IETF Logo Mail Archive

Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usage-00.txt

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 05 June 2017 20:18 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F32831294C4 for <dcrup@ietfa.amsl.com>; Mon, 5 Jun 2017 13:18:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ko2eURvPWfv9 for <dcrup@ietfa.amsl.com>; Mon, 5 Jun 2017 13:18:14 -0700 (PDT)
Received: from mail-ua0-x234.google.com (mail-ua0-x234.google.com [IPv6:2607:f8b0:400c:c08::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F2F1270A7 for <dcrup@ietf.org>; Mon, 5 Jun 2017 13:18:14 -0700 (PDT)
Received: by mail-ua0-x234.google.com with SMTP id h39so27883505uaa.3 for <dcrup@ietf.org>; Mon, 05 Jun 2017 13:18:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=i5289MxHFpYmvp/17XT4fxV1cybYEpFFAImeOBY1SBc=; b=oP4xY7f32HxQcjnqwDG0jax+jhHEvg1wda39klhGe1kn7lE7/hADQfz6u17XNzNbdV bWSLgJ94Luey06vM3ZkJ9savpQCd9M10pVHm3ON4PlHxrclnq60C2SIKjNHVymxNs9q8 0uoR6yTC8OG2f+qkhjQK2FYoxjvGtv56AfoUdkfkpQeVdZlqG/1eA7NFgcZ01BOA3BRh qvbyY11XN7GJQorv5XBU0cQrrUC9Kqi30Dh7tLpTcZhIox6TTFQ2LAH6gIHUF4/rFL3n VC2uxcc6vf3w0s0iAbhmlV8im5GLEzidHdSBGIvYM91k6K6g4S16mGxpDdHI2zyi0NIZ Xzow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=i5289MxHFpYmvp/17XT4fxV1cybYEpFFAImeOBY1SBc=; b=DZFlTPBjGyHvujDGiMBzPymd3v2K0iHEYN7iEjVbvrLjtQw6u20uUM57YNYCfxiDkM 13GN/swXxUBCoZiB7NhjMbqmobec+rQ0U/3WvzcsNMZgEBUbBd6kTkeMTKxVCtpIxCax uVfqSdkhZ+vX+z7HGnUT4FfxVW9Xh3f6MXia/Oz20GSqSIxHJXzr+84URE16Ep8ZfsjL 0h6SPy06FMsgTawyhP7flIF/q+sUE3bx4uecZgEdB/M0uY/whfybVM2G2n75YDHvAU8q /k/8KupvoJtqHnIIoNWAA0xDLzkWPJXpP6/aE/wZEq0c5odYVBRkGRV9ODJFBJ24+hMS ELPg==
X-Gm-Message-State: AODbwcB33Ss92M4pVwjOZGJlBNFE4DlTH4MoDrs3xU0pW9cGYw2GDht6 fCTFJbVPhE/XvkQtHZAwoOhyfyD49A==
X-Received: by 10.176.81.4 with SMTP id e4mr12937419uaa.33.1496693893686; Mon, 05 Jun 2017 13:18:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.25.69 with HTTP; Mon, 5 Jun 2017 13:18:13 -0700 (PDT)
In-Reply-To: <1830430.b8hTZcbnc5@kitterma-e6430>
References: <149619233095.19793.14947085917778354002@ietfa.amsl.com> <A5830D7B-CC95-4296-99B6-B4A1BE5CF617@nist.gov> <1830430.b8hTZcbnc5@kitterma-e6430>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 05 Jun 2017 13:18:13 -0700
Message-ID: <CAL0qLwYOr0iMh2HkyBBUbwBE+4Mz=ZDxyPiHBtzKcFBbNwwSSg@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dcrup@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c191490deea6705513c338c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/-5Reos5c7thvL5t8zAxvv3iCzek>
Subject: Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usage-00.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 20:18:16 -0000

On Mon, Jun 5, 2017 at 9:53 AM, Scott Kitterman <sklist@kitterman.com>
wrote:

> I hear you.  I expect this to be the most contentious part of the draft.
>
> Here's my counter argument:
>
> The first DKIM RFC (RFC 4871), published in 2007 said:
>
> > Signers MUST implement and SHOULD sign using rsa-sha256
>
> I believe that the only reason rsa-sha1 was included at all was to make
> transition from domainkeys easier (see RFC 4870).  That's also (as I
> understand it where the 512 bit minimum key size came from).
>

As I recall, there were also implementations of DKIM made during its
development (even before its IETF time) that supported both, and defaulted
to rsa-sha1 because support for SHA256 in OpenSSL was new and not
universally deployed.  Some of them were still running in the wild, and
SHA1 wasn't fully deprecated, so the choice was made to be inclusive while
encouraging use of the newer stuff as much as possible.


> As a working group document editor, I'll change it however the group wants
> (of
> course), but I think we should either kill rsa-sha1 entirely in this
> document
> or leave it out entirely and let one of the follow-on documents add a new
> algorithm and remove rsa-sha1.  Preferably a clean kill or, failing that,
> not
> at all is what I think we should do.
>

I would omit it from the updated version entirely, and mark it "obsolete"
in the registry.

-MSK, from the floor

v2.46.0 | Report a Bug | By Email | System Status