Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk's No Objection on draft-ietf-dcrup-dkim-crypto-13: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Sat, 16 June 2018 18:27 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED7CB1310F6; Sat, 16 Jun 2018 11:27:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mXHHB8Y1tMCw; Sat, 16 Jun 2018 11:27:58 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27BFD130E47; Sat, 16 Jun 2018 11:27:58 -0700 (PDT)
X-AuditID: 12074422-7edff700000046dc-fd-5b2556ad3532
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id C8.45.18140.DA6552B5; Sat, 16 Jun 2018 14:27:57 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w5GIRu3d022009; Sat, 16 Jun 2018 14:27:56 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w5GIRotR014355 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 16 Jun 2018 14:27:53 -0400
Date: Sat, 16 Jun 2018 13:27:50 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "John R. Levine" <johnl@iecc.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dcrup-dkim-crypto@ietf.org, dcrup-chairs@ietf.org, fenton@bluepopcorn.net, dcrup@ietf.org, alias-bounces@ietf.org
Message-ID: <20180616182747.GX64971@kduck.kaduk.org>
References: <152916023988.6185.8096866196786504366.idtracker@ietfa.amsl.com> <alpine.OSX.2.21.1806161055500.9832@ary.qy>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.21.1806161055500.9832@ary.qy>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnleLIzCtJLcpLzFFi42IRYrdT0V0bphptcOQwn8Wb9h3MFqvW5Vks XPOM2aLt7mEmi2+ds5gtZvyZyGzx9ECMA7vH01WvmDz29q9n9Fiy5CdTAHMUl01Kak5mWWqR vl0CV0bz97dsBQfEK55/O8jUwHhcqIuRk0NCwERi55PPjCC2kMBiJolvPxK7GLmA7I2MEmfe djFBOFeZJB4cXMwKUsUioCrx+vFpNhCbTUBFoqH7MjOILQIU3zX3ICtIA7PAGkaJjXP+gTUI C5RK/PnxDmwFL9C6xZ0fWCDWVUls7N7FBhEXlDg58wlYnFlAS+LGv5dAmzmAbGmJ5f84QMKc AhYST+f0g5WLCihL7O07xD6BUWAWku5ZSLpnIXQvYGRexSibklulm5uYmVOcmqxbnJyYl5da pGuql5tZopeaUrqJERzeLko7GCf+8zrEKMDBqMTDK3BaOVqINbGsuDL3EKMkB5OSKO/3FpVo Ib6k/JTKjMTijPii0pzU4kOMEhzMSiK8xWVAOd6UxMqq1KJ8mJQ0B4uSOG/uIsZoIYH0xJLU 7NTUgtQimKwMB4eSBO+jUNVoIcGi1PTUirTMnBKENBMHJ8hwHqDhysB0IMRbXJCYW5yZDpE/ xagoJQ6REABJZJTmwfWC0o9E9v6aV4ziQK8I89qDrOABpi647ldAg5mABu9fCHJ1cUkiQkqq gVGLPd1RVOttwvJpszaYbKr//vvLjYJ3MfENzFPS7IpNn+psrTnxQSJ0uk7Zr0hF9eLXrV7B /90XtYUm8q2eutOwTnba0Vn/P87c3rfy/u0Wu7kGx/88Tjvblc/0RHZ1qIOTV6TIGjfHQzOn Vnj0qO4Mmj01y71aR/Bcft+NB90H71jk1xfu/qvEUpyRaKjFXFScCAB3zxu5GgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/wWTnvskmLncnKI9qQJb5QOTwaRE>
Subject: Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk's No Objection on draft-ietf-dcrup-dkim-crypto-13: (with COMMENT)
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jun 2018 18:28:00 -0000
On Sat, Jun 16, 2018 at 10:56:39AM -0400, John R. Levine wrote: > On Sat, 16 Jun 2018, Benjamin Kaduk wrote: > > There were some remarks in the secdir review that I don't remember seeing a response > > to yet (though I'm not sure about the "DKIM Hash Algorithms Registry" part) -- it would be > > good to see a reply to them as well as the updates already made. > > That was about a typo in an earlier version, fixed a while ago. My ballot remark should be interpreted as "I think there are some good comments in the secdir review, but I do not understand the part of the secdir review that talks about the DKIM Hash Algorithms Registry." I don't know that an earlier rev of the document is relevant, since the secdir review (https://datatracker.ietf.org/doc/review-ietf-dcrup-dkim-crypto-12-secdir-lc-wouters-2018-06-11/) claims to apply to revision 12, the same revision I initially reviewed. Since apparently this is difficult, let me go through the secdir review item-by-item and comment on it: % NITS: % I believe the [FIPS-180-4-2015] reference should be replaced with a % reference to RFC-6376 Still relevant. (This is the citation for SHA-256; we generally prefer IETF references to external references.) % Remove or indicate the RFC Editor should remove the following text: % % Discussion Venue: Discussion about this draft is directed to the % dcrup@ietf.org [1] mailing list. Still relevant. % This sentence doesn't parse easily: % % This is an additional DKIM signature algorithm added to Section 3.3 % of [RFC6376] as envisioned in Section 3.3.4 of [RFC6376]. % % It should simply say something like "This document adds an % additional key algorithm type to the DKIM Key Type Registry and a % new signature type to the DKIM Hash Algorithms Registry" Still relevant, though AFAICT only the Key Type Registry is impacted. % This text reads a little odd: % % Ed25519 is a widely used cryptographic technique, so the security of % DKIM signatures using new signing algorithms should be at least as % good as those using old algorithms. % % It seems to suggest that being "widely used" is a guarantee for % being "at least as good as older stuff". Better would be to just % point to the Security Considerations of RFC 8032 Addressed in the -13. % Section 4 and 8 have an introductory lines that says "update as % follows" followed by a dot instead of a colon. That is a little % confusing to the reader, as if some text is missing before the dot. Still relevant (though I guess I would prefer "as described in the following sections" to using a colon). More generally, while it's oftentime just as fine to reply to a directorate review with "thanks for your comments, but this text will be clear for the document's target audience" as to take the suggested changes, it's really unclear what conclusion to draw when the review is met with a curtain of silence. -Benjamin
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… Spencer Dawkins
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… Benjamin Kaduk
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… Jim Fenton
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… John R. Levine
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… Benjamin Kaduk
- Re: [Dcrup] [taugh.com-standards] Benjamin Kaduk'… John R. Levine
- [Dcrup] Benjamin Kaduk's No Objection on draft-ie… Benjamin Kaduk