Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures?
Hector Santos <hsantos@isdg.net> Tue, 14 January 2020 14:16 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 459D71200EC for <dcrup@ietfa.amsl.com>; Tue, 14 Jan 2020 06:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=NwwG6KAy; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Zx/612q4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbE_nQYpzYCK for <dcrup@ietfa.amsl.com>; Tue, 14 Jan 2020 06:16:10 -0800 (PST)
Received: from mail.winserver.com (ntbbs.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FE3D1200D7 for <dcrup@ietf.org>; Tue, 14 Jan 2020 06:16:10 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2252; t=1579011360; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=ZH3iggoYUnerfuiEplQ0QzWUzVs=; b=NwwG6KAyQSS+/Kgr34qD1MWbuq51TigO4Lzu1et93jUoYQbz99gcQ9OKOqZmU1 lPAcw9VVUs49zO56+nybbbxQO/ihmN5Bd9WgCQtl2KCQiVLKxxPN9Pt5y/V7YiuL bKJ+BtmHvKklcuvYoBY8nZti8tAC0nwqCtvN7nOpe6QP8=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:16:00 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2623715584.1.7824; Tue, 14 Jan 2020 09:15:59 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2252; t=1579011166; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=R4+xwqv PB1v4mlJiKRJ8wKLClY6jEdPrOcLrwq5JIXI=; b=Zx/612q4lKzPlVJPp6FoUuR wv+oL3dfkmC8bfbVm4qooFOK4XQC4suwRGbG6CbBhRTtJHWdhZGbLzqjYUNj2Iv8 qnJ3TU9vDj0EawcAxBaaR3mE6fJjMOxHImcMMhqHxIQl4P9J0Qmr1L+ObhapVvUo lhzwoIMRIErzamjcm1p8=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:12:46 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3186347203.1.9296; Tue, 14 Jan 2020 09:12:46 -0500
Message-ID: <5E1DCD20.7070607@isdg.net>
Date: Tue, 14 Jan 2020 09:16:00 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dcrup@ietf.org
References: <1836468.B6t98xBJ9D@l5580>
In-Reply-To: <1836468.B6t98xBJ9D@l5580>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/5GY0hNgMZDI4fpxHCe5OOb0pPnA>
Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures?
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 14:16:15 -0000
On 1/7/2020 6:41 PM, Scott Kitterman wrote: > https://sha-mbles.github.io/ > > If I'm reading this right, the last excuse that still trusting SHA-1 DKIM > signatures is an OK thing to do is gone. Comments from anyone that really > understands thus stuff would be appreciated. -1 to the subject question. Comments from implementators who only need to peripherally "understand" it, should be commenting. Did we want a discussion on theory? Despite the paper's claim for a clobbering technique, this is a time-shifted application problem -- replays after a secured message has been received and maybe not read yet. If read, expiration concepts should apply. In fact, we should probably be recommending x= expiration times. Right now, the default is off. x= Signature Expiration (plain-text unsigned decimal integer; RECOMMENDED, default is no expiration). The format is the same as in the "t=" tag, represented as an absolute date, not as a time delta from the signing timestamp. The value is expressed as an unsigned integer in decimal ASCII, with the same constraints on the value in the "t=" tag. Signatures MAY be considered invalid if the verification time at the Verifier is past the expiration date. The verification time should be the time that the message was first received at the administrative domain of the Verifier if that time is reliably available; otherwise, the current time should be used. The value of the "x=" tag MUST be greater than the value of the "t=" tag if both are present. But we have a higher potential, replay damage coming from allowing 5322.From Rewrites to have evolve among some packages. SHA1 usage is the least of my DKIM concerns. Nonetheless, we are already promoting verify only, not signing. Is that not enough? Or are we now promoting the suggestion to remove SHA1 from APIs and tools? I read a statement the OpenSSL folks were thinking about removing it. That would be a horrible decision and it just someone's belief, not the OpenSSL team because then we really create REAL damage by forcing SHA1 signatures fails which are otherwise secured right now. Lets fix the real Rewrite potential problems first before worrying about SHA1. -- HLS
- [Dcrup] Time For People To Really Stop Using SHA-… Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Russ Housley
- Re: [Dcrup] Time For People To Really Stop Using … Viktor Dukhovni
- Re: [Dcrup] Time For People To Really Stop Using … Jim Fenton
- Re: [Dcrup] Time For People To Really Stop Using … Phillip Hallam-Baker
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Salz, Rich
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Salz, Rich
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Viktor Dukhovni