Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06

Jim Fenton <fenton@bluepopcorn.net> Mon, 18 September 2017 17:14 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CBD81342E6 for <dcrup@ietfa.amsl.com>; Mon, 18 Sep 2017 10:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESmsso3rK9Hm for <dcrup@ietfa.amsl.com>; Mon, 18 Sep 2017 10:14:00 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B9F91342DB for <dcrup@ietf.org>; Mon, 18 Sep 2017 10:13:59 -0700 (PDT)
Received: from splunge.local (sfosf0017s350801.wiline.com [64.71.6.2] (may be forged)) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id v8IHDv32015409 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dcrup@ietf.org>; Mon, 18 Sep 2017 10:13:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1505754839; bh=G9SP9WctRnxvPTEe2O4Dn/BtClg8XCM5ltwaBXET66E=; h=Subject:To:References:From:Date:In-Reply-To; b=gZL3lqSXUG3mTnbjmKFFjMUewo7QGzw7zmmrVzPBFumthRuczOTZTcDImglqLgUvn 7Z0uRVb6GBh5g/KzBCaTVNj4+s1gPLxxoky5ZqOYfIvAeWPtQiP+mvuw0qMxh5oAQT NAfWD8GEKCATFO0Wn7TMIWMkMjdLKGBwtonrtMfI=
To: dcrup@ietf.org
References: <20170916051535.2177.qmail@ary.lan>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <a771978b-5e1c-2885-914a-ff465f41e9eb@bluepopcorn.net>
Date: Mon, 18 Sep 2017 10:13:52 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <20170916051535.2177.qmail@ary.lan>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/FUemqcuM84ZILIhF4jUfjPWBR_s>
Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 17:14:01 -0000

On 9/15/17 10:15 PM, John Levine wrote:
> In article <1739837.QWERb01LVO@kitterma-e6430> you write:
>>> As far as I can tell, this is about as done as it's going to get.
>> Do we really need to add both rsafp and ed25519?
>>
>> I thought we had ~agreed (or at least discussed) earlier to only add ed25519 
> In July I proposed only doing EC but there was no consensus.  I would prefer
> not to rerun old arguments unless we have learned something new in the meantime.

I haven't found your proposal, but I asked on Jabber at the Prague
meeting whether one or the other would suffice, and repeated that
question on the list. See thread "Do we need both hashed RSA and
elliptic curves?" that begins on 21 July. There were responses from 7
people including you, and I didn't see anyone arguing that we should
have both (although it's not my place to judge consensus).

We would be doing a disservice if we require everyone to support two
ways of solving the key length problem unless there is a compelling
reason to do so.

I also support the use of elliptic curve signatures rather than rsafp.
Part of the reason is that rsafp may have IPR issues (see disclosure
3025). AFAIK EC signatures avoid this problem unless the selector DNS
record contains a hash of the public key, which shouldn't be necessary
because the key is shorter. I have no opinion on the choice of curve used.

-Jim