Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03

denis bider <denisbider.ietf@gmail.com> Mon, 10 July 2017 02:21 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C925131474 for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 19:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfE72qyqLMNU for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 19:21:42 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 201A012ECCB for <dcrup@ietf.org>; Sun, 9 Jul 2017 19:21:42 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id x125so30438097ywa.0 for <dcrup@ietf.org>; Sun, 09 Jul 2017 19:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KMnHgPi4HuK6O3uLkFCeIvdrJPPcLuvLTjq+4Mm4eTQ=; b=b2HIizsZfLY7hz6sTBWYV8qYgm7d1zfmEN6lFXGQQEwpNepH30CgWNraIfssKgIDcB e9FpS83u0JYdrwbA278W/rBgHBg5eHSElLbQTmgVTo2ln3/Y6HDbKKiTvsAgamIK5+80 sKos9OBVZ/ql3rdTuID6kmQoMIj/MIzXh57TN2mz6cEvLHGSkHwG63a8JRr5MqBzyxVz d2KBxnhS2cghsYGy7t77EQluiQnnIH8m7KB0d9FspeXmn5Z9xOcycCAbir7hJojCfLyr NpdzQXnpsXgiFIZXLiRTYZD7mNMKlEkH6NBvhYyHwAP7Haa0cpBxwha5/vsWvEVLfm// YpXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KMnHgPi4HuK6O3uLkFCeIvdrJPPcLuvLTjq+4Mm4eTQ=; b=UDO4mShLf6LH42fSW4rlhU/zws2iK5Ihf/1vROcwFaQbZNg0/b4/9q/RpqowHtphnV quOtdMziAvkJj+aToUUdxFAyZu2M2Q5cg9OqZOsM9D4krMrngnHeqdMFXwBdt8zwOH3u p0jAd0k5I1G65h9Y9FJvD37glVZdT0R5CrRVSgT6IPNuXZgNFbae0M1Za8dhzqWPtOsn 6i5Xr1D77Aj0BLJjPDXaJ0vSmFekBUvNALYpDTED5BL9B0kLp6MCL01jgquNPSt1I4i9 aVYcZWPo5E/hDmRIBaccHjijwc89SueY6gCRnHbEM+KPH1QtqW3fExL9o//cRe2ALOhI drCg==
X-Gm-Message-State: AIVw113gDrNHFT6i4biiC/IVTHCI9+nLm7PkWu/pE19odQN468RQ2rMD uCO1JdoobUnW5YW4DzKmozmoGPV/Ug==
X-Received: by 10.129.86.11 with SMTP id k11mr10255028ywb.154.1499653301369; Sun, 09 Jul 2017 19:21:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.173.203 with HTTP; Sun, 9 Jul 2017 19:21:40 -0700 (PDT)
In-Reply-To: <F16764CE-D4C4-4A48-9779-37BC8C2D1261@bluepopcorn.net>
References: <CABkgnnW8nnoRGKoJQ4STAcT6CXdWFRCpz0h20hw+ksfw1x0PGg@mail.gmail.com> <6d4b76c9b42848f1b18c42ba22895993@usma1ex-dag1mb1.msg.corp.akamai.com> <CABcZeBM-qh+iW_+Br2URpdjHsLZ_L1xqZWUVirW-8-E7k4cvzg@mail.gmail.com> <564f297f17424f34b4ba1e118ab6f62c@usma1ex-dag1mb1.msg.corp.akamai.com> <D4D564D0-73C6-45CA-9962-33106229DE02@bluepopcorn.net> <220DB06A-E06D-4DAF-ADE6-7536B6E43630@callas.org> <aeee2c9019114d9789a2cd768f0b15e1@usma1ex-dag1mb1.msg.corp.akamai.com> <F16764CE-D4C4-4A48-9779-37BC8C2D1261@bluepopcorn.net>
From: denis bider <denisbider.ietf@gmail.com>
Date: Sun, 09 Jul 2017 20:21:40 -0600
Message-ID: <CADPMZDB03S5ffc3_Ker=h08japc2PGAbch3F=+jRL9ZBjCzs3w@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, "dcrup@ietf.org" <dcrup@ietf.org>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, Jon Callas <jon@callas.org>
Content-Type: multipart/alternative; boundary="001a11431a1c50884e0553ed3e47"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/f6-V_36ObzB85zq0gfTLNX50nJA>
Subject: Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 02:21:44 -0000

We can break down the following levels of future proofing:

(1) Future event occurs, and no changes are needed by anyone. The event is
already accounted for by configurations, implementations, and
specifications.

(2) Future event occurs, and changes are needed to configurations. The
event is already accounted for by implementations and specifications.

(3) Future event occurs, and changes are needed to implementations, which
must then be deployed. The event is already accounted for by specifications.

(4) Future event occurs, and changes are needed to specifications, which
must then be implemented and deployed. The event is not accounted for.

In this case, when we're talking about "future proofing", we are dealing
with category (4). We cannot do (1), (2), or (3) because although we know
what the future event might be (quantum computing), we do not have a
solution we can specify at this time.

Therefore, we can have no future proofing. All talk of future proofing is
pointless because we cannot future proof for this event until we AT LEAST
can move to category 3 instead of 4. And to move to category 3, we need to
be able to specify something that explicitly addresses the future event.

Requiring fingerprints for ECDSA or EdDSA does nothing for future proofing.
If the future event occurs, we will still be dealing with a category 4
event that requires new specifications, new implementations, and new
deployments. No work will be spared.


On Sat, Jul 8, 2017 at 1:08 AM, Jim Fenton <fenton@bluepopcorn.net> wrote:

> On Jul 7, 2017, at 4:24 PM, Salz, Rich <rsalz@akamai.com> wrote:
>
> >> For what it's worth, I agree with Jim and Ekr. Hashing is just fine.
> >
> > Is it fine, or is it a required or just good?
> >
> > Nobody is saying there is anything wrong with hashing.  Several are
> saying that, given the limitations of some DNS deployments, it is useful to
> avoid the indirection and just put the key when we can.
>
> What DNS deployment limitation would be adversely affected by the use of a
> hash? I can't think of any.
>
> "Avoid the indirection" makes it sound like more network round-trips would
> be required if a hash is used. No more network traffic is involved; the
> verifier only needs to compute the hash of the key included in the message
> and compare that with the fingerprint included in the key lookup response
> from DNS. The verifier can even check the signature prior to receiving the
> DNS response, if it wants.
>
> I'm supporting publishing key fingerprints because I think it's slightly
> more future-proof, and having been burned by that once already, I don't
> want to make the same mistake again. But if rough consensus decides
> otherwise, we go with that of course.
>
> I still haven't heard an answer to the following question I posed about
> the fingerprints, though: Will the fingerprints always be sha256, or do we
> need to specify the fingerprint algorithm in the DNS record? In other
> words, will we assume that sha256 will be strong enough for the life of
> this protocol?
>
> -Jim
> _______________________________________________
> Dcrup mailing list
> Dcrup@ietf.org
> https://www.ietf.org/mailman/listinfo/dcrup
>