[Dcrup] Re: [Ietf-dkim] [standards] [Editorial Errata Reported] RFC8463 (7930)

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 16 May 2024 01:35 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0D6C14F68D; Wed, 15 May 2024 18:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrycrV7ojYhR; Wed, 15 May 2024 18:35:24 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B757C14F5FB; Wed, 15 May 2024 18:35:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1715823349; h=from : content-type : content-transfer-encoding : mime-version : subject : date : references : to : in-reply-to : message-id : from; bh=FZo8BOJpv/AA1vh3QAF+UZdlkAAijVWv4RnQQyMoTF0=; b=bXJj2gPpMR/Vy82tcLn+S5g1rEv0J2mFTfVamXaasEbdr8fMmKlj2YtUPd4PcMFZf1kO5 mucdAs1iHVYKDXZdNEhFXs5z2fVdWO5ivJQse9H5kqosymtAj9VhRz6td4wm4u7Ht1ZK4C1 T68o0rbfIsomJNp3vEl13rDHrXLPxBs=
Received: from smtpclient.apple (pa49-199-79-41.pa.vic.optusnet.com.au [49.199.79.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by chardros.imrryr.org (Postfix) with ESMTPSA id 701ED893CE0; Wed, 15 May 2024 21:35:49 -0400 (EDT)
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Thu, 16 May 2024 11:35:07 +1000
References: <ZkAOictS1ygyIBZe@chardros.imrryr.org> <20240512005258.N-lL8YIA@steffen%sdaoden.eu> <CAL0qLwYPtxxDhYEjH0D5YkcXBf6Qy6Xcux7PdvFtwhJzpaUxyg@mail.gmail.com> <ACD165BA-9195-480E-9FA0-44A44097E6A8@isdg.net> <20240513203259.hFdFtvyd@steffen%sdaoden.eu> <ZkLM72PMJeWpet5C@chardros.imrryr.org> <20240515001817.saYJ-VOe@steffen%sdaoden.eu> <CDA9C77F-A74A-4303-AE9E-3E71661AA490@isdg.net>
To: ietf-dkim@ietf.org, dcrup@ietf.org
In-Reply-To: <CDA9C77F-A74A-4303-AE9E-3E71661AA490@isdg.net>
Message-Id: <DC85F374-B15C-442C-9F5E-15B4EEA3022D@dukhovni.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Message-ID-Hash: V2XGNHDXEND6W77CHIWESH4OHYLIPRCF
X-Message-ID-Hash: V2XGNHDXEND6W77CHIWESH4OHYLIPRCF
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dcrup.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Dcrup] Re: [Ietf-dkim] [standards] [Editorial Errata Reported] RFC8463 (7930)
List-Id: DKIM Crypto Update <dcrup.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/sFsn7RWBYrvpLsSCdavjXteQR-c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Owner: <mailto:dcrup-owner@ietf.org>
List-Post: <mailto:dcrup@ietf.org>
List-Subscribe: <mailto:dcrup-join@ietf.org>
List-Unsubscribe: <mailto:dcrup-leave@ietf.org>


> On 16 May 2024, at 10:02 AM, Hector Santos <hsantos=40isdg.net@dmarc.ietf.org> wrote:
> 
> I don’t wish to oversimplify here,  but I wonder if the confusion is with the idea that in order to support RFC8463, a complaint implementation would have to sign two DKIM signatures for backward compatibility.   One DKIM signature using SHA256 and a second signature using Ed25519. 

No, you're conflating completely different constructs, because SHA256 is NOT a signature, it is a message digest.
All actual signatures schemes ultimately operate on short-enough octet strings, with the key consideration being
whether those "short-enough" strings are generated via an internal digest operation, or prepared by the caller.

> No one will support exclusively Ed25519 unless dealing with highly direct 1 to 1 comm I/O with a permission-based system.

A verifier will support at least RSA with SHA2-256, and perhaps also Pure EdDSA (Ed25519) also with SHA2-256, in the latter
case, the digest is computed by the caller, in the former, it will an internal step in the RSA signature.

> In other words, supporting this crypto enhancement requires a high overhead of two signatures, The ignorant RFC8463 system (the majority) is not ready for this. One SHA256 signature is sufficient,  I would not Ed25519 provides smaller keys that are more supportive by DNS Zone Managers.

Nothing of the sort, the computational costs are trivial, there is some additional code required for Ed25519 support, because
instead of using a single Digest+Sign primitive in, e.g., OpenSSL, the caller needs to first compute a message digest, and
then pass it to Ed25519 for signing.  This is OK.  One might argue that this should have been either pure Ed25519 over the raw
data (contrary to the text of the base DKIM RFC, but aligned with how it ultimately handles RSA), or, else Ed25519ph which is
explicitly design for hashed input (but APIs for which are not yet mature in OpenSSL).

Nevertheless, the specification is clear enough, and a slightly different code path for the new signature scheme is fine.

-- 
    Viktor.