IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 proposals

Hector Santos <hsantos@isdg.net> Wed, 21 June 2017 00:25 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503F3129490 for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 17:25:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.209
X-Spam-Level:
X-Spam-Status: No, score=-1.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=Os8M7MDl; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=T4q+r+9x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCqWqaftcHM9 for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 17:25:05 -0700 (PDT)
Received: from winserver.com (unknown [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 4F4CD12AF6E for <dcrup@ietf.org>; Tue, 20 Jun 2017 17:25:01 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1427; t=1498004699; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=0HUWAprFFVMbrZzURWmf/ExMiQM=; b=Os8M7MDl4O0m1LamPkLwKra9+MxhEaRZuzyThBgd/2DHfi1l6PsoVMaQ2VCQU0 HQQdHMjEw4HaxmcILjQlbLO2lrLoRG9sDXvupROM5WRCYOWQ7J9M0U2D/VByU7Rc TahRn3+zHre1rr+Qfu4oZqHqP5VMMHH81wvybrp5rdyLE=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.5) for dcrup@ietf.org; Tue, 20 Jun 2017 20:24:59 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 2363578018.1.5612; Tue, 20 Jun 2017 20:24:58 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1427; t=1498004493; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=XMztUXn +VBlOgPVTgC8n3VhIH4K/t4ezBLg0Kj6vG68=; b=T4q+r+9xxuX6uk+E8Sh8c/c kUZhGQzsa9rgQQNa8bk5QSMzjX+R03INSpVui+jFdJ9xyI6qFwG5GprxAQPnEkKh Li5w96gV97a2XJv8Kgj540qyXPp1+ftOyEaTH1UshgD9oqd/idqXFt3dEeyn4CR6 o69TPkU5UxilUFLd4Mv4=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.5) for dcrup@ietf.org; Tue, 20 Jun 2017 20:21:33 -0400
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 2906130939.9.622420; Tue, 20 Jun 2017 20:21:32 -0400
Message-ID: <5949BCD7.4030207@isdg.net>
Date: Tue, 20 Jun 2017 20:24:55 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dcrup@ietf.org
References: <20170620230641.18814.qmail@ary.lan> <5949ADA0.3050702@isdg.net> <CAOZAAfNhX0Z+V8Cm=L_mKXKeFQhh7u_gSAFYV65VmsMasL0X6A@mail.gmail.com> <66bc2692-7807-9e5c-329d-77c2759d89f1@bluepopcorn.net>
In-Reply-To: <66bc2692-7807-9e5c-329d-77c2759d89f1@bluepopcorn.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/I8dzrLQ30I679Lnz9GmQn__BSa0>
Subject: Re: [Dcrup] rsa-sha1 proposals
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2017 00:25:07 -0000

On 6/20/2017 7:53 PM, Jim Fenton wrote:

> I agree that the document should say that signers MUST NOT sign using
> SHA-1. Even though SHA-1 hasn't been broken seriously enough to be
> exploitable in this application, it's good for us to be out in front
> of that.
>
> Several people have said that it doesn't matter whether we say MUST
> NOT verify rsa-sha1 or SHOULD NOT verify rsa-sha1. That may very well
> be true, but we shouldn't be in the habit of saying MUST NOT for
> something that is actively being used and is not currently
> exploitable. We should be paying at least lip service to
> interoperability by saying MUST NOT sign prior to saying MUST NOT verify.
>
> Any signers that are concerned about downgrade attacks (bad actors
> creating valid rsa-sha1 signatures somehow, despite the domain using
> rsa-sha256) should put h=sha256 in their key records to close that
> possibility.

+1.

If the document were to suggest "Keep in mind, future Verifiers MAY 
NOT support SHA1"  then this may enough of an incentive for new and 
old signers to begin avoiding SHA1, even for the smallest of DKIM 
applications.

The "higher coverage" verifier will most likely keep SHA1 simply to 
avoid any future support issues. Therefore, it would really help via 
policy to give the verifier what is to be expected.  The key "h=" 
protocol information should be updated to help in this area.


-- 
HLS

v2.45.0 | Report a Bug | By Email | System Status