IETF Logo Mail Archive

Re: [Dcrup] draft-ietf-dcrup-dkim-usage review and progress

Scott Kitterman <sklist@kitterman.com> Mon, 31 July 2017 22:27 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A61127010 for <dcrup@ietfa.amsl.com>; Mon, 31 Jul 2017 15:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaYFLZx3MGJ0 for <dcrup@ietfa.amsl.com>; Mon, 31 Jul 2017 15:27:51 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC9321327DD for <dcrup@ietf.org>; Mon, 31 Jul 2017 15:27:51 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id D424AC4021C for <dcrup@ietf.org>; Mon, 31 Jul 2017 17:27:50 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1501540070; bh=0rCndFH71JFjDu+tUuxmcFeDEbWDEYSVB3gBOvzO4xs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=oatIHauC1ZSXNRDkkUC8es7YMDMrSIOcHKSTuF1yhgTe1QAz30ho79LwF6fbkhR6s CESG7W1zAZL7vH5++L47e3KFajrPoqoup9OxvX1jG1bl2rSiIvgJrfxFZ5ZbD4LSPn BkCK7ROv5EAT3mvXyRfpCF9QBmrC1wZZYT/xBagE=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Mon, 31 Jul 2017 18:27:53 -0400
Message-ID: <5168806.T2ksrY36HR@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CAL0qLwZMJaErTa=t2t4vHPvFGHapcRrXqs7e-i_gbsPDd0OohQ@mail.gmail.com>
References: <CAL0qLwZMJaErTa=t2t4vHPvFGHapcRrXqs7e-i_gbsPDd0OohQ@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/k3SXsBYauxb-5Q3YSC9f1iGijX0>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-usage review and progress
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 22:27:54 -0000

If I did things right, -03 should be posted.  Except for the 'should be rsa-
sha256' in the ABNF comment, I took a stab at incorporating all of the below 
items.  I didn't address that one because "sha1" / "sha256" / ... is straight 
out of RFC 6376, so I was reluctant to change it without further discussion in 
the group.

Scott K

On Tuesday, July 18, 2017 04:53:43 PM Murray S. Kucherawy wrote:
> Having talked to a few others here at IETF 99 I'm abandoning my push
> against using MUST NOT with respect to discouraging use of "rsa-sha1".
> Scott, you're free to restore that language at your discretion, and I
> believe consensus on that other thread supports that decision.  Thanks for
> everyone's patience while we worked through that one.
> 
> We're going to appoint Seth Blank as the document shepherd for this one.
> I'll help him through the process.  Unless there's anything controversial
> in here or in the two things on the agenda regarding this document, I
> intend to start Working Group Last Call on it after the session on Thursday.
> 
> I've reviewed the document (as a participant) and I have the following
> additional feedback, in my role as a reviewing participant.
> 
> Abstract:
> - Remove the last sentence.  It's already there in the header of the
> document.
> 
> Section 1:
> - The discussion venue thing should be marked "[RFC EDITOR: Please remove
> before publication.]"  In fact, it's probably a good idea to make that its
> own subsection.
> - This section should also mention that SHA1 is being deprecated (and give
> references explaining why).
> 
> Section 3:
> - "One algorithms" should be "One algorithm" at least; we could also say
> "Two algorithms are defined, but only one is currently supported", and have
> a subsection acknowledging that "rsa-sha1" did exist but it is obsolete and
> no longer supported.  I would prefer the latter.
> 
> Section 3.2:
> - There's an errant comma after "DKIM" near the end of the section.
> - Should we say verifiers SHOULD NOT verify signatures with keys smaller
> than 1024?
> 
> Section 4:
> - The ABNF should allow "rsa-sha256", not "sha256".
> 
> Section 6:
> - Errand double period at the end.
> 
> Appendix A:
> - I would remove the specific draft reference, unless you want this draft
> to wait for that one to be published.  Acknowledging John for a lot of
> source material separately is at your discretion.
> 
> -MSK

v2.23.0 | Report a Bug | By Email