Re: [Dcrup] Hashed Key Records
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 22 June 2017 23:44 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 908EF129B0A for <dcrup@ietfa.amsl.com>; Thu, 22 Jun 2017 16:44:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlfJU3Jzas9h for <dcrup@ietfa.amsl.com>; Thu, 22 Jun 2017 16:44:56 -0700 (PDT)
Received: from mail-ot0-x231.google.com (mail-ot0-x231.google.com [IPv6:2607:f8b0:4003:c0f::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B445129BAC for <dcrup@ietf.org>; Thu, 22 Jun 2017 16:44:55 -0700 (PDT)
Received: by mail-ot0-x231.google.com with SMTP id y47so21738102oty.0 for <dcrup@ietf.org>; Thu, 22 Jun 2017 16:44:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=uDa+eO/f/Mkwq4fhzTC0jBIA1FgsZT2brBmfH0c4NhQ=; b=mxafzFuHE0yhVJhEe7oO3LImh9FQeeCru1iDa7U/bzDJ+kQ1rZM03ewqBAXugG/MNP /u0/lLw6ulyVYBjuFk6z1JjT+PpNPP1n4lIqbgiq65DuQiYKh3Mj1GofD7k1lIhsk28e OLekurOtv4ZU2GVeZeLBd4iwMgkBCINwiuazeu2Gshk4ktT+5xHkJtKdwYgP4teUCOyy Ai07g6W6H9IGxEc9mysBS6Tywo1jKrv9Vh2SweA9QuKym/nG4QKsjm0DtEV8vo1PZ0X5 o+YUbIcc7QMwcjct7Yt5UNYLNrlpf37o0qc5mwHyyJccgZEQOghRLb+iN9Db2rXdpM7K c16A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=uDa+eO/f/Mkwq4fhzTC0jBIA1FgsZT2brBmfH0c4NhQ=; b=ND6uB8qY/DIDDW7pFNko9gbmhR/BhCnLiCkJy74CPnRD8HHCPRA0J1SWr/Enln35pI /Ydxl6eGcUJoFo9qqe0eIztQSyxnurqYcobIf1+sOZTLZk9QrwNxAb3QtOZRxFahnGfJ 0tJAJckdbQLV9DjwHggEA7zEd+wbQ/Hi4vlHdRPVm1kzLbO26gpAuvpMAqJvdqrWxnFm nL07tS/inJ7KLZyHhCHhidNYVytR0r4wrdc4JcI5oA2p9Rivp9xsZRqJwEkcO/i3RP8a roRG9x5P0yJKBx4L2yWZ3o+w2msGSMUNIHLG0pGXXzjcfIE0EoMzIyR9vzCmjZeeToTU ko/g==
X-Gm-Message-State: AKS2vOzvI6Ov0aRu9XbMkHSBo+Q1IKEAfWBMWFOPjQWeTflxIbkMFcnq coFG1n8QiqPAPdUGmhVuKnnx0Bz75w==
X-Received: by 10.157.63.139 with SMTP id r11mr2552621otc.28.1498175094699; Thu, 22 Jun 2017 16:44:54 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.14.206 with HTTP; Thu, 22 Jun 2017 16:44:54 -0700 (PDT)
In-Reply-To: <2793611.63lxTaCm4r@kitterma-e6430>
References: <2793611.63lxTaCm4r@kitterma-e6430>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 22 Jun 2017 19:44:54 -0400
X-Google-Sender-Auth: ZeZjohjwmVy_YUW1a8hQ2fcmMTw
Message-ID: <CAMm+Lwiu=bkQTmQsaaM6_-_kcPi6DEH3VPnJfB=3jDRtiGSyaQ@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dcrup@ietf.org
Content-Type: multipart/alternative; boundary="001a11c04b8054bc4005529512fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/ZgWPy1E25Fm8lOOe7wxgdWgkh8I>
Subject: Re: [Dcrup] Hashed Key Records
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jun 2017 23:44:59 -0000
I would really like to get to a point where we could use one fingerprint format everywhere. This would then allow fingerprints to be cut and pasted from one place to another. When I suggest we do something of this sort, people say 'write a draft'. Once I write a draft they say I am peddling my proposal. So pretend that I don't have a draft yet. These are the features I think are needed: 1) Use Base32 encoding. DNS labels are case insensitive. Using fingerprints in DNS labels is very powerful. It allows DANE like effects without the need for DANE records or DNSSEC. 2) Incorporate the algorithm identifier into the fingerprint, do so in a way that ensures a Base32 fingerprint will never be confused with a PGP fingerprint. 3) Include a description of the content type in the target of the fingerprint. This prevents semantic substitution attacks. 4) Allow for optional grouping of characters to encourage readability. On Thu, Jun 22, 2017 at 7:17 PM, Scott Kitterman <sklist@kitterman.com> wrote: > It seemed like the hashed RSA variant ought to be easy enough to > implement, so > I decided to give it a go. I almost immediately ran into a question. For > terminology, I'm using what openssl says [1] > > I am assuming that "SHA-256 hash of the public key, stored in base64" means > use the output of the digest in binary form (--binary) option and encode > it in > base 64. Is that correct? > > > So if my signing key were (I know, but just to make sure I understand the > tranformations): > > 'Hello World' > > Then the the p tag in DNS would be: > > p=pZGm1Av0IEBKARczz7exkNYsZb8LzaMrV7J32a2fFG4= > > Am I understanding it correctly? > > A python one liner: > > >>> base64.b64encode(hashlib.sha256(b'Hello World').digest()) > 'pZGm1Av0IEBKARczz7exkNYsZb8LzaMrV7J32a2fFG4=' > > Scott K > > > > [1] https://www.openssl.org/docs/man1.1.0/apps/sha256.html > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup >
- [Dcrup] Hashed Key Records Scott Kitterman
- Re: [Dcrup] Hashed Key Records Phillip Hallam-Baker
- Re: [Dcrup] Hashed Key Records Steve Atkins
- Re: [Dcrup] Hashed Key Records Phillip Hallam-Baker
- Re: [Dcrup] Hashed Key Records Scott Kitterman
- Re: [Dcrup] Hashed Key Records Phillip Hallam-Baker
- Re: [Dcrup] Hashed Key Records John Levine
- Re: [Dcrup] Hashed Key Records Scott Kitterman
- Re: [Dcrup] Hashed Key Records denis bider
- Re: [Dcrup] Hashed Key Records Salz, Rich
- Re: [Dcrup] Hashed Key Records in draft-ietf-dcru… John Levine
- Re: [Dcrup] Hashed Key Records in draft-ietf-dcru… Salz, Rich
- Re: [Dcrup] Hashed Key Records in draft-ietf-dcru… denis bider