Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03

"John Levine" <johnl@taugh.com> Mon, 10 July 2017 00:01 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66AF12EB4A for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 17:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Vl5OhmgSo26 for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 17:01:53 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6802126B7F for <dcrup@ietf.org>; Sun, 9 Jul 2017 17:01:52 -0700 (PDT)
Received: (qmail 63867 invoked from network); 10 Jul 2017 00:01:51 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 10 Jul 2017 00:01:51 -0000
Date: Mon, 10 Jul 2017 00:01:29 -0000
Message-ID: <20170710000129.90943.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dcrup@ietf.org
Cc: ekr@rtfm.com
In-Reply-To: <CABcZeBMaZ-q5kVTLF2qK+tqtgf2qAyZFsydZrXzYTLuwC2Ecag@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/U-sKKHUGKhz5Rn5svgAUw5s3mR4>
Subject: Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 00:01:55 -0000

In article <CABcZeBMaZ-q5kVTLF2qK+tqtgf2qAyZFsydZrXzYTLuwC2Ecag@mail.gmail.com> you write:
>What I'm trying to do is reduce the additional complexity of adding new
>algorithms in the future by having a consistent approach going forward.

Given that we will always have code for both hashed and unhashed keys,
since unhashed RSA isn't going away, my minimal complexity approach is
to add an algorithm with unhashed keys if the keys are small, and with
hashed keys if the keys are large.  

Since DKIM has no opportunity for algorithm negotiation, verifiers
have to implement every algorithm that signers might use, so the
main goal is to minimize the number of algorithms, regardless of
what they are.

At this point I'm inclined to take out hashed RSA, since the problem
it solves only exists due to stupid configuration software, and anyone
who implements hashed RSA would also implent EdDSA which doesn't
have the configuration key size problem.

As I read RFC 8032, the chances are pretty good that ed25519 will last
as long as DKIM does, so we won't have to do this again.

R's,
John