IETF Logo Mail Archive

Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage

Hector Santos <hsantos@isdg.net> Wed, 16 August 2017 18:05 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A2F13267B for <dcrup@ietfa.amsl.com>; Wed, 16 Aug 2017 11:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=XJUxNgug; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=lPt62wdz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8z6IJVVnzu8I for <dcrup@ietfa.amsl.com>; Wed, 16 Aug 2017 11:05:48 -0700 (PDT)
Received: from ftp.catinthebox.net (listserv.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB9113239A for <dcrup@ietf.org>; Wed, 16 Aug 2017 11:05:48 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1700; t=1502906746; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=KWhL563b6nkKaBbA/fXkz8+6gLI=; b=XJUxNgug5CVAXc6m4GFZnuts19R/ih70PkjE9gxmG6rtdz8IS7FmhOEXFGZcc+ Cs6q3NYbYQu4bX3GT8M/8DIYJCBJ8T5f3W4wfYriDt8K6fkh0C+rh2C+BODXT/ey gboZ3IuiBql2M+2Rq7C5s+K1I5Tj/ObPcNaEDuXPot+Ug=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Wed, 16 Aug 2017 14:05:46 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 2970602199.1.4532; Wed, 16 Aug 2017 14:05:45 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1700; t=1502906708; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=tCMv3yd mFn51YkWaPzXzM7cTb9hp1N9A85Nwjzwpj1g=; b=lPt62wdzPJuQu0EwQ8s4H3p DyQqtwQq2kbfR7wyRc2zRQCo8hW4hTUhaH8VivooFHyfJ6Q7qUJE8OCA6oNTJ7DK hb4kEihAIeEaVgLtNLNo0uGUqpvkkPdaJRVCta8Et5Z8r0HXdP1J+eBt+IGgO9pY c5TmSnbnS5H1UlgM6Oz8=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Wed, 16 Aug 2017 14:05:08 -0400
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 3513106237.9.479404; Wed, 16 Aug 2017 14:05:08 -0400
Message-ID: <5994897B.8080700@isdg.net>
Date: Wed, 16 Aug 2017 14:05:47 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dcrup@ietf.org
References: <20170815013333.1308.qmail@ary.lan>
In-Reply-To: <20170815013333.1308.qmail@ary.lan>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/wy9V5XRzfmyP_dQr4ZNvT8dmlhI>
Subject: Re: [Dcrup] FW: IETF WG state changed for draft-ietf-dcrup-dkim-usage
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 18:05:59 -0000

On 8/14/2017 9:33 PM, John Levine wrote:
> In article <8695284.qrNCWkNy01@kitterma-e6430> you write:
>>> Another way to look at this: I think it's more appropriate to render
>>> rsa-sha1 obsolete, but this approach seems as if we want to act like it
>>> never existed.
>>
>> Fast forward a few years:  Is the fact that it ever existed relevant to
>> anything?  I think it's highly unlikely.
>
> The Internet being the Internet, sha-1 hashes will trickle in forever.
> I'd rather have the diagnostic say "obsolete hash" than "syntax
> error."
>
> If you look at this curdle draft that deprecates RC4, it goes through
> and makes changes to turn OPTIONAL to MUST NOT and the like, but it
> doesn't try to undefine the obsolete rc4 crypto modes.  I think you'll
> find that typical in crypto updates.

+1.  The odds are very good that it will continue to be a "will not 
sign, but will verify as needed" behavior for a very long time.  And 
probably, local rules will apply on a site by site basis using other 
bits in the mail.   I am not about to break communications with my 
existing customers or break communications for my installation base.

My key concern here is that the IETF guidelines should not change 
history for future developers. It should help developers as it will be 
a big surprise when SHA1 mail is encountered and these new developers 
are not ready for it.  The 20/20 hindsight question will be raised:

     "Why wasn't it documented that DKIM mail with SHA1 will exist and
      developers should be prepared to deal with it?"

Having the IETF suggest that sha1 DKIM mail MUST|SHOULD be rejected 
with a 55z policy code, is probably not good advice -- IMO.

-- 
HLS

v2.23.0 | Report a Bug | By Email