IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 proposals

Scott Kitterman <sklist@kitterman.com> Wed, 21 June 2017 00:11 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5579112956B for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 17:11:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOexZwvdKk1c for <dcrup@ietfa.amsl.com>; Tue, 20 Jun 2017 17:11:30 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 724BF1289B5 for <dcrup@ietf.org>; Tue, 20 Jun 2017 17:11:30 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 24174C400E6 for <dcrup@ietf.org>; Tue, 20 Jun 2017 19:11:29 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1498003889; bh=E1qT1FRcFvSkOR3ZwflzYZClB96J9yrCv76laPn3nAk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=TvqYpriH0FfC6SHR1vhOKVWAAWZGJDs5XYrT3yq0NblIcDfMsplO7M5DEEQYdJGTy rQgWhvnhjvNUbsmxdrBo5cMPaPfuGZjJFw+jyQV43RA+Yn4MtulZjocg7Gk0hh7jug 2BOMB3XyAHXLp94UD2q71zvH6419ZYQL5+Eyrnko=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Tue, 20 Jun 2017 20:11:28 -0400
Message-ID: <9555495.sOxsJ65lRg@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-119-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <5949B49D.3010400@isdg.net>
References: <20170620230641.18814.qmail@ary.lan> <CAOZAAfNhX0Z+V8Cm=L_mKXKeFQhh7u_gSAFYV65VmsMasL0X6A@mail.gmail.com> <5949B49D.3010400@isdg.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/YrZCEtm_Vhiz1X3bP37Tw8lZxfE>
Subject: Re: [Dcrup] rsa-sha1 proposals
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2017 00:11:32 -0000

On Tuesday, June 20, 2017 07:49:49 PM Hector Santos wrote:
> On 6/20/2017 7:38 PM, Seth Blank wrote:
> > On Tue, Jun 20, 2017 at 4:20 PM, Hector Santos <hsantos@isdg.net
> > 
> > <mailto:hsantos@isdg.net>> wrote:
> >         Back in 2007 RFC 4871 said "In general, sha256 should always
> >         be used
> >         whenever possible."  I think people have had enough warning,
> >         and if we
> >         want to kill it, we should just kill it.
> >     
> >     Unless whitelisted, this will create invalid SHA1 signatures from
> >     perfectly good domains.  New systems who initially avoid SHA1
> >     legacy support will quickly learn not all systems use SHA256. i.e
> >     a quick support problem.
> > 
> > To me, this is exactly the point. People have had ten years to switch
> > to SHA-256. At this point, people will only move if the threat of
> > breakage is upon them. And this isn't breakage, this is a document
> > that says using SHA-1 is no longer acceptable, and you MUST use
> > SHA-256. If it's the right security recommendation, we should say it
> > explicitly.
> 
> My point is the protocol/document should also discuss how to deal with
> SHA1 legacy operations when dealing with a migration design issue, not
> ignore its existence, i.e. kill it, wipe it out, remove it from
> discussion.  New verifiers following such advice may quickly see a
> problem when they see SHA1.   Should the document suggest to
> invalidate them?  Can a key lookup or DMARC lookup enforce this?
> (Preferred)    If SHA1 can be exploited for a domain, then the domain
> should be able to provide a hint to the verifier about its validity.
> Or should a verifier just completely ignore it, therefore inherently
> invalidating the signature for lack of SHA1 support?

I think it would be useful for DMARC feedback reporting to be extended to 
include the signing algorithm used, but that's off topic for this working 
group.

Scott K

v2.43.4 | Report a Bug | By Email | System Status