Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt
"John R Levine" <johnl@taugh.com> Mon, 12 June 2017 09:45 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30C4412E042 for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=iecc.com header.b=cCvA5h4Z; dkim=neutral reason="invalid (public key: not available)" header.d=taugh.com header.b=ayHkDT+B
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xto0drZKkQF for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:45:04 -0700 (PDT)
Received: from miucha.iecc.com (www.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BB6F1294D8 for <dcrup@ietf.org>; Mon, 12 Jun 2017 02:45:04 -0700 (PDT)
Received: (qmail 60834 invoked from network); 12 Jun 2017 09:45:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=eda0.593e629f.k1705; bh=V+AbKZRNSHUaI9X4Mycc1J2/hYDH3jpXs69H7mHTzzs=; b=cCvA5h4ZDZjecMnRSiK/vW4MkuYFJM4S8XVGiAgm2CrsFaY9OZNWC856gkcF410ixfsCl9D+1tX+tLx0vG654AOdlt6rFv4SIMkxdzI9yqxxzXmVjDeYzmv3jKYmpuKRx5TrWho3LIxLDB4fnMXngeWFeGtdeTjZYKfdEBdo6mPsmZL4cXgde39QDRHvyHNfSEUeN9VRRJ+I6z/u04Ie3gA1j3OqiTbAqG/3LfmpxxkfNF9L1CYN+LRol+2TWuBr
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=eda0.593e629f.k1705; bh=V+AbKZRNSHUaI9X4Mycc1J2/hYDH3jpXs69H7mHTzzs=; b=ayHkDT+BncW2kPaSrF8tTX+YCoomwse1bhe/XYGyRiB7GEvLvN+BBg76WZuo0z7kRfBOgRzwoPvEUMSgXKqjO4s271QCey2JYcj85XAm7x47/3QMtdkzFdPuWJheCw7+jWYTlUjt1XIQE14hH3mLFfV1ROozd2GyPvQMZfLin25RO8VSv7Cnze7v1+GKFbuWCvx0adwMcTFKe7CShdNS3vptUVsWZsyFFH5VKJAHquaSqnDcbQXfjxd4HoZqY9DD
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 12 Jun 2017 09:45:03 -0000
Date: Mon, 12 Jun 2017 10:45:02 +0100
Message-ID: <alpine.OSX.2.21.1706121039140.19565@ary.local>
From: John R Levine <johnl@taugh.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: dcrup@ietf.org
In-Reply-To: <CABkgnnUxsWUwiKvee7ngFNv5jz8==c1mAJpJYD3eD5VMKZqntQ@mail.gmail.com>
References: <CABkgnnXAVni8Xgms2snX9LrGRd+xKuyt8VTU_XmXgh4ksBqHEw@mail.gmail.com> <20170611231340.17586.qmail@ary.lan> <CABkgnnUxsWUwiKvee7ngFNv5jz8==c1mAJpJYD3eD5VMKZqntQ@mail.gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/S9qCOuaOJEHKw9n1D06LtGEO2hM>
Subject: Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 09:45:06 -0000
>> At this point it seems likely that we'll do the elliptic crypto so I'm >> inclined to skip the key hashes. > > This is an odd angle to take here. > > Key hashes would remove the limit entirely. I appreciate that you > think that 1024-1156 is of marginal benefit, but the benefit of key > hashes is that you can use the existing, certified, and tested > primitives AND keys that you have already. It's a much smaller > increment. That makes me inclined to think that hashed-RSA has some > value. If the RFC 8032 algorithm isn't existing, certified, and tested, we've got problems beyond DCRUP. Hashes in principle are simple, but they got taken out in 2006 because of complaints about bulking up the signature with the key, and we can bikeshed forever on which hash to use and how to represent it. If people are going to make one change to update their DKIM signers and verifiers, I'd rather they add a protocol switch to add better crypto. Also remember that 2K RSA signatures work fine in DKIM. The problem is cruddy DNS provisioning software that won't publish multi-string TXT records. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usage-0… internet-drafts
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Russ Housley
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Mark D. Baushke
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… John Levine
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Eric Rescorla
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… John R Levine
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Eric Rescorla
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Phillip Hallam-Baker
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Salz, Rich
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Jim Fenton
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Jim Fenton
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Phillip Hallam-Baker