IETF Logo Mail Archive

Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage

"Murray S. Kucherawy" <superuser@gmail.com> Sun, 13 August 2017 18:34 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46903132783 for <dcrup@ietfa.amsl.com>; Sun, 13 Aug 2017 11:34:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FcEIhb_JPdic for <dcrup@ietfa.amsl.com>; Sun, 13 Aug 2017 11:34:22 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E94F1324B5 for <dcrup@ietf.org>; Sun, 13 Aug 2017 11:34:22 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id t37so42449745qtg.5 for <dcrup@ietf.org>; Sun, 13 Aug 2017 11:34:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=rEPFAmbfE3XDWqmivSNcJ1QnWJariW2wl13Wx3fGhX4=; b=Om7iWQ1c6J9lg/MC607qwFas8aZ3fZhyWWPYHmdyP+4qYhmmzMsZV/KMnO/kKINnTh OWZ+Jwncwj7cPdyQxVB+ujc2RE9VJacYKU0kg9pkll98jV1lkl7HjNv0vJ9bbBUKNyGP XeVOKio6x4t5Q3sQqpKISAwrSDwICtT7gmwfOx/n/G6Dh5xtNw2J4dTIJGSE5QAYK1t4 BbVU6i0Y6nNCNYRNLAupJ/fZB9PJPWy81VredQIHFVK8YaWBbwgAuR5kE1MF5UGUK20O FrIwu9O4sbfH9OpUvzuQLBGDD3UeABh/8IT+mDGxIYGtm9PnX7tpCdsMflJXKYPgBC99 4qag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=rEPFAmbfE3XDWqmivSNcJ1QnWJariW2wl13Wx3fGhX4=; b=tEadC/FruzJnltCknBYI+3TVqtBTi1/1AEzEmxNA6x9PXxlMZ++px1HJds0Gju1mUa szoDPC3hLW/yVGRIIOba3Ef0U+nsquy52rS/uQijLafz8b8w61vBHdPTjH12v0BPP0ve 6i1h8T6t5PYwdxw3MLQA6++12JNthjyQw5A6Fp+7foxxWAU2tcC79tF3oF99Qmky9y0g 0BdBzKt2iGs7GL6HUs0xKpAVuRVozOztAH0aSMZBu5K9UbXQSlg7EeUEICldeCDjgDnb xsTya8Okv2GkcHj2yvz60HEG/IsrjbsNZLi1TQPAiFQD7rf3Nq4pL3B7+1s7Amb4o6+A OkdQ==
X-Gm-Message-State: AHYfb5hffAaKoDXuee4fbLD4Lgx1NeUYqrxl8MRYc9QViehh/hIz9UO2 nY84G1GHK0csbehWmIIjlAvqlc65HsaX
X-Received: by 10.200.14.72 with SMTP id j8mr30182781qti.124.1502649261157; Sun, 13 Aug 2017 11:34:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.57.34 with HTTP; Sun, 13 Aug 2017 11:34:20 -0700 (PDT)
In-Reply-To: <DA3AF00B-7084-454D-A1D2-5BB417EE96C8@akamai.com>
References: <150257492983.26466.3488799276681870364.idtracker@ietfa.amsl.com> <DA3AF00B-7084-454D-A1D2-5BB417EE96C8@akamai.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sun, 13 Aug 2017 11:34:20 -0700
Message-ID: <CAL0qLwaB8mdCbYjbzr6T3A5hQw3GnixuB=JhW4Ai8+_C6dEzgg@mail.gmail.com>
To: dcrup@ietf.org
Content-Type: multipart/alternative; boundary="089e08225dac6ef0720556a6cb72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/7B5Z6kAs_9lnt48UheqNYkgCSlQ>
Subject: Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2017 18:34:24 -0000

On Sat, Aug 12, 2017 at 2:58 PM, Salz, Rich <rsalz@akamai.com> wrote:

> At the IETF meeting last month there was strong consensus to have MUST NOT
> for both generate and verify using SHA-1.  The discussion on the list had
> one major participant opposed, who removed their objection once they
> understood there were two separate documents.
>
> Therefore, we are entering a one-week WG last call.
>
> (Seth, please start preparing your shepherd writeup :)
>

Getting caught up after a long post-Prague vacation and recovery period.

The content and intent seem fine to me.  However, I was asked this after
the meeting in Prague as to form, in the spirit of "it's not done until you
can no longer remove things" or however that aphorism goes:

This document will be shown as "updates RFC6376".  Is replacing text in
RFC6376 the right way to do this?  Or would that not be better left to an
actual replacement document?  That is, why not just say "MUST NOT
sign/verify with rsa-sha1", change the state of "sha1" to obsolete, change
the minimum key size to 1024, and stop?  In particular, is it necessary to
render "a=rsa-sha1" syntactically invalid by removing it from the ABNFs, or
replace all of a section when only a couple of numbers are being tweaked?

Otherwise this seems ready to go.

-MSK, participating

v2.23.0 | Report a Bug | By Email