Re: [dane] Digest Algorithm Agility discussion

Mark Andrews <marka@isc.org> Sun, 23 March 2014 17:42 UTC

Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 780391A6FF4 for <dane@ietfa.amsl.com>; Sun, 23 Mar 2014 10:42:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2JbiMDR_SC2J for <dane@ietfa.amsl.com>; Sun, 23 Mar 2014 10:42:46 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 1E5E61A0791 for <dane@ietf.org>; Sun, 23 Mar 2014 10:42:46 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 015852383C9; Sun, 23 Mar 2014 17:42:32 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 2056E160060; Sun, 23 Mar 2014 17:43:39 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 1B6E2160047; Sun, 23 Mar 2014 17:43:15 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 63C6111B2111; Mon, 24 Mar 2014 04:42:05 +1100 (EST)
To: Peter Palfrader <peter@palfrader.org>
From: Mark Andrews <marka@isc.org>
References: <20140315051704.GY21390@mournblade.imrryr.org> <0l4n2sa5a0.fsf@wjh.hardakers.net> <20140322074737.GA5739@anguilla.noreply.org>
In-reply-to: Your message of "Sat, 22 Mar 2014 08:47:37 +0100." <20140322074737.GA5739@anguilla.noreply.org>
Date: Mon, 24 Mar 2014 04:42:05 +1100
Message-Id: <20140323174205.63C6111B2111@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/v4dfCZa0R2p3d6fbJfiEZGpledM
Cc: dane@ietf.org
Subject: Re: [dane] Digest Algorithm Agility discussion
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 17:42:48 -0000

In message <20140322074737.GA5739@anguilla.noreply.org>;, Peter Palfrader writes:
> On Thu, 20 Mar 2014, Wes Hardaker wrote:
> 
> >    Do you, Mr. System Administrator defining the local policy for the
> >    *client*, want:
> > 
> >    A) Accept any published hashing algorithm out of my "unordered set"
> >       to validate the remotely presented certificate.  [Ordering it
> >       doesn't buy you anything since you'll simply accept a match and it
> >       doesn't matter which you try first, since any success in any
> >       algorithm will equally indicate "ok"; in fact in an implementation
> >       aiming for speed, it might be best to choose the order based on
> >       how fast you can execute the algorithm].  If the server fails to
> >       publish a perfect record set, as long as one matches I'm ok with that.
> > 
> >    B) Believe that the server will always publish perfect records, and
> >       if my "ordered set" of algorithms is [SHA512, SHA256] and they
> >       publish SHA512, then I never want to accept SHA256 because I fear
> >       an attack more than I fear a server administrator blowing their
> >       configuration.
> 
> > But the real question, is what is the *default* that we should suggest
> > an implementation do?
> 
> > II) what should we do in SMTP?  This is where Viktor, considering case
> >     #2 above, is wanting to do B ("accept just the 'best' in an ordered set
> >     of algorithms) instead of A.  The arguments, though, from both sides
> >     are probably talking about different cases (generic vs SMTP) and I
> >     think that is ending up with some of the confusion.
> 
> I'd like to see the SMTP draft suggest B.  (All the others should do B
> too, but that's a different story).
> 
> Aloha,
> -- 
>                            |  .''`.       ** Debian **
>       Peter Palfrader      | : :' :      The  universal
>  http://www.palfrader.org/ | `. `'      Operating System
>                            |   `-    http://www.debian.org/
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

Truly, we do not know which of SHA256 and SHA512 will be broken
first.  Both are more than strong enough for this job at this point
in time.  When one is broken it will no longer be strong enough.
Neither will be broken by brute force.  They will be broken by
discoveries of flaws in the algorithms.  We support multiple
algorithms so that when/if one is broken we do not end up in a
situation of having no trusted algorithms supported.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org