IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 proposals

Kurt Andersen <kurta@drkurt.com> Tue, 20 June 2017 19:00 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82E541315FB for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 12:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SmsZaDwrtYzg for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 12:00:11 -0700 (PDT)
Received: from mail-ua0-x236.google.com (mail-ua0-x236.google.com [IPv6:2607:f8b0:400c:c08::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F2C11315F5 for <dcrup@ietf.org>; Tue, 20 Jun 2017 12:00:07 -0700 (PDT)
Received: by mail-ua0-x236.google.com with SMTP id 70so25573478uau.0 for <dcrup@ietf.org>; Tue, 20 Jun 2017 12:00:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FdQL+K5ya+h50C7fRvrKGyaIF9/HdLsDFzxy4AT7u2I=; b=e/MeVJhtCiLH0AZZAkEhFTr3/OacQdEwkRGqqjWQtZCsr/gQTBB7tizhVSqpzmDE8o VMfyIiGiUJmo+Jmq/lLfLb+xkzl064Q4ReU2gxiELuUcpxQ02leHLVU/Doa0iuHlGUIY 2U9rjLCFYkYVrtu9VJyZGJqg/AfMUYnkbtWkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FdQL+K5ya+h50C7fRvrKGyaIF9/HdLsDFzxy4AT7u2I=; b=iwGSlQIYdhdqRVLGnR2rgrSwNPSPa+i3MxeTG+lUUhoQaotaILAR3Wo0FRcC/lhE91 D+dM5ifxH5X76KRw8PojLr5nZy5ee13otG+edhnSXjVyQ/5+a7aZ+4ws/jBgV61XJ6qT /3mvq06rmZr1dqTs0iWTSTFBA/cas+/YFVvMDLCbciXHxch9+6PiAjinK85JK6wP2HHR ZumSGVRj2SXSJGZcjTeIChrdmAocss63gd0VawGxbGOCMl1EN8vheINaUyAShGYBGpHX N1WdpDb8n6SUvLLNZVoXUJzuCSWdlNfqDHkKnyHkwGIPaKSDQBjQmLwYDO+y2wKSPULt qFfQ==
X-Gm-Message-State: AKS2vOzjWNGPQUyIh1x0tK0KO97T4+6YAJWLwtvyz0oH5Ccel0cF8ruj giECRYarKVsAS8T/+ukjincD6i3EdjGAYUE=
X-Received: by 10.159.52.77 with SMTP id s13mr13430972uab.8.1497985206192; Tue, 20 Jun 2017 12:00:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.75.153 with HTTP; Tue, 20 Jun 2017 12:00:05 -0700 (PDT)
In-Reply-To: <1642300.47WuTbIWPP@kitterma-e6430>
References: <1642300.47WuTbIWPP@kitterma-e6430>
From: Kurt Andersen <kurta@drkurt.com>
Date: Tue, 20 Jun 2017 12:00:05 -0700
Message-ID: <CABuGu1q66gCCVeurfdV3qF3yvKyL8PbBoW5D94mvNNatVtRT+g@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: "dcrup@ietf.org" <dcrup@ietf.org>
Content-Type: multipart/alternative; boundary="f403043eb7a4187df0055268dcf1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/0J4EcJ41KXM0ta6sFZ9JxGg1yvg>
Subject: Re: [Dcrup] rsa-sha1 proposals
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 19:00:13 -0000

On Tue, Jun 20, 2017 at 8:39 AM, Scott Kitterman <sklist@kitterman.com>
wrote:

>
> I think there are roughly three options that have been discussed:
>
> Status quo:
>
> > Signers MUST implement and SHOULD sign using rsa-sha256.  Verifiers MUST
> > implement both rsa-sha1 and rsa-sha256.
>
> Deprecate rsa-sha1:
>
> > Signers MUST implement and sign using rsa-sha256 only.  Verifiers MUST
> > implement both rsa-sha1 and rsa-sha256.
>
> Remove rsa-sha1:
>
> > Signers MUST implement and sign using rsa-sha256 only.  Verifiers MUST
> > implement rsa-sha256.  rsa-sha1 is obsolete and MUST not be used.
> Note: This option also removes rsa-sha1 from the ABNF.
>

[elided]

Remove rsa-sha1:
> This option eliminates (to the extent it is adopted) the potential of
> security
> risks with rsa-sha1.  .  .
> While this might be considered somewhat abrupt, rsa-sha1 signing has been
> effectively SHOULD NOT for a decade.  Maybe this will create some momentum
> for
> operators to move off of it.
>
> It is abrupt to remove something without a formal deprecation period.
>

I'm in favor of moving strongly and clearly to kill sha1, but what about
moving it out to the registry with a dated "MUST NOT". That provides for a
deprecation period without the need for further intervention. The other
advantage is that it provides a stronger historical record that people can
point to when explaining brain-deadness to people who have not updated :-)
I would suggest a "drop dead" date of something like mid-2018 to allow the
rest of this work to reach completion.

--Kurt

v2.30.2 | Report a Bug | By Email | System Status