Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add

Scott Kitterman <sklist@kitterman.com> Sat, 10 June 2017 20:34 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFABF126D85 for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 13:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AGxK2jE4kyLe for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 13:34:52 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 635C312944B for <dcrup@ietf.org>; Sat, 10 Jun 2017 13:34:49 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id B330CC40218 for <dcrup@ietf.org>; Sat, 10 Jun 2017 15:34:47 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1497126887; bh=CO2ME56P3GOxHwWRsrK50ZCeeRk6axsUc3Kr6qnh2N8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=aa5WGiU85Q+q/ialUlVMKt0qw9ukUus+h2rxe1jqH5Edwi4+BZE+6ZzaHFRksbZCm VrUiHLfw9HFi2MyiP5mPwmWh464SZ/MGIvPfoNvFucOQptfzUPXitlAhCFrleCdlpj 1zQ1iXX15S1oKCs/FcZ+mu27f9TuE00untU/a8zs=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Sat, 10 Jun 2017 16:34:47 -0400
Message-ID: <8667981.ECuWKPzl1m@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-119-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <alpine.OSX.2.21.1706101527500.17660@ary.qy>
References: <20170610125545.14232.qmail@ary.lan> <e867f8b5b99c4b498b80c6f851fca175@usma1ex-dag1mb1.msg.corp.akamai.com> <alpine.OSX.2.21.1706101527500.17660@ary.qy>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/_93je1OAu1HMDvD_DBlu-Hbb_10>
Subject: Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2017 20:34:54 -0000

On Saturday, June 10, 2017 03:28:57 PM John R Levine wrote:
> > Yes, the key sizes are fixed depending on the curve.  The encodings of
> > curves are different and not self-describing.  If you see a string of
> > bytes lying on the ground, you can't necessarily tell anything about the
> > key -- if it is one, it's size, and which curve applies.  You need
> > external state such as knowing the signing algorithm; that shouldn't be
> > a problem.
> 
> That's no problem, the DKIM key record has a field for the algorithm.
> 
> > Supporting Ed25519 will not come with zero code changes.  But minimal I
> > think.
> Since we have a lot of lazy programmers who will need to do this, how
> different is ED25519 sign/verify from RSA?

For Python (I know, not everyone cares, but I do), PyNaCl offers a maintained 
and reasonably simple API for this:

https://pynacl.readthedocs.io/en/latest/signing/#example

As an implementer that would need to implement this, it seems eminently 
doable.  I'd prefer something supported in the Python standard library, but 
I'm certainly not holding my breath for it.

Scott K