Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-usage-04.txt
Scott Kitterman <sklist@kitterman.com> Thu, 02 November 2017 01:12 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9D4C13F591 for <dcrup@ietfa.amsl.com>; Wed, 1 Nov 2017 18:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7mTQxDqh7rt for <dcrup@ietfa.amsl.com>; Wed, 1 Nov 2017 18:12:42 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F541386A1 for <dcrup@ietf.org>; Wed, 1 Nov 2017 18:12:42 -0700 (PDT)
Received: from [10.85.41.183] (mobile-166-170-35-78.mycingular.net [166.170.35.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 88966C4021F; Wed, 1 Nov 2017 20:12:40 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1509585160; bh=qLTGCd0QUdfi1/sdNqGWLvL7H/s2NXcB48WW6gLoW5w=; h=Date:In-Reply-To:References:Subject:To:From:From; b=FFDzsTgDVHK0wmpJjzcrr+asnh4upqUhl/oJcAAceAGFwlqRMTJB42cJMXdrH26sz f1ccjHIBRgZ73o2WF3xGU8FiFyR6MnAVLdjCHfGHUM6TPLPraIgVTfDd7VAonHvNVd IQEstPr0m10Bj3o1HZ/QUIV5F+mP4/K+jZM62uds=
Date: Thu, 02 Nov 2017 01:12:35 +0000
In-Reply-To: <CAL0qLwYM_k7gUDWX8=ZNoROj=zFtQuW9pTqvRLtvwSHDEDTNGQ@mail.gmail.com>
References: <1504117534.496823.1090155768.0E7DA2E2@webmail.messagingengine.com> <CAL0qLwbz3AsKdvZXPfopBO7MY+f3mcY0Ae_yStAWkRJnqGGGEQ@mail.gmail.com> <1504117985.498428.1090164600.651D13E7@webmail.messagingengine.com> <CAL0qLwYuBK55=+ANGLoPk0EazHjsgUcWcgWgo7ptA4QUqD+4aA@mail.gmail.com> <1504177085.2153024.1090910512.3EA32E07@webmail.messagingengine.com> <CAL0qLwYM_k7gUDWX8=ZNoROj=zFtQuW9pTqvRLtvwSHDEDTNGQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dcrup@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <185C158A-6306-426E-98B8-2E73D5056178@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/KME03qXU8YsS3ULU8FXybdSfEAs>
Subject: Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-usage-04.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 01:12:45 -0000
On November 1, 2017 6:45:16 PM EDT, "Murray S. Kucherawy" <superuser@gmail.com> wrote: >Circling back on this, which is the remaining point: > >On Thu, Aug 31, 2017 at 3:58 AM, Alexey Melnikov ><aamelnikov@fastmail.fm> >wrote: > >> On Thu, Aug 31, 2017, at 01:11 AM, Murray S. Kucherawy wrote: >> >> On Wed, Aug 30, 2017 at 11:33 AM, Alexey Melnikov ><aamelnikov@fastmail.fm> >> wrote: >> >> >> >> On Wed, Aug 30, 2017, at 07:29 PM, Murray S. Kucherawy wrote: >> >> The first line in Section 4 already says this updates 3.3 of RFC6376. > You >> think we need to be more specific? >> >> >> >> As I mentioned: I think sections 3.3.2 and 3.3.4 are still relevant. >If >> this document is replacing 3.3 and its subsections, some of this is >lost. >> >> If you really intended to replace 3.3 and its subsections, it would >be >> worth adding "and its subsections" to the draft. >> >> >> The draft says "updates", but you're saying "replaces". I don't see >those >> as the same thing. What this document says is to my mind treated as >an >> overlay, not a replacement; read RFC6376, then read this for current >> advice, then act. >> >> I assume you are replacing the whole sections. If this is not what >you are >> doing, the document is even less clear and need to be clarified. >> >> If it's better to say this updates a specific subsection, then that's >also >> reasonable. I just thought what we have is sufficient. >> >> >> Yes, please be specific. I couldn't be certain which sections are >still in >> force and which were updated. >> > >I propose this, replacing our document's current Section 4: > >4. Update to DKIM Signing and Verification Algorithms > > Section 4.1 updates the text in [RFC6376] Section 3.3. > > Section 4.2 updates the first paragraph in [RFC6376] Section 3.3.3. > >4.1. DKIM Signing and Verification Algorithms > > DKIM supports multiple digital signature algorithms. Two algorithms > are defined by this specification at this time: rsa-sha1 and rsa- > sha256. Signers MUST sign using rsa-sha256. Verifiers MUST be able > to verify using rsa-sha256. rsa-sha1 MUST NOT be used for signing or > verifying. > > DKIM signatures signed with historic algorithms (currently rsa-sha1) > or with insufficient key sizes (currently rsa-sha256 with less than > 1024 bits) have permanently failed evaluation as discussed in >[RFC6376] Section 3.9 ><https://tools.ietf.org/html/rfc6376#section-3.9>. > >4.2. Key Sizes > > Selecting appropriate key sizes is a trade-off between cost, > performance, and risk. Since short RSA keys more easily succumb to > off-line attacks, Signers MUST use RSA keys of at least 1024 bits for > all keys. Signers SHOULD use RSA keys of at least 2048 bits. > Verifiers MUST be able to validate signatures with keys ranging from > 1024 bits to 4096 bits, and they MAY be able to validate signatures > with larger keys. Verifier policies can use the length of the > signing key as one metric for determining whether a signature is > acceptable. Verifiers MUST NOT consider signatures using RSA keys of > less than 1024 bits as valid signatures. > >Alexey, would this suffice? > >-MSK That would leave the new language about permanently failing tied only to rsa-sha1 and not also in key size. I would either split the second paragraph of 4.1 to put with insufficient key size in 4.2 (DKIM signatures signed with insufficient key sizes (currently rsa-sha256 with less than 1024 bits) have permanently failed evaluation as discussed in [RFC6376] Section 3.9 <https://tools.ietf.org/html/rfc6376#section-3.9>) or move the whole paragraph up into section 4. Scott K
- [Dcrup] AD review of draft-ietf-dcrup-dkim-usage-… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Murray S. Kucherawy
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Hector Santos
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Murray S. Kucherawy
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Martin Thomson
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Murray S. Kucherawy
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Scott Kitterman
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Murray S. Kucherawy
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Scott Kitterman
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Scott Kitterman
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Alexey Melnikov
- Re: [Dcrup] AD review of draft-ietf-dcrup-dkim-us… Murray S. Kucherawy