IETF Logo Mail Archive

Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage

Scott Kitterman <sklist@kitterman.com> Sun, 13 August 2017 21:26 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0974E1320C9 for <dcrup@ietfa.amsl.com>; Sun, 13 Aug 2017 14:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNKux5h3Jvlv for <dcrup@ietfa.amsl.com>; Sun, 13 Aug 2017 14:25:58 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9765132E01 for <dcrup@ietf.org>; Sun, 13 Aug 2017 14:25:58 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id A5D83C4031D for <dcrup@ietf.org>; Sun, 13 Aug 2017 16:25:56 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1502659556; bh=uAla9CTf31Yr7lWs1TpgGGmCN2qCPgfRttn4q47B/AE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=huD9iX0/tkByorPGZ0efH7RjtL95jnBY+CWz7QTQXy7SzRfwK+5ZlKih/loRZnhpF EFXhckY0WLmBJrbNN/MngkVizSrtWE94F3yvpu0ErGmV7crpyH/ueFOzY+kfkAqSG+ 7M1IzE2FDV1AYEjWJbmC8J0YP3LjbXq3NA2GpFDw=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Sun, 13 Aug 2017 17:25:50 -0400
Message-ID: <36659107.dMb7D4c16s@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CAL0qLwaB8mdCbYjbzr6T3A5hQw3GnixuB=JhW4Ai8+_C6dEzgg@mail.gmail.com>
References: <150257492983.26466.3488799276681870364.idtracker@ietfa.amsl.com> <DA3AF00B-7084-454D-A1D2-5BB417EE96C8@akamai.com> <CAL0qLwaB8mdCbYjbzr6T3A5hQw3GnixuB=JhW4Ai8+_C6dEzgg@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/l2IwH5Ne2rPVWherKRe_cTzGbm8>
Subject: Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2017 21:26:01 -0000

On Sunday, August 13, 2017 11:34:20 AM Murray S. Kucherawy wrote:
> On Sat, Aug 12, 2017 at 2:58 PM, Salz, Rich <rsalz@akamai.com> wrote:
> > At the IETF meeting last month there was strong consensus to have MUST NOT
> > for both generate and verify using SHA-1.  The discussion on the list had
> > one major participant opposed, who removed their objection once they
> > understood there were two separate documents.
> > 
> > Therefore, we are entering a one-week WG last call.
> > 
> > (Seth, please start preparing your shepherd writeup :)
> 
> Getting caught up after a long post-Prague vacation and recovery period.
> 
> The content and intent seem fine to me.  However, I was asked this after
> the meeting in Prague as to form, in the spirit of "it's not done until you
> can no longer remove things" or however that aphorism goes:
> 
> This document will be shown as "updates RFC6376".  Is replacing text in
> RFC6376 the right way to do this?  Or would that not be better left to an
> actual replacement document?  That is, why not just say "MUST NOT
> sign/verify with rsa-sha1", change the state of "sha1" to obsolete, change
> the minimum key size to 1024, and stop?  In particular, is it necessary to
> render "a=rsa-sha1" syntactically invalid by removing it from the ABNFs, or
> replace all of a section when only a couple of numbers are being tweaked?
> 
> Otherwise this seems ready to go.

The draft has been this way from the beginning, so I find it a bit surprising 
to see this in last call when you've reviewed this more than once before, but 
oh well.

I updated the ABNF in the draft because I think if we are going to kill it, we 
should kill it absolutely dead.  What is the benefit of retaining obsolete 
features that are MUST NOT use in the ABNF?

In terms of the structure of the draft, I wrote it this was so it's very clear 
what is being updated.  This has been discussed a bit, but I don't think 
anyone really objected so far.  I find it's common in IETF documents to see 
one document updates another, but then it's hard to really tell everything in 
the original document that's affected by the update.  This is an attempt to be 
clear about that.

That's why, but I may be the only one that feels that way.

Scott K

v2.23.0 | Report a Bug | By Email