Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03

"Salz, Rich" <rsalz@akamai.com> Sat, 08 July 2017 02:24 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FFB412EBFB for <dcrup@ietfa.amsl.com>; Fri, 7 Jul 2017 19:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6yaZddwq_XF for <dcrup@ietfa.amsl.com>; Fri, 7 Jul 2017 19:24:18 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 382B4120454 for <dcrup@ietf.org>; Fri, 7 Jul 2017 19:24:18 -0700 (PDT)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v682MO1i021296; Sat, 8 Jul 2017 03:24:10 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=S9n21hXjMSiqY/6jiyBdYu7blIZbYA3toPtHAGWko20=; b=ejBcyOzWFYxk7tXqIMpYTHWKGGK7xgf01xBx2Bm6KpHOpKTaQlsG34Cx7+LW7o4xpGw6 nJpHz2xnQroTstRQUBpFa5Uten9YDYhQDcnpKqoji4vUmgnyITlg+2eYLeN6u4MaGBfK yynunKgNQC4hwJ8BOMMcJYEvauTyc3LV8YKwej5BkVXXRjAQbHlRpimAGf0buAOdYcfy 343H9qF2RbWBejKT5KYjqlMyp8zJaK4OdPL1wy86U4sY0LUIjSPKHb3NsMkr3Qy0BnJ7 zj9jMMncUzC49FY/6T/8jhgeuVrerTrcfacX9r8mwEN0AvAhccsHydF7Drdd68jw16CU 8g==
Received: from prod-mail-ppoint1 (a184-51-33-18.deploy.static.akamaitechnologies.com [184.51.33.18] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 2bhry2679u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 08 Jul 2017 03:24:08 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v682KV0v011875; Fri, 7 Jul 2017 22:24:06 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2be72uhbx4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 07 Jul 2017 22:24:06 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb4.msg.corp.akamai.com (172.27.123.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Jul 2017 19:24:06 -0700
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Jul 2017 22:24:05 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Fri, 7 Jul 2017 22:24:05 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Jon Callas <jon@callas.org>, Jim Fenton <fenton@bluepopcorn.net>
CC: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, "dcrup@ietf.org" <dcrup@ietf.org>
Thread-Topic: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
Thread-Index: AQHS9s/65iHlD+jTJUCp9nqNsWi4aqJIdm4AgABK/oD//76KMIAAX4UAgAAs0wCAAChLwA==
Date: Sat, 08 Jul 2017 02:24:05 +0000
Message-ID: <aeee2c9019114d9789a2cd768f0b15e1@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <CABkgnnW8nnoRGKoJQ4STAcT6CXdWFRCpz0h20hw+ksfw1x0PGg@mail.gmail.com> <6d4b76c9b42848f1b18c42ba22895993@usma1ex-dag1mb1.msg.corp.akamai.com> <CABcZeBM-qh+iW_+Br2URpdjHsLZ_L1xqZWUVirW-8-E7k4cvzg@mail.gmail.com> <564f297f17424f34b4ba1e118ab6f62c@usma1ex-dag1mb1.msg.corp.akamai.com> <D4D564D0-73C6-45CA-9962-33106229DE02@bluepopcorn.net> <220DB06A-E06D-4DAF-ADE6-7536B6E43630@callas.org>
In-Reply-To: <220DB06A-E06D-4DAF-ADE6-7536B6E43630@callas.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.72]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-08_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707080039
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-08_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707080040
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/hs4A8q3Ohbci0oJmPeqhNF6GbPk>
Subject: Re: [Dcrup] Review of draft-ietf-dcrup-dkim-crypto-03
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 02:24:19 -0000

> For what it's worth, I agree with Jim and Ekr. Hashing is just fine.

Is it fine, or is it a required or just good?

Nobody is saying there is anything wrong with hashing.  Several are saying that, given the limitations of some DNS deployments, it is useful to avoid the indirection and just put the key when we can.