Re: [Dcrup] rsa-sha1 proposals
Hector Santos <hsantos@isdg.net> Tue, 20 June 2017 23:20 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9129A1293F2 for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 16:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=Uid0S6az; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=GrJ90YqL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JAr_xzbPXhZD for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 16:20:16 -0700 (PDT)
Received: from listserv.winserver.com (catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id B0A391200CF for <dcrup@ietf.org>; Tue, 20 Jun 2017 16:20:10 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=713; t=1498000804; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=PuyH4FK0mPXuRqmWjGfGfpx0uk8=; b=Uid0S6azifFllIrQhQVMN7HgGIrSkyCD5olvguKzZO6RUsALcnaU8Dz1YqWVv/ gcJFAGKJI+vAzN/xtA32vysa2yLhGPP7JaDoIpZap3krawHraMmpcwhwe8ejdaKy FjeNfGbKkRkO6jI9rE+Y6hoLKfe3b1/1GeDwghokEXFkg=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.5) for dcrup@ietf.org; Tue, 20 Jun 2017 19:20:04 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 2359682782.1.3708; Tue, 20 Jun 2017 19:20:03 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=713; t=1498000597; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=N64Ua2j zRLdZYxTz84mcaTyQ8TL3EBgarJXPeFALDAw=; b=GrJ90YqLpydM9BcguB9NnQV YnWaXlHf5OnWkDW1FnER4fBWhjGVuPiu1S9WTinPUoXk7cCwGu1iCSlGOO+7a3/n XrJLjNdM2IED6P1Z1iTkFWwwgSQb5pxCVnR9J6yTALdovzQJI6L585kipSUPw+M5 F/6sADFJ6kCnlDnn8ir4=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.5) for dcrup@ietf.org; Tue, 20 Jun 2017 19:16:37 -0400
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.5) with ESMTP id 2902235923.9.622312; Tue, 20 Jun 2017 19:16:37 -0400
Message-ID: <5949ADA0.3050702@isdg.net>
Date: Tue, 20 Jun 2017 19:20:00 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dcrup@ietf.org
References: <20170620230641.18814.qmail@ary.lan>
In-Reply-To: <20170620230641.18814.qmail@ary.lan>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/J1sYWrRUJhm7mMl45S1-5JVw9es>
Subject: Re: [Dcrup] rsa-sha1 proposals
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 23:20:17 -0000
On 6/20/2017 7:06 PM, John Levine wrote: > In article <CABuGu1q66gCCVeurfdV3qF3yvKyL8PbBoW5D94mvNNatVtRT+g@mail.gmail.com> you write: >> I'm in favor of moving strongly and clearly to kill sha1, but what about >> moving it out to the registry with a dated "MUST NOT". > > Back in 2007 RFC 4871 said "In general, sha256 should always be used > whenever possible." I think people have had enough warning, and if we > want to kill it, we should just kill it. Unless whitelisted, this will create invalid SHA1 signatures from perfectly good domains. New systems who initially avoid SHA1 legacy support will quickly learn not all systems use SHA256. i.e a quick support problem. No thanks. -- HLS
- [Dcrup] rsa-sha1 proposals Scott Kitterman
- Re: [Dcrup] rsa-sha1 proposals Seth Blank
- Re: [Dcrup] rsa-sha1 proposals Scott Kitterman
- Re: [Dcrup] rsa-sha1 proposals Salz, Rich
- Re: [Dcrup] rsa-sha1 proposals Jim Fenton
- Re: [Dcrup] rsa-sha1 proposals Kurt Andersen
- Re: [Dcrup] rsa-sha1 proposals Brandon Long
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Scott Kitterman
- Re: [Dcrup] rsa-sha1 proposals John Levine
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Seth Blank
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Jim Fenton
- Re: [Dcrup] rsa-sha1 proposals Scott Kitterman
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals Salz, Rich
- Re: [Dcrup] rsa-sha1 proposals Scott Kitterman
- Re: [Dcrup] rsa-sha1 proposals Hector Santos
- Re: [Dcrup] rsa-sha1 proposals John Levine
- Re: [Dcrup] rsa-sha1 proposals John Levine
- Re: [Dcrup] rsa-sha1 proposals Brandon Long
- Re: [Dcrup] rsa-sha1 proposals Phillip Hallam-Baker
- [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-02 Jim Fenton
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John R. Levine