Re: [Dcrup] Is there anything this WG wants to do not yet in draft-ietf-dcrup-dkim-crypto-01 ?
Eric Rescorla <ekr@rtfm.com> Tue, 20 June 2017 12:57 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDD8D12EB5D for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 05:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNMU3EIuhT0A for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 05:57:05 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1EB512EB20 for <dcrup@ietf.org>; Tue, 20 Jun 2017 05:57:01 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id 63so51771027ywr.0 for <dcrup@ietf.org>; Tue, 20 Jun 2017 05:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=P2JsAPB7y2dlk7zqhKB5kx+i/HiwyGXOa/dVofGTNgA=; b=tdGoM4o5GLMwdf8NvBK5EsE+8m5rcCKZh8oDEf50ia5vHvDPEb/8kbO+WDKWPMeuJE yyKFCvM8sVIIFw60ECCthNRspJLPXxCnUhuSnZVsZQLChqz1HAAdX6ITie3Iam2Kl3MO bSOy5ukzGdhWVX0QoGKRc/tHUBzgYBFSc5dj0PgIY6Gf7FmagwULU+fB3KOPiBnTUyH6 gqgNGcfMIbdm4yiYKJfFVcevXbwU/SidX2SVAEYeA2T8/qKu5Dzd50W8TiDue5IhDYdY mIEDbrXhx+Bv84aqstmwfSX/duwEr4pOwGHCPTuVO6mOHH12e3ObOyEolefCmEyUEKZF Ghlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=P2JsAPB7y2dlk7zqhKB5kx+i/HiwyGXOa/dVofGTNgA=; b=ndr/ugrv+BIkWagQphJBlWtzgzLBAktFeS7nWqd28Z4FblXDUZLQBjmO/vRiL2a3cy rRweyTXG9P71aYU7D8y9KE9AbP3Cd6kEcjY5j0UJlpvKwAfVs7C5ZO7RprySNsH/pPxj Y0VJw7JbLWRLwJBom1yYJUPc84rsaiUF4SjEp8lmk13LXu4GJEHAhUa++D5bg1c7SODR 6MrKyOCvIb0QB+/iRTWzf8FpCAKx0cYTMA/K8jh/hjd3TdOmLFXwhfFHpmZd3p1dWui2 G+xbJKdDYOxPpq+VvoP9rmjRR8QM7PnU+yGU4/HGFGXrU2AhZOrayg+z4gi/Py94jWNv 8mLA==
X-Gm-Message-State: AKS2vOzxJEi6BjwrRM/Jcrpws3AYEbbTUvXRRJAQdHPL0tPWPlTSyTPe Nzjm27es44D2+SGiVkdvGDAuzwlogVAU
X-Received: by 10.129.183.24 with SMTP id v24mr11403972ywh.312.1497963420825; Tue, 20 Jun 2017 05:57:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.9 with HTTP; Tue, 20 Jun 2017 05:56:20 -0700 (PDT)
In-Reply-To: <c05aa9933039406d8401c1b1ca95437c@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <alpine.OSX.2.21.1706121103510.19565@ary.local> <20170619205309.10839.qmail@ary.lan> <c05aa9933039406d8401c1b1ca95437c@usma1ex-dag1mb1.msg.corp.akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 20 Jun 2017 05:56:20 -0700
Message-ID: <CABcZeBMvofEg+=qCEwDNa6=O8pK+o4XXRRYW8p=uH=oXV-PM-w@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: John Levine <johnl@taugh.com>, "dcrup@ietf.org" <dcrup@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1cbd0495d5e7055263c9ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/8833IZoMmqw_62RqH6wiYJtHVv4>
Subject: Re: [Dcrup] Is there anything this WG wants to do not yet in draft-ietf-dcrup-dkim-crypto-01 ?
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 12:57:08 -0000
Giving this document a quick read I see several things I would change. 1. You say you are using EdDSA with SHA-256? Does this mean you intend to use the HashEdDSA variant see ( https://tools.ietf.org/rfcmarkup?doc=8032#section-4)? If so you should say so. 2. I wouldn't specific generic EdDSA but rather EdDSA with a specific curve. This is both for practical reasons (I don't want to have to distinguish keys by len()) and for algorithmic reasons (you want to use a stronger digest algorithm than SHA-256 with X448) 3. You shouldn't name the keys ecdh(fp) but rather eddsa(fp) These keys are not intended for use with key exchange but rather signature. The document actually seems kinda confused on this point with the text saying one thing and the table saying another. -Ekr On Tue, Jun 20, 2017 at 5:38 AM, Salz, Rich <rsalz@akamai.com> wrote: > > Not to nag or anything, but I think this draft addresses everything in > the WG's > > charter, assuming the charter is adjusted to deprecate SHA-1. > > > > Could people take a look and see if you agree? If so we could move it > to last > > call and be within hailing distance of wrapping things up. > > Let me be more "official" > > Once the charter change is approved (Murray is working on that with > Alexsey), I'd like to put this into WGLC. Any concerns? > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup >
- [Dcrup] combo update draft-ietf-dcrup-dkim-crypto… John R Levine
- Re: [Dcrup] combo update draft-ietf-dcrup-dkim-cr… Martin Thomson
- Re: [Dcrup] combo update draft-ietf-dcrup-dkim-cr… John R Levine
- Re: [Dcrup] combo update draft-ietf-dcrup-dkim-cr… Martin Thomson
- Re: [Dcrup] Is there anything this WG wants to do… John Levine
- Re: [Dcrup] Is there anything this WG wants to do… Salz, Rich
- Re: [Dcrup] Is there anything this WG wants to do… Eric Rescorla
- Re: [Dcrup] Is there anything this WG wants to do… John R Levine
- Re: [Dcrup] Is there anything this WG wants to do… Eric Rescorla
- Re: [Dcrup] Is there anything this WG wants to do… Jon Callas
- Re: [Dcrup] key rotation, was Is there anything t… John R Levine
- Re: [Dcrup] Is there anything this WG wants to do… Scott Kitterman
- Re: [Dcrup] Is there anything this WG wants to do… Scott Kitterman
- Re: [Dcrup] Is there anything this WG wants to do… John R. Levine
- Re: [Dcrup] Is there anything this WG wants to do… John R. Levine
- Re: [Dcrup] Is there anything this WG wants to do… Scott Kitterman
- Re: [Dcrup] Is there anything this WG wants to do… Peter Goldstein