Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt

"John Levine" <johnl@taugh.com> Mon, 12 June 2017 09:20 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 178D21294C8 for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:20:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.358
X-Spam-Level:
X-Spam-Status: No, score=-0.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6c7mFJjg63S for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:20:21 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01A312708C for <dcrup@ietf.org>; Mon, 12 Jun 2017 02:20:20 -0700 (PDT)
Received: (qmail 58383 invoked from network); 12 Jun 2017 09:20:19 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 12 Jun 2017 09:20:19 -0000
Date: Sun, 11 Jun 2017 23:13:40 -0000
Message-ID: <20170611231340.17586.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dcrup@ietf.org
Cc: martin.thomson@gmail.com
In-Reply-To: <CABkgnnXAVni8Xgms2snX9LrGRd+xKuyt8VTU_XmXgh4ksBqHEw@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/a8XOTOeFKzWC3m1m41_jTp1EotE>
Subject: Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 09:20:22 -0000

In article <CABkgnnXAVni8Xgms2snX9LrGRd+xKuyt8VTU_XmXgh4ksBqHEw@mail.gmail.com> you write:
>1156 is better, but I was hoping for a bit higher than that.  I would
>include text that suggests this (explaining the limitations you set
>out regarding the whitespace and so forth), but note that the
>additional security margin is, well, marginal.

Of course it is.  My draft has two approaches to stronger crypto in
256 bytes of TXT.  One is key hashes with the key in the signature,
the other is elliptic crypto.

At this point it seems likely that we'll do the elliptic crypto so I'm
inclined to skip the key hashes.

R's,
John