Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-crypto-03.txt
"John R Levine" <johnl@taugh.com> Tue, 04 July 2017 15:09 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E4B813155A for <dcrup@ietfa.amsl.com>; Tue, 4 Jul 2017 08:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=qiihW5FA; dkim=pass (1536-bit key) header.d=taugh.com header.b=VoqkLA+y
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQLXIKX6af4X for <dcrup@ietfa.amsl.com>; Tue, 4 Jul 2017 08:09:35 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 348B3126C83 for <dcrup@ietf.org>; Tue, 4 Jul 2017 08:09:35 -0700 (PDT)
Received: (qmail 17028 invoked from network); 4 Jul 2017 15:09:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=4282.595bafae.k1707; bh=7P/mBL4DolmUDcsDd202llQiEuFcUqxWw1Lh9tDoTkY=; b=qiihW5FAT71L8CBVQOnMTseyVUMzjEsggosTqRa3jpwPOM0DqOJdCJvriGqLdAzLCH/Fb861NVWi5TUKmqCKP+/Trej95FzBaJNXcRP16EaAd/m0h5gwxqsG18SejnkoFyTBkzf2wlVXM4+gn2H1IB0cGvbDm7oGzIbrZhyWRuLdvEBpvtyXxmYZ30rDlth1Sf4iYmesMYHFeLWpO2Kl88nW2ujoSxs0w0FYFTcwPyOtgR+q8uTfC6O09Ly7TObv
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=4282.595bafae.k1707; bh=7P/mBL4DolmUDcsDd202llQiEuFcUqxWw1Lh9tDoTkY=; b=VoqkLA+yOWcN8ijuzRbWmpBJtjd8z3YxWbrevH6a4sTaibp4Rmx/9Fe6zfwbGCqUlV/mftHZiQeuqrKAD5SCPXTAaFpeuEtN3abZ/ytlLFs9GQYvjGqoJVxpxCI8aoDFS9uBcW0QEjBOm7eSAuxNZsxBhTqsTz8viFfdaAJsif97B64JSLGqoQEQrbolElikISvpZA9KC9oSeEOmyWLFCxJLpDgFNxXYsfDsp8aTIz1YWPLLfPAZKsk4cA0omAdm
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 04 Jul 2017 15:09:33 -0000
Date: Tue, 04 Jul 2017 11:09:33 -0400
Message-ID: <alpine.OSX.2.21.1707041003440.81057@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: dcrup@ietf.org
In-Reply-To: <A9D376FA-0C46-40B6-9E82-B46DFB67D462@bluepopcorn.net>
References: <CABcZeBOs1yZ7q3oBgNeVkw=zSQb_SuS4hqK8BH0ebrD5LRYTFg@mail.gmail.com> <20170702025650.55902.qmail@ary.lan> <CABcZeBM4KEr5CEZq4t9BX50btCRPLhZBAtZN18v_6gZ5B-ni5A@mail.gmail.com> <alpine.OSX.2.21.1707012341180.70305@ary.qy> <CABcZeBOLSrYo8mEQ1evyU7CzctV0VF4r7_bX3nA0oxtHCeEgSQ@mail.gmail.com> <alpine.OSX.2.21.1707021544590.72907@ary.qy> <CABcZeBPbL9EgZhF9t6j1Nt9xU=97oNj1ssaVFaiS8Mgd573evA@mail.gmail.com> <CABcZeBP1w2GPQmfCzQnROunoeXHiB0jodYW7dY3W4tLf5GHDgw@mail.gmail.com> <alpine.OSX.2.21.1707021715300.73525@ary.qy> <CABcZeBPu-hD+0z4_7zJuU_kUog47q6bUf3Cm76L+pyCXgkVGQw@mail.gmail.com> <alpine.OSX.2.21.1707021824130.73724@ary.qy> <CABcZeBPqt3-5Vo1wO1fPPTKWGSHtooJ4wkqYqdjXMqtFE5XS6A@mail.gmail.com> <alpine.OSX.2.21.1707021912110.73724@ary.qy> <CABcZeBMyeUG0jHtCQkV4yVJfuUXYtUacQ2Adwt8gcj8QcmaM9w@mail.gmail.com> <A9D376FA-0C46-40B6-9E82-B46DFB67D462@bluepopcorn.net>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/UhqYh7d1nSQHK47o4JLHIBwA2h8>
Subject: Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-crypto-03.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 15:09:38 -0000
> I agree with ekr on this one: publishing a key fingerprint is the more general solution, even if right now we can't think of keys that require it other than RSA. So why not, in the future, always publish key fingerprints? 1) For the next decade or so, to the extent anyone uses a signature other than plain rsa, I expect they'll use eddsa since it's faster than rsa and the keys are smaller. (Librariess will have the code since they need it to verify other people's signatures, the only question is whether they use it, just like sha-1 and sha-256 body hashes now.) Key hashes use more time and space while providing no benefit to eddsa signatures. It doesn't seem like great design to pessimize the common case. B) Barring surprises, eddsa should be good enough to last as long as DKIM does. But if we have surprises, they tend to be, you know, surprising. Maybe we'll switch to some other elliptic curve which has keys smaller than 1100 bits, in which case key hashes still have no benefit. Or maybe some mega-parellel rainbow table scheme will come out of left field and we'll deprecate all of the sha-N hashes. It doesn't seem like great design to plan for stuff that we can't predict and that will probably never happen. Our crystal ball has never been great: back in 2006 would anyone have suggested that crudware that can't handle multi-string TXT records would be a design issue a decade later? iii) It seems unliely that Cisco will assert your patent, but until they say something one way or the other, who knows. It'd be prudent to be prepared for the eventuality, particularly since it costs us nothing to do so. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [Dcrup] I-D Action: draft-ietf-dcrup-dkim-crypto-… internet-drafts
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Phillip Hallam-Baker
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Eric Rescorla
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… denis bider
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Jim Fenton
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… John R Levine
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-cry… Peter Goldstein