IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 usage

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 13 June 2017 15:28 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97BDD131915 for <dcrup@ietfa.amsl.com>; Tue, 13 Jun 2017 08:28:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mpvsOMm7iXE for <dcrup@ietfa.amsl.com>; Tue, 13 Jun 2017 08:28:16 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89314131924 for <dcrup@ietf.org>; Tue, 13 Jun 2017 08:14:22 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id e11so32064796oia.2 for <dcrup@ietf.org>; Tue, 13 Jun 2017 08:14:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=3AdUvRpITEeImWsjC9MxFFgWWJPWUgJ/xogc15swICY=; b=LHzpwRw3eqRXQZNxihRjWCGgimpLx4H3ewtPmrlE5Ur0DUM98QVwOQS2n5hZqKhJdl ++zwXukdEJKBNE2meEBqU3+TrQsijICS5e0wiNu2xSd9AC7/f/L2tWhpTUlpSjLZEHfh 3FRjK32A+xktXMD49ZFLbBqghQF1yt72jEAC9SMv0tBmw7m8g7c0sSZJEQ+HSPuToafz Q7XQPKs5VSo0hSktvlHIEVMDUxcKmRSCi5QPzinY/5mZEQSbsqVvpLx/jJTjzjUOHLUO nktNQndHQUAE8ytSmIZiOpaNkW5OT5uL3BjKn1ZrE6ZDw/RWKY6G9FN/n28PEODoYVz+ 1scA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=3AdUvRpITEeImWsjC9MxFFgWWJPWUgJ/xogc15swICY=; b=WT2LubpwpQA3SYVzDhIM/wnLumkPd99lBFZ7Es9DiQXDSWtgl/Jp1ya1PwEN3XRuUQ 66p5fdaLh+rUVfbyN24RDxiE9WwBlKNW+lVCyQVNERwMAmnuDZuwrZUBXGvxqPB2dZDd lRfF9kxSZEHbjT8qe0VHcpo6vpQAhOVRFGeuCt72kFNOsWFAgJJuaXPB+0CyB8su2JJ/ lmpAnDQE1l/PSQ7cP0UguQOEfjCMhOV0nAKjqUZiZ92QCD2vYQLX6S1IkSvUAxS0MjPW wdQJ8P21AFlDa8PzTEImdfhDkptzBFxqB4wOlJ5er5hmhNA1zIUhbbeeU1cfaQvzXSnc r8bA==
X-Gm-Message-State: AKS2vOw4Y8sE2DpcJ5vpjvqJ+cq1i1kLeKBg2LvgZOm3AVLp03XTxmFr 1MXzhx/mqZnwXAsv4Mt4LeVf4RLhHA5O
X-Received: by 10.202.236.20 with SMTP id k20mr248876oih.20.1497366861840; Tue, 13 Jun 2017 08:14:21 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.46.225 with HTTP; Tue, 13 Jun 2017 08:14:19 -0700 (PDT)
In-Reply-To: <aa52134a-ac20-bd70-8834-1598a8eaa536@bluepopcorn.net>
References: <m38tkw53bd.fsf@carbon.jhcloos.org> <CABa8R6s6rzc+Ky8sLWcK7NtforSksEhNRkWVeF=k1v8GC80knw@mail.gmail.com> <m3wp8gpx20.fsf@carbon.jhcloos.org> <CAOj=BA2O+Hf2VGOtbmnqY2M5J9u8uJ7wm7SxEW551SXBwDdanw@mail.gmail.com> <5bf52517591d4950aec335d31bcf3631@usma1ex-dag1mb1.msg.corp.akamai.com> <aa52134a-ac20-bd70-8834-1598a8eaa536@bluepopcorn.net>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 13 Jun 2017 11:14:19 -0400
X-Google-Sender-Auth: S19orQK_ugk6ROZF1YhYmKIXUQY
Message-ID: <CAMm+LwgJtCDRQ=sktY+dDzCaBcYhzU7rN1OqT=3czn6b7aB1NQ@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: dcrup@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/NgDfwXWjgGOspIL8XpcpJyiImTM>
Subject: Re: [Dcrup] rsa-sha1 usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2017 15:28:18 -0000

The issue of trust lifetime is now very problematic due to the use
DKIM signatures are being put to. In particular the verification of
purported leaks from the DNC and other places.

The DNC material was verified by means of the DKIM signatures. Other
material has been exposed as fake by the lack of signatures. And
please, let us not get into idiot discussions of whether people who
hack into politicians email might redact, suppress or forge material,
of course they would. People who use dishonest tactics are going to do
anything they can get away with and no, nobody is going to be able to
guarantee the material is genuine without a mechanism such as DKIM.

As it stands, the break in SHA-1 is not sufficient to introduce a
forgery but could certainly be used for mischief (if you can't see
how, you lack imagination). Remember that in this campaign, the
opponent is hacking into infrastructure because simply planting a seed
of doubt serves their malignant ends.

So the SHA-1 issue is very clearly a security issue. It is in fact a
critical national security issue. The question is what to do about it.


I suggest the following:

Signers MUST NOT use SHA-1 or RSA 1024.
Verifiers MAY accept SHA-1 or RSA 1024.

The rationale here is that you do not get better security from
introducing a new algorithm. You only improve security by withdrawing
an insecure algorithm.

v2.30.2 | Report a Bug | By Email | System Status