Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add

"John R Levine" <johnl@taugh.com> Sat, 10 June 2017 19:29 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4DF61270AC for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:29:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=iecc.com header.b=t+gx5hRv; dkim=neutral reason="invalid (public key: not available)" header.d=taugh.com header.b=dNwjFpe6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCgJf9QkZTEW for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:28:59 -0700 (PDT)
Received: from miucha.iecc.com (www.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 050161267BB for <dcrup@ietf.org>; Sat, 10 Jun 2017 12:28:58 -0700 (PDT)
Received: (qmail 993 invoked from network); 10 Jun 2017 19:28:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=3df.593c4879.k1705; bh=4SRrdYcxdwYL4YdvZhBxYwGXkxZutYpA6Q7zNQrr1Dk=; b=t+gx5hRvzD5RDzfOvx/tIgcZ1PDjk8rFS8uVbziZ4LttnHxSB0MIRlICEnC4aD7UOaayh2j4qY7uiT1MGF9zGXYwMC1EmUD/HALqnM4G9xfW+CzIaBIW2lktJfOgrAS96nP+pJfAsGndxHzLyjO5fhg0+2O6sVuM3qlOZ8v9N8m9QcsUid4rbqWD77uA6ERER9r6IHN9scX4+iVZ9hznh4c8RQHWvr1XhzRc+9CQxB6hnxFuXeDulSWgVgTD+ofm
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=3df.593c4879.k1705; bh=4SRrdYcxdwYL4YdvZhBxYwGXkxZutYpA6Q7zNQrr1Dk=; b=dNwjFpe650y9B9F2jSeimxs+yal++s1ArGl9k/KpqILjz7/EWfcMnRX3/8gTu4OaRX6Y64otX6uD5TevbTEZr7B4A8FLoXuFd3K6T9OMKAPmtgnFhF6o0MgYjdXM8hZzR1z+YQ5PSaZo4Cc4ToGrg7dtR6plTOmBQXuzZflBF4Xvw8/wwqfea6q6u9nA/zabkn3J1y2sb43NH7JVfdy6NAlKqglCt/auAHKHdLrpjaszD3AnFkV0DZvz/Glfaq85
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 10 Jun 2017 19:28:57 -0000
Date: Sat, 10 Jun 2017 15:28:57 -0400
Message-ID: <alpine.OSX.2.21.1706101527500.17660@ary.qy>
From: John R Levine <johnl@taugh.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: John R Levine <johnl@taugh.com>, Eric Rescorla <ekr@rtfm.com>, "dcrup@ietf.org" <dcrup@ietf.org>
In-Reply-To: <e867f8b5b99c4b498b80c6f851fca175@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <20170610125545.14232.qmail@ary.lan> <CABkgnnUAJ6ix3pMB_Y792QOCqRSp2qA9oTSyUCbXP_=P5HRwGA@mail.gmail.com> <CABcZeBMAmjVaJCJwB-qZSpTX0aS-oi1mTduHCdLCM33dWj9P-Q@mail.gmail.com> <alpine.OSX.2.21.1706101205270.16559@ary.qy> <CABcZeBM_P4C8xYDmMEbhAbs1tVPVWk6+UgT7vAcktSNtjVyXCg@mail.gmail.com> <alpine.OSX.2.21.1706101211200.16559@ary.qy> <CABcZeBN9r9XdsJVayMcUE03WJv74MOsefVdwb-CdchVbaKdT1Q@mail.gmail.com> <alpine.OSX.2.21.1706101344460.16992@ary.qy> <e867f8b5b99c4b498b80c6f851fca175@usma1ex-dag1mb1.msg.corp.akamai.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/zXbFcUmaTUr9iVKV5UNtsY5Csws>
Subject: Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2017 19:29:01 -0000

> Yes, the key sizes are fixed depending on the curve.  The encodings of 
> curves are different and not self-describing.  If you see a string of 
> bytes lying on the ground, you can't necessarily tell anything about the 
> key -- if it is one, it's size, and which curve applies.  You need 
> external state such as knowing the signing algorithm; that shouldn't be 
> a problem.

That's no problem, the DKIM key record has a field for the algorithm.

> Supporting Ed25519 will not come with zero code changes.  But minimal I think.

Since we have a lot of lazy programmers who will need to do this, how 
different is ED25519 sign/verify from RSA?

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly