Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt
Eric Rescorla <ekr@rtfm.com> Mon, 12 June 2017 09:50 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7784812E043 for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:50:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wwnv1NYBuwlv for <dcrup@ietfa.amsl.com>; Mon, 12 Jun 2017 02:50:06 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 659931204DA for <dcrup@ietf.org>; Mon, 12 Jun 2017 02:50:06 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id l75so34056753ywc.3 for <dcrup@ietf.org>; Mon, 12 Jun 2017 02:50:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+Ce/uPotIVtDo5q3dqcXI6iORgk2vhHs1QVvURxnm/4=; b=ZNqky3QtuB5I3KyXDd4CLyoS9GOOU4SDYgEPPN3gNjU4KW2ytsNSCDeJWaaNbyYjkj 4OhAZRa/sGSBu/XLPDBqPGfvz7F99MTM2tYpZxVs46mv1l7WSjujti6fspvNWA2y0yWw 11J0yTkuaIPu4rYi+iyMXY+LkiEay16id6c1/QdMt29VMcTYkcrDju0a+sNxMx6FJVob uKHrHnnKBkEPbM5e90QuA/muB/SJ9oJ5RxExABnA3scxnHpeI5Ld0vebW9Y5vydJAH/q lKY8nv5xMN7YQaACzypYCgRrzJZBZM8oFLsJl2Kp/D20ORqhKDXVJHoDRPWlAhPhtqnM o/tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+Ce/uPotIVtDo5q3dqcXI6iORgk2vhHs1QVvURxnm/4=; b=eUQicC0EiA2zakxC/GtTNGvvrluSNw27J/avwIzFMl+k2gMRoKSG6Gzo8zkGHRYGkL pFLQPBdLBoPPiDwL/K4wIzoWO10Alv7JO/rldsQNtTGdDBiIoqRUnFTWI9yNmZk2m3m0 k5j19wLh1c7Cr9P4e2IofYWM+NsA8nIk5v9DhRcvTh6stBnuzwXjnZxEoMkB3Xmf4zBT /dc75rdgpAHzvhpLeBnpcFVpVzVGQvLDLARzqlIgin1O7RJ17opYr8ainw1c/y/6QFJK k4ZVAnbSCqt0Ad5YB3wEyfjjyr5KPrCkakirLP9bjlHLJnqVt1K8qyUN5LKmK0b2a63h E54A==
X-Gm-Message-State: AODbwcCGmwYa3gnmK2+kR6AeEF/RTKqwjLgYN8JtyGsG8ec5Jv0RrC39 OmMdio0Jbu3WJMuDi1xfaSh8rUFU87KQ
X-Received: by 10.129.109.4 with SMTP id i4mr25059788ywc.3.1497261005621; Mon, 12 Jun 2017 02:50:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.144 with HTTP; Mon, 12 Jun 2017 02:49:25 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.21.1706121039140.19565@ary.local>
References: <CABkgnnXAVni8Xgms2snX9LrGRd+xKuyt8VTU_XmXgh4ksBqHEw@mail.gmail.com> <20170611231340.17586.qmail@ary.lan> <CABkgnnUxsWUwiKvee7ngFNv5jz8==c1mAJpJYD3eD5VMKZqntQ@mail.gmail.com> <alpine.OSX.2.21.1706121039140.19565@ary.local>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 12 Jun 2017 10:49:25 +0100
Message-ID: <CABcZeBO_RanavMmMEmw3XjC5Kuj8cLFki3WbxcqkheDM45fozg@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, dcrup@ietf.org
Content-Type: multipart/alternative; boundary="001a114dd184605d890551c03e98"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/bVbIohPlirUlgXechosoyMpBpIE>
Subject: Re: [Dcrup] stronger crypto, I-D Action: draft-ietf-dcrup-dkim-usage-02.txt
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 09:50:09 -0000
On Mon, Jun 12, 2017 at 10:45 AM, John R Levine <johnl@taugh.com> wrote: > At this point it seems likely that we'll do the elliptic crypto so I'm >>> inclined to skip the key hashes. >>> >> >> This is an odd angle to take here. >> >> Key hashes would remove the limit entirely. I appreciate that you >> think that 1024-1156 is of marginal benefit, but the benefit of key >> hashes is that you can use the existing, certified, and tested >> primitives AND keys that you have already. It's a much smaller >> increment. That makes me inclined to think that hashed-RSA has some >> value. >> > > If the RFC 8032 algorithm isn't existing, certified, and tested, we've got > problems beyond DCRUP. Hashes in principle are simple, but they got taken > out in 2006 because of complaints about bulking up the signature with the > key, and we can bikeshed forever on which hash to use and how to represent > it. You can bikeshed on anything, but I don't see how this is actually a particular problem, given that you can pin the hash to the signature algorithm, as we do with elliptic curves. TBH, I'm not sure why we're debating this point, given that hashes are actually in the charter: "DCRUP will consider three types of changes to DKIM: additional signing algorithms such as those based on elliptic curves, changes to key strength advice and requirements, and new public key forms, such as putting the public key in the signature and a hash of the key in the DNS to bypass bugs in DNS provisioning software that prevent publishing longer keys as DNS TXT records." If people are going to make one change to update their DKIM signers and > verifiers, I'd rather they add a protocol switch to add better crypto. > Yeah, the issue here is that hashes set us up for the future. -Ekr > >
- [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usage-0… internet-drafts
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Russ Housley
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Mark D. Baushke
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… John Levine
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Eric Rescorla
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… John R Levine
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Martin Thomson
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Eric Rescorla
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Phillip Hallam-Baker
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Salz, Rich
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Salz, Rich
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Jim Fenton
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Scott Kitterman
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Martin Thomson
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Jim Fenton
- Re: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-usa… Murray S. Kucherawy
- Re: [Dcrup] stronger crypto, I-D Action: draft-ie… Phillip Hallam-Baker