Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-dkim-usage and document shepherds
"Murray S. Kucherawy" <superuser@gmail.com> Mon, 12 June 2017 03:03 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33999129B77 for <dcrup@ietfa.amsl.com>; Sun, 11 Jun 2017 20:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7P44VRyafsT for <dcrup@ietfa.amsl.com>; Sun, 11 Jun 2017 20:03:32 -0700 (PDT)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52D0B1200F1 for <dcrup@ietf.org>; Sun, 11 Jun 2017 20:03:32 -0700 (PDT)
Received: by mail-ua0-x22e.google.com with SMTP id m31so51576011uam.1 for <dcrup@ietf.org>; Sun, 11 Jun 2017 20:03:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=s+kqxF1Vu8yLnWHGQHMXH8ghYZsJgA7uJdXe0Nqtqjg=; b=C/k2T2M8qFK3o3qyGYiRvcnOpcGZ7HtezVF944n5NrYb9xWR3tqcGr+lryz8iuXKte DcXnNg94T41nTYi/dvoV8F4cOTCKyQJ/qdZ6hnpx7TtKU1hoK71y+pswt9/GKtBhb4dw 7Wnen7K3gf8oXovRiR9zBt+805+Xz8YD7ggyIzw9lGzJt++1nDcFLsCvH2EE2cJECxo4 7/pxu4AFoefsVEev71CLamG3QL1UBjUNMJB4VaqqhzdRepfRyskBfTSYz+L+NdGfiWP5 8PopXzrF6UMmNhCahBApLeIIjkDKunKmD0LX7x8oXNQQb859DhHmFBWkmnc8TsYxGgAj vDvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=s+kqxF1Vu8yLnWHGQHMXH8ghYZsJgA7uJdXe0Nqtqjg=; b=W3WJetAjzVIYpfONrkSN8EG1n0MQ8iTrlzOA8jnJuCUsNdxFjH0Ov9KQHtvyESHne4 u+ETWzxgwP2Qvd6HPx+QJmc6j5mU6ALSz30IiE2v9lSM0zezQtwhpS55C/ELNsmd9Yzv 4Hcrx7vGstbFJ52KWghkrPNTVX/m3Hsg0ki0hX67PyHycHb6ePKGmjd+fE2VNHM5jOfP LTDxhPLq7RHLAPdnOZgu8ZS/mFESglC7AZRf3HOoSwzVDLZ9tFXvGjtfuXs11kewUfI2 nrWSj8k0UDE8XbBmtZ8jtSQAolUwHaQk/cPcqWHZI4kWBolCENzlA5wsuuSSfWogjcf5 +Vkw==
X-Gm-Message-State: AODbwcCIViT7mPjU6/W5dKuOnqbh2zDaPqkftcBAIwXeEggGe/QSmLbA jlhTHI2tyHBNOvy70wNIscFRNb3PPdgi
X-Received: by 10.176.92.71 with SMTP id a7mr25694884uag.155.1497236611294; Sun, 11 Jun 2017 20:03:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.138.3 with HTTP; Sun, 11 Jun 2017 20:03:30 -0700 (PDT)
In-Reply-To: <44047203.rS5CgVd1do@kitterma-e6430>
References: <33024B2C-DBF1-44DC-A18E-973D4C8ACD12@kitterman.com> <3226783.Zmkt5g0zON@kitterma-e6430> <c38cbdf473a54a649a5acf4228909741@usma1ex-dag1mb1.msg.corp.akamai.com> <44047203.rS5CgVd1do@kitterma-e6430>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sun, 11 Jun 2017 20:03:30 -0700
Message-ID: <CAL0qLwawfbehfHuz_BoL+pwcA4767MecxPem6EySHZ++M_vtfA@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: "dcrup@ietf.org" <dcrup@ietf.org>
Content-Type: multipart/alternative; boundary="f403043eee1c5c6a500551ba90c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/38aNpYoMhsKRXyR9I-v_1xhBYk8>
Subject: Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-dkim-usage and document shepherds
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 03:03:34 -0000
I'll reply about the document sequence separately, but on this point: On Sat, Jun 10, 2017 at 1:29 PM, Scott Kitterman <sklist@kitterman.com> wrote: > Personally, I prefer the explicit MUST NOT we had in -01 and I think that's > along the lines of what Martin Thomson was suggesting. A hatless msk > preferred something more like what's there now. > > Technically, I think the amount to the same thing. Is it better to be more > explicit about what's being removed or be implicit by removing it from > what's > specified? Personally, I think explicit is better than implicit, but > being a > Python guy, I would [1] > I think the discussion never fully landed, and it may have gotten mixed in with the discussion about how to regulate key sizes, if it's even possible to do that. Only a few opinions have been expressed, and nobody's commented up or down on the -02 text yet. Remaining hatless, I prefer the current approach because, like key sizes, we're not talking about an interoperability concern but rather a policy one. There's nothing broken about DKIM implementations that use rsa-sha1. It's just a bad idea now although it wasn't yet when RFC4871 came out. Although many receivers may choose to treat all rsa-sha1 signatures as failed on principle, that's not (and, I would argue, shouldn't be) intrinsic in the protocol. My understanding of the use of RFC2119 language is that it's used to describe choices that affect interoperability, while small key sizes and use of SHA1 are choices that clearly reduce security but interoperate just fine. Then Martin suggested that there's precedent in other RFCs for using RFC2119 language to discourage use of obsolete security mechanisms. If that's the case and we're fine with it, then I'll go along with consensus. That aside, simply not describing rsa-sha1 going forward, and including an IANA action to mark it "deprecated" in the registry, seems right to me. If we want to add a paragraph in an appendix paying homage to it and including advice about why its use is no longer a good idea, that's fine too. -MSK
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Seth Blank
- [Dcrup] draft-ietf-dcrup-dkim-usage and document … Murray S. Kucherawy
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Scott Kitterman
- Re: [Dcrup] we need to do the work, was draft-iet… John Levine
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… John R. Levine
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Scott Kitterman
- Re: [Dcrup] we need to do the work, was draft-iet… Salz, Rich
- Re: [Dcrup] we need to do the work, was draft-iet… John R Levine
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… John Levine
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Salz, Rich
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Scott Kitterman
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Salz, Rich
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Kurt Andersen
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… Murray S. Kucherawy
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Murray S. Kucherawy
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Murray S. Kucherawy
- Re: [Dcrup] sequence of drafts, draft-ietf-dcrup-… John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-02 and r… John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Murray S. Kucherawy
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Seth Blank
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Kurt Andersen
- Re: [Dcrup] draft-ietf-dcrup-dkim-usage and docum… Murray S. Kucherawy