Re: [dispatch] Updating DKIM for stronger crypto

Martin Thomson <martin.thomson@gmail.com> Tue, 21 March 2017 03:32 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6370B12945E for <dispatch@ietfa.amsl.com>; Mon, 20 Mar 2017 20:32:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdQH02tOgoBT for <dispatch@ietfa.amsl.com>; Mon, 20 Mar 2017 20:32:27 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFB7D127698 for <dispatch@ietf.org>; Mon, 20 Mar 2017 20:32:26 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id p64so126156075qke.1 for <dispatch@ietf.org>; Mon, 20 Mar 2017 20:32:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ltygavsIuk4uW6E4Sid0CLWNseIOOTh+oRalz7an6eQ=; b=UpS2ACSFOZRBp8TASFDRsO3sPULRdtMN5h6mt+OJc7A/VxyzqX4oMfs7WKkw4EBd0O IZ2vrxEmDbsyKeXHDBpIzv2p1HPNVorvr+4SzBvFja9LeKJUAa9zKwQuFwWHWZGOD08O wZ5dpmJ3hK1rC0K2CQVw3MrWqgJkyFxy3/cPPAJXRLEUEPSqwvBabN77BtA1EvmgWyND DYLjjuBY1SMv497jNUHuybfc3OuX/mEttEnq+KLM9WUaZiP22NhrotcK9yXuccP/g0tE L7eRGkPn8YNEKm0zfn5hgNDpGXM52VNeoZhgEtyme1MIgVpC6iwp1RHNZi42DZ2EdJYd dsrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ltygavsIuk4uW6E4Sid0CLWNseIOOTh+oRalz7an6eQ=; b=ek6rKR2VBjNWw7wTmXJzvxDEB/NG7FmteeUSCQCowcKD1cFzcA57jSJA4YWpE+zHmQ A07zzfFckVh/A3qXXz3b8w9w68Mu730/paDuPMQhzg96Hreqf7VApCE8/Rga+8sOgcdL MGarHRHNtwB9eVM5Sz+ndy1aBbUOAQmFd0FkYjBuDsPQZdC9Vf7GWtJ1zZvCRG3fiWSn gZz5xQuwTpIxUfP5RyvFQSucHjJKTeW5o/PgpRCNY+rTIQo/bfgoTSgG26FjSBuRu1M+ 13avVLIkbiFvMpBGeSRziP3a98rC4Zj0jxl8Ky+sVmPDWpvfZLO40P0vy4UB00lRtOzF +cDA==
X-Gm-Message-State: AFeK/H2Rz/Xb+hif5vq0AY+vCA89Sw0nk3ROM2du6BTy6e6vY6iJbuReQlFauWNYpT5TLElKCjEeR+5IgFw1dg==
X-Received: by 10.55.93.68 with SMTP id r65mr27192034qkb.68.1490067146148; Mon, 20 Mar 2017 20:32:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.27.194 with HTTP; Mon, 20 Mar 2017 20:32:25 -0700 (PDT)
In-Reply-To: <29F6F66C-F14F-402A-83D4-CAC70841667E@iii.ca>
References: <20170206020826.1108.qmail@ary.lan> <29F6F66C-F14F-402A-83D4-CAC70841667E@iii.ca>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 21 Mar 2017 14:32:25 +1100
Message-ID: <CABkgnnVX3rgMY0ZGmf_xcQ+zgGtCMaZcsymyW2BCWBeAKm_CqQ@mail.gmail.com>
To: Cullen Jennings <fluffy@iii.ca>
Cc: John Levine <johnl@taugh.com>, DISPATCH list <dispatch@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/LFYYJU9g9sptQxlBT766BYLQks8>
Subject: Re: [dispatch] Updating DKIM for stronger crypto
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 03:32:28 -0000

On 11 February 2017 at 07:50, Cullen Jennings <fluffy@iii.ca> wrote:
>
> The Chairs and ADs discussed this today and we plan to allocate some agenda time for it at IETF 98. At the meeting we can try and figure out best way to dispatch this.

I notice that this is on the agenda as simply "DKIM" and all we have
is "brief summary of problem - 10 min (John)", which took me a while
to latch on to.  "Update DKIM Crypto" would be a better title, and
John's full name would further help people reading the agenda.  If
nothing else, this email should help people find this thread again.

If I can summarize where I think this left off, we have a desire to
improve the strength of the cryptographic algorithms used in DKIM.  No
one seemed to object to that, but two options came out:

1. Define use of Ed25519
2. Define a modified RSA signature scheme where Sign(k, X) is defined
as K || Sign-RSA(k, X) and Verify(H, K || M) is Hash(K) == H &&
Verify-RSA(K, M)

A third option seems plausible as well: do both and let the market
decide.  I'd be surprised if either were a massive specification
effort.

In looking at this, we should probably dispatch this cross-area to
CURDLE.  It might require re-chartering (DKIM isn't explicitly
mentioned), but it's a small change.  CURDLE might be naturally
predisposed to favour the option 1, but I'm sure that the ultimate
decision might simply depend on whoever is willing to do the work.