IETF Logo Mail Archive

Re: [Dcrup] Working Group Last Call for draft-ietf-dcrup-dkim-crypto

Scott Kitterman <sklist@kitterman.com> Fri, 01 December 2017 23:57 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A868E126E64 for <dcrup@ietfa.amsl.com>; Fri, 1 Dec 2017 15:57:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id McArdSzgE6wx for <dcrup@ietfa.amsl.com>; Fri, 1 Dec 2017 15:57:34 -0800 (PST)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 269A9124234 for <dcrup@ietf.org>; Fri, 1 Dec 2017 15:57:34 -0800 (PST)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 3DA8AC401BB for <dcrup@ietf.org>; Fri, 1 Dec 2017 17:57:32 -0600 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1512172652; bh=9vs0Bjx6imMDK5Vi07Mj+G/uItvmoTib3Noisvub7Xs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mDZP8d1xjCBtUsKF687WJ/0jz/mMjAY8Qp5LTc60PIi1jXzo5wIkcbkMW6xeddD+5 vrqtc4/uRLAvtcP+J4Eag3tr/1JGLCKMDbDmeGjbprfGV20sknH6QOjkMZ+ssYlc2H mNhCzmcnVlzB9aRPLvLa4AfRgG/MK673uU3PScFM=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Fri, 01 Dec 2017 18:57:31 -0500
Message-ID: <2005843.OrHkAfkQ5T@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-133-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CAL0qLwb_WHM_e2odpc6gL2birKvVCKGpTpnW0oO_OUqWwFuo_g@mail.gmail.com>
References: <CAL0qLwb_WHM_e2odpc6gL2birKvVCKGpTpnW0oO_OUqWwFuo_g@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/L3MN5a_dj2yIMzmrxxy6pAFD2ko>
Subject: Re: [Dcrup] Working Group Last Call for draft-ietf-dcrup-dkim-crypto
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 23:57:36 -0000

On Friday, December 01, 2017 11:45:50 AM Murray S. Kucherawy wrote:
> Colleagues,
> 
> We hereby begin Working Group Last Call for draft-ietf-dcrup-dkim-crypto,
> to end December 15th.  Please review the document and post the (preferably
> at least somewhat detailed) results of your reviews to the list or to the
> chairs and author by end of that day.  Assuming no major revisions or
> discussion are needed, we hope to have this shipped to Alexey by the
> beginning of the December holidays.

I've reviewed the document (and started working on implementation).  I think 
it is generally ready to go, but I have four comments:

1.  The existing RFC 6376 signature algorithms specify what to use for hash-
alg.  That's missing from the Ed25519-SHA256 definition in section 3.  As 
implied by the name (and discussed on the list), the hash-alg should be 
SHA256.  Recommend replacing the leading sentence phrase in section 3 with:

The Ed25519-SHA256 Signing Algorithm computes a message hash as described in 
Section 3.7  of [RFC6376] using SHA-256 [FIPS-180-3-2008] as the hash-alg, ...

This matches the way other signing algorithms are described in RFC 6376.

2.  For clarity, per some of the IETF LC feedback on draft-ietf-dcrup-dkim-
usage, recommend adding after the main body of section 3 and before the note:

This is an additional DKIM signature algorithm added to Section 3.3 of 
[RFC6376] as envisioned in Section 3.3.4 of [RFC6376].

3.  Private key storage format

Unlike RSA, Ed25519 does not appear to have a standardized textual format.  I 
think it might make sense to specify that for DKIM Ed25519 purposes the 
private key is stored as the base64 encoded output of the RFC 8032 Section 
5.1.5 private key generation processes.  This would provide a (slightly) human 
readable private key representation that could be used by different 
implementations so that operators can safely switch implementations without 
regenerating keys and that are more understandable for trouble shooting 
purposes.

4.  Examples

It would be nice to have at least one signing example for implementers to use 
to verify correctness.  I currently have either a signing bug or a 
verification bug in my work and I'm not sure which.  If I had a known correct 
example to bounce my signing results against, that would help a lot.

Scott K

v2.23.0 | Report a Bug | By Email