Re: [dane] Digest Algorithm Agility discussion

Mark Andrews <marka@isc.org> Sun, 23 March 2014 20:51 UTC

Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D90961A07B7 for <dane@ietfa.amsl.com>; Sun, 23 Mar 2014 13:51:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTccpw-Kn4Gp for <dane@ietfa.amsl.com>; Sun, 23 Mar 2014 13:51:55 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id CD9901A099B for <dane@ietf.org>; Sun, 23 Mar 2014 13:51:55 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 6E5F6C94B6 for <dane@ietf.org>; Sun, 23 Mar 2014 20:51:41 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1395607915; bh=ljzqxmzJkLFUszlq95dC8jviYTO1hAFavBDRVGmQiGI=; h=To:From:References:Subject:In-reply-to:Date; b=grEUhbBGCNK9gvZA28IWxdBXRWcKo8M4LVszjY09jr8ufYqBN6c+srG8LifVPVud2 h4y5nSDh+zA6vdH2ys+GOCpKkz9+CmuP0kpn6lVjrvVyHtPmYoCpXXoJjGKgF9sWk2 BQ+dY4GQ9RD8G/B8JwHWhzGPsQZj0wfCFzmXeLG8=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP for <dane@ietf.org>; Sun, 23 Mar 2014 20:51:41 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 327CC160060 for <dane@ietf.org>; Sun, 23 Mar 2014 20:52:49 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 0FB3D160047 for <dane@ietf.org>; Sun, 23 Mar 2014 20:52:48 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id D9ACE11B3EAD for <dane@ietf.org>; Mon, 24 Mar 2014 07:51:38 +1100 (EST)
To: dane@ietf.org
From: Mark Andrews <marka@isc.org>
References: <20140315051704.GY21390@mournblade.imrryr.org> <0l4n2sa5a0.fsf@wjh.hardakers.net> <20140322074737.GA5739@anguilla.noreply.org> <20140323174205.63C6111B2111@rock.dv.isc.org> <20140323182106.GX24183@mournblade.imrryr.org> <20140323185718.7A84711B2CB8@rock.dv.isc.org> <20140323191037.GA1469@anguilla.noreply.org> <20140323192557.7716111B342A@rock.dv.isc.org> <20140323195717.GA13649@mournblade.imrryr.org>
In-reply-to: Your message of "Sun, 23 Mar 2014 19:57:17 -0000." <20140323195717.GA13649@mournblade.imrryr.org>
Date: Mon, 24 Mar 2014 07:51:38 +1100
Message-Id: <20140323205138.D9ACE11B3EAD@rock.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/TkE_yZl2zU9sZ6HDmPRLwqeLDNs
Subject: Re: [dane] Digest Algorithm Agility discussion
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 20:51:58 -0000

In message <20140323195717.GA13649@mournblade.imrryr.org>;, Viktor Dukhovni writ
es:
> On Mon, Mar 24, 2014 at 06:25:57AM +1100, Mark Andrews wrote:
> 
> > > Site A only publishes SHA1 entries.  Would rather do unauthenticated TLS
> > > than trust SHA1?
> > 
> > You left out - report and refuse to send until fixed.
> 
> Broken is not a binary state.  Before previously reasonably sound
> algorithms are fully broken, they are first tarnished, and our
> confidence in their strength begins to fray.
> 
> Refuse to send is a strong reaction, when an algorithm is only
> tarnished, with no known practical attacks, but known signs of
> weakness.  Have you disabled RC4 in your browser yet?  If not, your
> rather principled stand is "do as I say, not do I as do".
> 
> > > Site B publishes both SHA2-512 and SHA1 entries.  Would you still want
> > > to trust SHA1?
> > 
> > Once you decide SHA1 is not acceptable you ignore the records with SHA1
> > hashes.
> 
> A flag day, one can sensibly avoid, by incrementally phasing out
> (hypothetically) SHA1 as server publish stronger records that include
> (hypothetically) SHA1 to accommodate weaker clients in addition to stronger
> digests.
> 
> > Publishing new hashes is trivial and will remain trivial.
> 
> Flag days remain a major deployment problem.
> 
> > Once a algorithm has reached the state where you don't trust it for a
> > purpose you don't use it for that purpose.
> 
> That's fine, except at Internet scale.  Windows 2003 servers still
> top out at RC4-SHA1, and at least Exchange 2003 has a broken 3DES
> implementation.   Many server operators only enable RC4 for
> performance reasons.

And the reason for that is that is that Microsoft has no presure
on it to release service packs with newer algorithms as clients
fall back to the known too weak algorithms.  The clients are not
getting the security they think they are.

What Microsoft should do is release updated clients that do not
support RC4 and also release server packs which support newer
algorithms.

> When exactly should you or I disable RC4-SHA1 support?  Fortunately
> in TLS cipher suites are negotiated.  I am trying to do the same
> for DANE.

There is NOTHING preventing implementations from ranking hash algorithms.
There is NOTHING preventing implementations from having a accept/reject.

There is no reason to REQUIRE implementations to ranking hash algorithms.

Supporting out of date clients does a disservice to both yourself and
them.

> -- 
> 	Viktor.
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org