IETF Logo Mail Archive

Re: [Dcrup] rsa-sha1 usage

Scott Kitterman <sklist@kitterman.com> Wed, 14 June 2017 03:28 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D3F3129AEA for <dcrup@ietfa.amsl.com>; Tue, 13 Jun 2017 20:28:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uy4_rmmAXChV for <dcrup@ietfa.amsl.com>; Tue, 13 Jun 2017 20:28:32 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA6212957B for <dcrup@ietf.org>; Tue, 13 Jun 2017 20:28:32 -0700 (PDT)
Received: from android-df929938bd25e485.home.kitterman.com (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 6A7E5C40593; Tue, 13 Jun 2017 22:28:30 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1497410910; bh=DOhQJTAAzupb1p/AcrElGhaXsVxdZL3Nwq4W9GTIOc8=; h=Date:In-Reply-To:References:Subject:To:From:From; b=0/TqOXozeKoz8lRYRKi9CPy7/NLAPBcdD3oh3f+ziRq/AvTgeanc1DutYBhwi/LyG CPwm21usy5a1i8Zo7RdyerwMEdeFBcqUImC2vsaR4q3B2CwvSchrEV+Ama3E1O+0rZ ZWWzwFwudGGKRjAG+ab7vFg9T/gGyrzWGmDjP2Sk=
Date: Wed, 14 Jun 2017 03:28:29 +0000
In-Reply-To: <87dfdc8c-5acc-e51e-a6d3-1e35611419b7@bluepopcorn.net>
References: <m38tkw53bd.fsf@carbon.jhcloos.org> <CABa8R6s6rzc+Ky8sLWcK7NtforSksEhNRkWVeF=k1v8GC80knw@mail.gmail.com> <m3wp8gpx20.fsf@carbon.jhcloos.org> <CAOj=BA2O+Hf2VGOtbmnqY2M5J9u8uJ7wm7SxEW551SXBwDdanw@mail.gmail.com> <5bf52517591d4950aec335d31bcf3631@usma1ex-dag1mb1.msg.corp.akamai.com> <aa52134a-ac20-bd70-8834-1598a8eaa536@bluepopcorn.net> <29B74569-6BB3-43F8-9549-566DA405B1FF@kitterman.com> <CAL0qLwaqPwb+cNhRCWLBp2qjTWtS65JAvstc9GfrhDDXRv+d6w@mail.gmail.com> <57fda1d5-b0b7-f226-60db-7f4c47233fc7@bluepopcorn.net> <CAL0qLwbFE5PzpOWzn-DwQ2D0z0=OAtEJLnwBbq2hk2SK2pc4Bg@mail.gmail.com> <87dfdc8c-5acc-e51e-a6d3-1e35611419b7@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dcrup@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <BFDFAA4E-F253-497A-9881-D2223B45037A@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/aj4b5tTjwe8t_HQEBPiHH_W16G4>
Subject: Re: [Dcrup] rsa-sha1 usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jun 2017 03:28:34 -0000


On June 13, 2017 11:20:42 PM EDT, Jim Fenton <fenton@bluepopcorn.net> wrote:
>On 6/13/17 8:16 PM, Murray S. Kucherawy wrote:
>> On Tue, Jun 13, 2017 at 6:55 PM, Jim Fenton <fenton@bluepopcorn.net
>> <mailto:fenton@bluepopcorn.net>> wrote:
>>
>>>     That being the case, why do we think people will pay attention
>to
>>>     a MUST NOT today?
>>
>>     Because implementations will stop supporting rsa-sha1, forcing
>the
>>     issue for any who upgrade. I'm all for having them stop
>supporting
>>     signing with rsa-sha1, but they should continue to support
>>     verification for a while.
>>
>>
>> We can't have this logic both ways.  Scott claimed nobody pays
>> attention to the advice in RFCs ("Operational practice​ isn't closely
>> coupled with standards changes").  If that's true, then there's no
>> meat to a MUST NOT anyway, and it really only matters what people
>will
>> implement.  And if that's true, then saying current implementations
>> neither sign with nor verify "rsa-sha1" because it's deprecated
>> suffices, and we're done.
>
>Based on no supporting data whatsoever, my conjecture is that
>implementers pay a lot more attention to what RFCs say than people who
>are deploying others' implementations. Which basically boils down to
>MUSTs having a significant effect and SHOULDs having little. Which is
>why I favor making signing with rsa-sha1 a MUST NOT prior to making
>verification of rsa-sha1 signatures a MUST NOT.
>
>-Jim

I agree on the importance of MUST versus SHOULD to implementors.  In general terms, MUST tells me what I have to implement and SHOULD tells me the defaults.

I still think we should MUST NOT both signing and verification for rsa-sha1 if for no other reason than to not require implementations to support three algorithms, but I am starting to get the sense I'm in the rough on that.

Scott K

v2.43.4 | Report a Bug | By Email | System Status