Re: [Dcrup] New algorithm availability was: Re: draft-ietf-dcrup-dkim-crypto-00
Scott Kitterman <sklist@kitterman.com> Fri, 19 May 2017 17:46 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 143E4129AB0 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UNzxTGjO_bE2 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:46:29 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BC20129AA0 for <dcrup@ietf.org>; Fri, 19 May 2017 10:46:29 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 2BF4FC4010C for <dcrup@ietf.org>; Fri, 19 May 2017 12:46:28 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1495215988; bh=LlmNxSGUjq2+OpTT8GC3VZetw0AYC/oHRCRvxHjZTZM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=zyiR6Yxlwg5ccvnMjzH/nCjOL17yuxVsDD3MbAg+jo4S4NR3PD+Ok2U0SleL3wUTn MJBLOlQ5yzCIj5gFJ2JBGKH/eFsYbzT2xyw4g2XUBA3FAJkoGmbLYgDKqlt4fYkQHI RipNg9Azdmsd+u3gd0g1a12zVQPQWyN15Jc8dCgM=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Fri, 19 May 2017 13:46:27 -0400
Message-ID: <4953918.gJaR4Uu6GM@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-119-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <4ff2a3a3ce94418489111c61aea21489@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <20170519143049.4908.qmail@ary.lan> <4250639.jMYMH1ii8S@kitterma-e6430> <4ff2a3a3ce94418489111c61aea21489@usma1ex-dag1mb1.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/Qg01Gv93aToJYqmE28H1QRSABY8>
Subject: Re: [Dcrup] New algorithm availability was: Re: draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:46:30 -0000
On Friday, May 19, 2017 05:20:43 PM Salz, Rich wrote: > > Generally, yes, but DKIM verifiers don't support it currently, so for this > > purpose, not yet. > > This issue of "we need to move forward; we have an installed base" is not > new. RSA2K doesn't fit in many DNS TXT records, so I think that will be an > additional driver to upgrade. You may disagree. I agree there will be drivers to upgrade, but regardless of the drivers, upgrades take time. I think we have two problems to address: 1. What can be done within the scope of deployed software that was developed based on the RFC 6376 requirements (which can be deployed now) 2. What should be done to modernize crypto for DKIM for the longer term that, while it will require software upgrades, will keep DKIM fit for purpose for a long (FSVO long) time. I think they both are important. I think the first one is really easy to specify and cross off the list (I am personally very interested in being able to tell people "No, I don't have to verify your 512 bit key. RFC 6376 has been updated by RFC XXXX. Please join the latter half of the second decade of the 21st century). It's likely we disagree less than I infer you imagine. Scott K
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein