[Dcrup] Time For People To Really Stop Using SHA-1 Signatures?
Scott Kitterman <sklist@kitterman.com> Tue, 07 January 2020 23:41 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D036120018 for <dcrup@ietfa.amsl.com>; Tue, 7 Jan 2020 15:41:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=IB1P5qqB; dkim=pass (2048-bit key) header.d=kitterman.com header.b=q15Yvx5l
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5u09dt7bjqV for <dcrup@ietfa.amsl.com>; Tue, 7 Jan 2020 15:41:12 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22108120020 for <dcrup@ietf.org>; Tue, 7 Jan 2020 15:41:12 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id F0A61F802E9 for <dcrup@ietf.org>; Tue, 7 Jan 2020 18:41:10 -0500 (EST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1578440470; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from; bh=jmTAnaHzJnvLZlz35nlkW3+fFajXAXBjgLKB719oRs4=; b=IB1P5qqByZHtGalM61iKmcql5HXsxlFSMS6/JN3OnDaHj7y4+fpMR72i QVfl8LpYLKt0KSyN5mcAJHG3Td2tBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1578440470; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from; bh=jmTAnaHzJnvLZlz35nlkW3+fFajXAXBjgLKB719oRs4=; b=q15Yvx5lt+kJISDQZgTiXZh1NtHmAmSOY8t+ERGoEDZ729C6oMCiXoLO 3rz8HlacRAWndIo0VYlUXbxoHCUILgC2ZUfiEqhi7y1Mc9soYPRhrJw8Ci t3OEybaCqL9PNazSGHX1BgHWGgD72tx6xoh3/srgjsndRhmSqtOkXOXtHR ksDIu/IEAMSPLPPlgbptV39ORLLAfJMw4zH+LopTg/hx5mH1a6h86eUUxW zUisdsSCDmMUTcxPRg3xltZ3bsZoLeJ594vIGWdA+/FLn6fvPI0wdtCwJC SzOsABrjwE8a4228F1OWMfUJ5LY2NiC+3NHv8x1r8t7/zvRvy1DVSQ==
Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id B39ECF801A4 for <dcrup@ietf.org>; Tue, 7 Jan 2020 18:41:10 -0500 (EST)
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Tue, 07 Jan 2020 18:41:09 -0500
Message-ID: <1836468.B6t98xBJ9D@l5580>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/bD4t8Md3-1hOCWA4XMQ3aTQNJr0>
Subject: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures?
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 23:41:14 -0000
https://sha-mbles.github.io/ If I'm reading this right, the last excuse that still trusting SHA-1 DKIM signatures is an OK thing to do is gone. Comments from anyone that really understands thus stuff would be appreciated. Thanks, Scott K
- [Dcrup] Time For People To Really Stop Using SHA-… Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Russ Housley
- Re: [Dcrup] Time For People To Really Stop Using … Viktor Dukhovni
- Re: [Dcrup] Time For People To Really Stop Using … Jim Fenton
- Re: [Dcrup] Time For People To Really Stop Using … Phillip Hallam-Baker
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Scott Kitterman
- Re: [Dcrup] Time For People To Really Stop Using … Salz, Rich
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Salz, Rich
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Hector Santos
- Re: [Dcrup] Time For People To Really Stop Using … Viktor Dukhovni