Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
"John Levine" <johnl@taugh.com> Mon, 10 July 2017 00:01 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66AF12EB4A for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 17:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Vl5OhmgSo26 for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 17:01:53 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6802126B7F for <dcrup@ietf.org>; Sun, 9 Jul 2017 17:01:52 -0700 (PDT)
Received: (qmail 63867 invoked from network); 10 Jul 2017 00:01:51 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 10 Jul 2017 00:01:51 -0000
Date: Mon, 10 Jul 2017 00:01:29 -0000
Message-ID: <20170710000129.90943.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dcrup@ietf.org
Cc: ekr@rtfm.com
In-Reply-To: <CABcZeBMaZ-q5kVTLF2qK+tqtgf2qAyZFsydZrXzYTLuwC2Ecag@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/U-sKKHUGKhz5Rn5svgAUw5s3mR4>
Subject: Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 00:01:55 -0000
In article <CABcZeBMaZ-q5kVTLF2qK+tqtgf2qAyZFsydZrXzYTLuwC2Ecag@mail.gmail.com> you write: >What I'm trying to do is reduce the additional complexity of adding new >algorithms in the future by having a consistent approach going forward. Given that we will always have code for both hashed and unhashed keys, since unhashed RSA isn't going away, my minimal complexity approach is to add an algorithm with unhashed keys if the keys are small, and with hashed keys if the keys are large. Since DKIM has no opportunity for algorithm negotiation, verifiers have to implement every algorithm that signers might use, so the main goal is to minimize the number of algorithms, regardless of what they are. At this point I'm inclined to take out hashed RSA, since the problem it solves only exists due to stupid configuration software, and anyone who implements hashed RSA would also implent EdDSA which doesn't have the configuration key size problem. As I read RFC 8032, the chances are pretty good that ed25519 will last as long as DKIM does, so we won't have to do this again. R's, John
- [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03 Martin Thomson
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Salz, Rich
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Salz, Rich
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Jim Fenton
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Jon Callas
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Scott Kitterman
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Salz, Rich
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Jim Fenton
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Jon Callas
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Scott Kitterman
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Peter Goldstein
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… James Cloos
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Scott Kitterman
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Russ Housley
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John Levine
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John Levine
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John Levine
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Russ Housley
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John R Levine
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Scott Kitterman
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… John Levine
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… denis bider
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Peter Goldstein
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Peter Goldstein
- Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypt… Eric Rescorla