Re: [Dcrup] new version draft-ietf-dcrup-dkim-crypto-04
Martin Thomson <martin.thomson@gmail.com> Mon, 07 August 2017 04:20 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 087F012702E for <dcrup@ietfa.amsl.com>; Sun, 6 Aug 2017 21:20:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICu9ONBamNh9 for <dcrup@ietfa.amsl.com>; Sun, 6 Aug 2017 21:20:46 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FA9112420B for <dcrup@ietf.org>; Sun, 6 Aug 2017 21:20:46 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id j32so21734026iod.0 for <dcrup@ietf.org>; Sun, 06 Aug 2017 21:20:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=d2p7RwH4FU6h2fWvBX2scn+1QUyzc1OPTtzRR0Uk098=; b=nWvIlSaoUMfVhhQpuXFauzewtnxUkNKS1tM9Z98klFuuT/W8yJJpuTAAuBdLGgez41 JJgUhACmnCiXUzIZ2qOyXWbpqDR5lslU+w46U8Bo056MTZJA2exdCQnM+iRWAe7nxJJl JIfkp2LbNlOdlkVhpFy1AKMMLJgnHkZ/L+yhQ55jLAys70sJXYRbuL3fLXc2JTdJ9Zgo nxZk/HAYDv2iBneA9yXP97ptI3bPd4yV8zynwc8LEoF6X/emYBHG0bnz4tjMF3wlj8AH YNIN81s0U0bPdD876cVi5XiLbH8wGOByCXs0pgksU7oFWW8Uoptre/A6VyXwc7jLX4y1 UY0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=d2p7RwH4FU6h2fWvBX2scn+1QUyzc1OPTtzRR0Uk098=; b=ftI5GEGiQ+/FqtEADcYMaAF7uU333Y+VL3ZqcT+qVYh+gsywD8UFNACldSt5Sh5y1m V3izxbz5Yay1343ztRZsLrjjcqSroIld3bJ+QivENtY2a1Kms2ObhyMDsTpZ7O83XVhY 1HiK+dz1IW+VoXIc/1L4VUocqJWdTNSorrwTBUGhIpgPLEDVtKrwo3+yX1PpWHDKxsGG Qy2YXxpTzVm/URYrW4SuToxkHey6xD+rvFPnzxlovtumEK4flONG0M1qLvMzUHZvjNLB DFFyxKV/vOzem3jM661U7gZS0uY2aGSisbPKdhy4R/iXROSMsLeatdOvQs1bb3a5/e1l 0Dng==
X-Gm-Message-State: AHYfb5jJ0vMASJvC5qMaF9ITNHe/wBRPfh2+HSQvrQ1Ln+C+gY1B2MI1 RWEhq9kBXrv9YEmEDM7QQHVNz0U7Msr2
X-Received: by 10.107.137.30 with SMTP id l30mr11268285iod.279.1502079645403; Sun, 06 Aug 2017 21:20:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.164.42 with HTTP; Sun, 6 Aug 2017 21:20:44 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.21.1708062218580.28227@ary.qy>
References: <alpine.OSX.2.21.1707281410000.7564@ary.qy> <CABkgnnWi6qS6L7mBHfFObMZhP=2C9mpX8sCuM8sx5efD=dX=kQ@mail.gmail.com> <alpine.OSX.2.21.1708062218580.28227@ary.qy>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 07 Aug 2017 14:20:44 +1000
Message-ID: <CABkgnnV9E3ASo9PpH8M90tzWX-mp2Kdm6kEpejfeeBY3_X=EEg@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: dcrup@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/7kuiTzkO5kf_NZt6EBSRygt1-uw>
Subject: Re: [Dcrup] new version draft-ietf-dcrup-dkim-crypto-04
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 04:20:48 -0000
On 7 August 2017 at 12:53, John R Levine <johnl@taugh.com> wrote: > So we have to update 6376 to add all the new signature > methods that a signer might use. Also remember that the current unhashed > RSA works just fine for the large fraction of signers whose DNS provisioning > system isn't broken, so we're not deprecating it. That wasn't my point. And it might just come back to us disagreeing what "updates" means, but 6376 clearly establishes an extension point for new signature algorithms. Part of that includes the assumption that verifiers have to be willing to verify any defined algorithm (and the converse, that signers risk messages being marked as bad because they fail to include signatures over old algorithms when they add new ones). I don't believe that adding a signature algorithm means that you need to update 6376. > I took out the second and now says signatures MUST be at > least 1024 bits and SHOULD be 2048 bits, and verifiers MUST NOT accept > shorter than 1024. That works for me.
- [Dcrup] new version draft-ietf-dcrup-dkim-crypto-… John R Levine
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… Martin Thomson
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… Martin Thomson
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… Martin Thomson
- Re: [Dcrup] new version draft-ietf-dcrup-dkim-cry… Scott Kitterman