IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 usage

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 14 June 2017 14:06 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7A0A12E872 for <dcrup@ietfa.amsl.com>; Wed, 14 Jun 2017 07:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JBT6-RNsA5LK for <dcrup@ietfa.amsl.com>; Wed, 14 Jun 2017 07:06:03 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D922F1294B7 for <dcrup@ietf.org>; Wed, 14 Jun 2017 07:06:02 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id s3so1083313oia.0 for <dcrup@ietf.org>; Wed, 14 Jun 2017 07:06:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=VdPPcvIWakc0zo5Yw/NYbyO610CASgVoqgdCaDkah4I=; b=ZsDH9X08Hsjrzy+d1ls3IjClR64xtA8B03lEJ7+K+KAiv1zf9RCjRxAtOmXfaI+F53 Jxn7fpfffcN9QA2MjZ1i63Pp86l+5dLDzrQxh7s5zjhTYBrdUlDqpEWopnEC1Nhi9BR1 2d+6S6anqZqdvVBktU7zjeBQRrh6rIWit7YM4ZwuwlnROuuDOuooSePKCIEaxxO3b5EW Oyf44HDGxzQ3unW6kLpUazn6bUhHW+l23kaG4V8NdaRYNFEE/RHjpbhMjFQUozmtz/Xy jbkrgcv3E0QWyaiCVMaN5Dx5c01+zYUX1QPxBB/Widf+aR9hBbEY/VrFRS092/xk7ueu l7rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=VdPPcvIWakc0zo5Yw/NYbyO610CASgVoqgdCaDkah4I=; b=r/g3sFAHOT7qoociQYS+t/PRRsOItwSgHA9CwWahyIV4b8PSpoKboB0LrghOK6IZbf bq2fw1WtgSq9VfNYDmxSqsqiKNO/Fq0HnOFyJm7yP4g0grqhlQK63lE4D7Ipr7vILjOo z+eb7i0RbbgL1F3VpVtfZXnl/A9jHhlFqZ///YfR70FkVItyhLnr/Ii7ucnd0OjUojpW A/IC8ZKKt/r25Q3fspOB+LSQ6F/sUbNmXf1ePHRpFikA/w+I/bnQUXTV58c/13Qt5WqD ZD8zG7wUV+IdBCQbPsEGUE3do7z4AbQkRADvOUfmwWXxy+cmQf9HjIdjtFlgRvLx25h5 ScCg==
X-Gm-Message-State: AKS2vOyviHaVvVgohXDkhF2kSxOqgRWjeGz/yHo9nZJt5pkZPtQB8cKR 1TqAE2DxgL6mMKlObE2n4PyW8QiNgg==
X-Received: by 10.202.102.142 with SMTP id m14mr186522oik.154.1497449162103; Wed, 14 Jun 2017 07:06:02 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.23.5 with HTTP; Wed, 14 Jun 2017 07:06:01 -0700 (PDT)
In-Reply-To: <CAL0qLwa1yTRDPp33vf2vR3ozcxgSeAyrsZKsPZ90TPm3eXgrFA@mail.gmail.com>
References: <m38tkw53bd.fsf@carbon.jhcloos.org> <CABa8R6s6rzc+Ky8sLWcK7NtforSksEhNRkWVeF=k1v8GC80knw@mail.gmail.com> <m3wp8gpx20.fsf@carbon.jhcloos.org> <CAOj=BA2O+Hf2VGOtbmnqY2M5J9u8uJ7wm7SxEW551SXBwDdanw@mail.gmail.com> <5bf52517591d4950aec335d31bcf3631@usma1ex-dag1mb1.msg.corp.akamai.com> <aa52134a-ac20-bd70-8834-1598a8eaa536@bluepopcorn.net> <29B74569-6BB3-43F8-9549-566DA405B1FF@kitterman.com> <CAL0qLwaqPwb+cNhRCWLBp2qjTWtS65JAvstc9GfrhDDXRv+d6w@mail.gmail.com> <57fda1d5-b0b7-f226-60db-7f4c47233fc7@bluepopcorn.net> <CAL0qLwbFE5PzpOWzn-DwQ2D0z0=OAtEJLnwBbq2hk2SK2pc4Bg@mail.gmail.com> <87dfdc8c-5acc-e51e-a6d3-1e35611419b7@bluepopcorn.net> <BFDFAA4E-F253-497A-9881-D2223B45037A@kitterman.com> <CAMm+LwiPpPXbebhuKguRGzjtOMXv-=t9vS951R2nLSbjj+167Q@mail.gmail.com> <CAOZAAfPKvChF7wmsZ6mhsJ6VaArJ2AC+CqM1voY_RbHJ6WGr5Q@mail.gmail.com> <CAL0qLwa1yTRDPp33vf2vR3ozcxgSeAyrsZKsPZ90TPm3eXgrFA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 14 Jun 2017 10:06:01 -0400
X-Google-Sender-Auth: tWaOpz20FKJaiFWdwxXLHLswU-Y
Message-ID: <CAMm+LwjiHiD0JGscz4d-3w3joPkzoVzxZVXzLwvW8EH-kFjxnw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: Seth Blank <seth@valimail.com>, dcrup@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/VjJbUCRKCLy8ct4HK0HSkz4uMwc>
Subject: Re: [Dcrup] rsa-sha1 usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jun 2017 14:06:05 -0000

On Wed, Jun 14, 2017 at 8:34 AM, Murray S. Kucherawy
<superuser@gmail.com> wrote:
> On Wed, Jun 14, 2017 at 3:02 AM, Seth Blank <seth@valimail.com> wrote:
>>
>> On Wed, Jun 14, 2017 at 5:24 AM, Phillip Hallam-Baker
>> <phill@hallambaker.com> wrote:
>>>
>>> It is a two step process in my view. First you rip out the generate,
>>> then once the transition is complete, you rip out the accept.
>>
>>
>> I disagree. SHA-1 has been deprecated for far too long, but is still in
>> wide use by major players. I'd argue step 1 was taken ages ago (with a
>> SHOULD, not a MUST, but still...) and we're at step 2 *now* because senders
>> aren't complying with up-to-date crypto standards on their own.
>> [...]
>
>
> I think that's an interesting perspective, specifically that step 1 was
> taken a while ago, and I agree.  What we're discussing is the right way to
> "rip out the accept".
>
> I don't believe that either actor will be compelled to do anything more by
> "MUST NOT" than by simply "We don't use that anymore because $REASONS."
> I've been a medium-sized receiver before, and I work for a large sender now.
> If I decide I'm going to comply with the update, either prose is compelling
> to me.  Am I exceptional in that regard?  Maybe I'm atypical because I'm an
> IETF participant, but to me the general issue here plain old operational
> inertia rather than the absence of an RFC telling them what to do.

I don't understand your line of reasoning. I certainly disagree with it.

DKIM is an IETF specification. If IETF makes a change then M3AAWG will
almost certainly follow suit. But I do not think it at all likely
M3AAWG would start making suggestions on technical matters like this
in preference to IETF action.

People ignore standards all the time. But there are consequences.
Getting people to upgrade their crypto is actually one of the easier
things to persuade people to do. The only circumstance when it becomes
hard is when the new crypto is not widely understood by the
applications that must receive the messages and there is no way to
negotiate an upgrade. That is why S/MIME was stuck doing 3DES for a
decade.


Any transition has to be driven by the state of the deployed
infrastructure. The sequence of facts that need to be gathered are as
follows:

X = proportion of implementations that accept RSA/SHA-2-256 signatures.

Y = proportion of implementations that accept Ed25519 signatures


>From these facts we then build a state machine that guarantees that
95-99% of all messages will be correctly processed by the deployed
infrastructure.

Phase 1) Dual sign with RSA/SHA-1 and RSA/SHA-2-256

Phase 2) Sign with RSA/SHA-2-256

Phase 3) Sign with Ed25519

The decision to use MUST, MUST NOT, etc. is then driven by math.
M3AAWG does not make the decision but they are probably best placed to
collect the data.

v2.29.0 | Report a Bug | By Email | System Status