZx9ikAojo0kx24Xd1szmh8DD5rYjKrAQxZbpO9AwDc5KuV4 yWKxvJr28eCijrBmujlJo0RolE0Egj4FsFl50YFtMyn6DsnynDoJundRZaH/Utgj hRBhguRbiz4bTanvpx5mPn9T41YU6tiew=
Received: from [192.168.58.221] (unknown [216.239.55.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a10.g.dreamhost.com (Postfix) with ESMTPSA id 0EB81280063 for <dane@ietf.org>; Tue, 5 Nov 2013 17:40:19 -0800 (PST)
Message-ID: <1383702043.26498.20.camel@localhost>
From: Matt McCutchen <matt@mattmccutchen.net>
To: dane@ietf.org
Date: Tue, 05 Nov 2013 17:40:43 -0800
In-Reply-To: <20131104223219.GP2976@mournblade.imrryr.org>
References: <68F7E418-B6F1-46C2-9344-00BB6102D940@vpnc.org> <20131104223219.GP2976@mournblade.imrryr.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 01:42:19 -0000
On Mon, 2013-11-04 at 22:32 +0000, Viktor Dukhovni wrote: > Though I am not attending the Vancouver IETF meeting, I am interested > in feedback on the below DANE-related issue: > > - Suppose some day we discover that SHA256 is flawed and is > subject to effective second-preimage attacks. > > - Suppose that hypothetically SHA512 remains secure. > > - How would clients and servers gracefully cut-over to only > use SHA512 and avoid SHA256? > > My proposal is as follows: > > When a TLSA RRset contains multiple RRs of the form: > > _<port>._tcp.server.example.com. IN TLSA <U> <S> <M> <D> > > with the same values of "U" and "S" but different values of the > matching type, a client MAY ignore a "weaker" matching type > (deprecated digest algorithm) when a "stronger" matching type for > the same usage and selector is present. Which matching types are > considered "weaker" is generally at the client's discretion. > - TLSA records that specify multiple certificates or public > keys for a single (U,S) combination (e.g. multiple trust > anchors, or multiple EE certificates during key roll-over) > MUST use the same set of matching types for all of them! > > Otherwise, clients may fail to support one of the desired > certificates, when they choose to support only the RRs with > the strongest matching type. I.e., the same solution that is de facto used by DNSSEC DS records (https://www.ietf.org/mail-archive/web/dnsext/current/msg11008.html) I believe in the need for algorithm agility and proposed three possible solutions including the above during the original design process (https://trac.tools.ietf.org/wg/dane/trac/ticket/22) but got no traction. Matt
- [dane] Informal lunch meeting in Vancouver on Thu… Paul Hoffman
- Re: [dane] Informal lunch meeting in Vancouver on… Matt Miller (mamille2)
- Re: [dane] Informal lunch meeting in Vancouver on… Paul M
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Warren Kumari
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Yoav Nir
- Re: [dane] Informal lunch meeting in Vancouver on… Stephen Farrell
- Re: [dane] Informal lunch meeting in Vancouver on… Dan York
- Re: [dane] Informal lunch meeting in Vancouver on… Ondřej Surý
- Re: [dane] Informal lunch meeting in Vancouver on… Sean Leonard
- [dane] Digest algorithm agility (possible discuss… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Wes Hardaker
- Re: [dane] Informal lunch meeting in Vancouver on… Paul Hoffman
- Re: [dane] Informal lunch meeting in Vancouver on… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Wes Hardaker
- Re: [dane] Informal lunch meeting in Vancouver on… Paul Wouters
- Re: [dane] Informal lunch meeting in Vancouver on… Olafur Gudmundsson
- Re: [dane] Digest algorithm agility (possible dis… Matt McCutchen
- Re: [dane] Informal lunch meeting in Vancouver on… Daniel Migault
- Re: [dane] Informal lunch meeting in Vancouver on… Dickson, Brian
- Re: [dane] Informal lunch meeting in Vancouver on… Anton Baskov
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni
- Re: [dane] Digest algorithm agility (possible dis… Matt McCutchen
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni