IETF Logo Mail Archive

Re: [Dcrup] Adam Roach's No Objection on draft-ietf-dcrup-dkim-usage-04: (with COMMENT)

Kurt Andersen <kurta@drkurt.com> Tue, 24 October 2017 23:35 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FC2F13A441 for <dcrup@ietfa.amsl.com>; Tue, 24 Oct 2017 16:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEzpIb7qKPIK for <dcrup@ietfa.amsl.com>; Tue, 24 Oct 2017 16:35:25 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C25139605 for <dcrup@ietf.org>; Tue, 24 Oct 2017 16:35:25 -0700 (PDT)
Received: by mail-lf0-x22f.google.com with SMTP id a132so25818723lfa.7 for <dcrup@ietf.org>; Tue, 24 Oct 2017 16:35:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hm31MkmPmS9bsyXPqH5l7vNortyhaooxzrQiBjQjlGU=; b=BozCx20smVMTNMo0lG6tWYcy/T1VBX8aoBeWTQ3uZ06AmqWpTKa/7ZnXcOhMFy8hGY WYDn2Q5bKxoeBRkaAwfZIwI1Sg6FwMMR+yp5zb6iXeT9x4FnrgaWiL+LdjVmEO8VUiwu jf5PQpfG8OWl0oP2gNDzd3R0UEP9tHZNOBUHY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hm31MkmPmS9bsyXPqH5l7vNortyhaooxzrQiBjQjlGU=; b=dmUDy5A4Zkr1zsRYFwKneCjwuo3t4dnhFSbFii0MU7o2Oq64HCgFX4674XE8kWAGkd NsoO9pLKNozhrkCPG1JPBeFfc9ko2v1iz9u8wccirNX6AunwHEO1gahzwQuGxZ+E8721 rhkCLMFuQG0flLmdDHzD16hLRVzggQuIJKSj6lDLKWvConPUrcu+4qZxbHUBjOfg5Jb1 fcaTRLsCVYzh7guCn9Pxz3bORkgZMr7HBkq7NPeBfX8T3rM7BCthFFXLVJXDPzBxgl7O FHO0RPE719JufqfRIYusdVhnyfgbMkZnRwQTlNWyDxwKkHkjGmAiSMdiJLHG2Y/nEbwK vDlw==
X-Gm-Message-State: AMCzsaXuPIrq7JoCUTYf8LvDHV4Et0hgE6llSApHr78Md195eOLiHeUS EIhKfW5Qmk9rqK/EZCYUksEpaLRnDE5mrcWAe3uGaOaW
X-Google-Smtp-Source: ABhQp+QuHwJTtVp9KIZCQMvQHH9fWdcg/bPh9jj2qKw19a4yq0c78uNAMLFUqcPUx1bnxZyDqZJKl4rwqSJiq1JauWU=
X-Received: by 10.46.87.12 with SMTP id l12mr7659823ljb.44.1508888123538; Tue, 24 Oct 2017 16:35:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.158.77 with HTTP; Tue, 24 Oct 2017 16:35:22 -0700 (PDT)
In-Reply-To: <CAL0qLwbvRhDqE5o6dXypw-jC71vwdrUJvcmBRRq_64QQw5A9pA@mail.gmail.com>
References: <150649085207.24995.1867894975380491185.idtracker@ietfa.amsl.com> <CAL0qLwYiuq3Pt80pkQc5RNr8VV4pAObkPCMYp1NweoEggii+tQ@mail.gmail.com> <CABkgnnXsHt-jEyCvoqXfrWWoQ3-XbwRKPfrFR0WfG1rxQnjrsA@mail.gmail.com> <2E80204C-37D7-4624-BD23-573C386D7899@kitterman.com> <CAL0qLwbXdwKSnhcjr0raVo1Sh+sRzDypLxzHc1swThkBAY8WFg@mail.gmail.com> <CAL0qLwbvRhDqE5o6dXypw-jC71vwdrUJvcmBRRq_64QQw5A9pA@mail.gmail.com>
From: Kurt Andersen <kurta@drkurt.com>
Date: Tue, 24 Oct 2017 23:35:22 +0000
Message-ID: <CABuGu1pVBARKZBxVR=Sgkb_kB-CuPrHEPqUxZs57HpmABOpi9A@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: Scott Kitterman <sklist@kitterman.com>, dcrup@ietf.org
Content-Type: multipart/alternative; boundary="f403045f8c569c1347055c536427"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/giNgb_eyA7-XJQ0Vb_mM4isE4HM>
Subject: Re: [Dcrup] Adam Roach's No Objection on draft-ietf-dcrup-dkim-usage-04: (with COMMENT)
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 23:35:28 -0000

On Tue, Oct 24, 2017 at 8:03 PM, Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Tue, Oct 24, 2017 at 12:58 PM, Murray S. Kucherawy <superuser@gmail.com
> > wrote:
>
>> On Thu, Oct 19, 2017 at 3:54 AM, Scott Kitterman <sklist@kitterman.com>
>> wrote:
>>
>>> My assumption had been that since there's no valid signature with
>>> rsa-sha1, there's nothing to even consider putting in an A-R header field.
>>>
>>> I think the only result that can go in this case is None.  I hadn't
>>> thought we'd need to say that, but I guess maybe we do.
>>>
>>
>> I think "policy" is the right way to go.  There's nothing technically
>> wrong with an rsa-sha1 signature, but you're deciding not to accept it.
>> It's the same as you deciding you're not going to accept a perfectly valid
>> rsa-sha256 signature on a message simply because that signature didn't
>> include the Subject field.
>>
>
> In fact I would claim that by the definitions in Section 2.7.1 of RFC7601,
> "policy" is the only option.
>

Are we talking about before or after this group consigns sha1 to the ash
heap? Perhaps I'm confused about the sequencing of events that we are
discussing. If the original DKIM spec had allowed rsa-md5 and a previous
(hypothetical) instance of DCRUP had similarly deprecated MD5, what sort of
designation would we expect to be recorded today for such usage?

--Kurt

v2.23.0 | Report a Bug | By Email