IETF Logo Mail Archive

Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt

Vladimir Dubrovin <dubrovin@corp.mail.ru> Fri, 07 April 2017 09:07 UTC

Return-Path: <dubrovin@corp.mail.ru>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B59E12704A for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 02:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.721
X-Spam-Level:
X-Spam-Status: No, score=-1.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=corp.mail.ru
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EVNWAG5kRw7k for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 02:07:01 -0700 (PDT)
Received: from f391.i.mail.ru (f391.i.mail.ru [185.5.136.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C730127011 for <dmarc@ietf.org>; Fri, 7 Apr 2017 02:07:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=corp.mail.ru; s=mail; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:Cc:To:From; bh=WTY64L3WC2lLMwXLV3pBSFZeYsmE0SHs9/b6zoMMvVs=; b=K7KIXR2D0ebc2QUj+wQhoPK0DA5XkIkO0NCUURDKDV33tPLd84McjW8GY+/0g5oOl59guCT9u3+lc7FLxF1EncHBCe5rVnP59hfH0j4JY1sMeQvNU/FxQckkWwomFgIvAI82DOWcm+WtVtMOHtzMCoGncJd9GxKawhnzaioHpG8=;
Received: by f391.i.mail.ru with local (envelope-from <dubrovin@corp.mail.ru>) id 1cwPr6-0006wo-Vf; Fri, 07 Apr 2017 12:06:57 +0300
Received: by e.mail.ru with HTTP; Fri, 07 Apr 2017 12:06:56 +0300
From: Vladimir Dubrovin <dubrovin@corp.mail.ru>
To: John Levine <johnl@taugh.com>
Cc: dmarc@ietf.org
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
Date: Fri, 07 Apr 2017 12:06:56 +0300
Reply-To: Vladimir Dubrovin <dubrovin@corp.mail.ru>
X-Priority: 3 (Normal)
Message-ID: <1491556016.525223113@f391.i.mail.ru>
Content-Type: multipart/alternative; boundary="--ALT--47aaa2521491556016"
Authentication-Results: f391.i.mail.ru; auth=pass smtp.auth=dubrovin@corp.mail.ru smtp.mailfrom=dubrovin@corp.mail.ru
X-7FA49CB5: 0D63561A33F958A5231C6AF64D022CC3B791D773EF6FB32F69111549802E81C39F18ECD7E95F35E929AFE063DF4C541CDFC466952B044E4C1AB4C9766DADF68A0BF2EBBBDD9D6B0F5586FE1C725613FD
X-Mailru-Sender: CE01F6F06FBB9B4E41592D96479AE6441C3AEB5FB1E612D0FAF806B776C0F965C245D68BECE010C39766F80D43A7B361D19CFE17E46A923CCDCEB298E575E7B28BC0F606C687C5A1CBBBE6D6265783EC7D8C8258277D05C30D4ABDE8C577C2ED
X-Mras: OK
X-Spam: undefined
In-Reply-To: <20170406235815.47843.qmail@ary.lan>
References: <d91de205-05b4-0b59-b3a3-568fc0f57375@corp.mail.ru> <20170406235815.47843.qmail@ary.lan>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BD2LXyW7LOU3eEd8ucUY73t-F3A>
Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 09:07:04 -0000

Without marking the published key as obsolete, downgrade attack is possible, because attacker can still use a weaker key to spoof signature. пятница, 07 апреля 2017г., 02:58 +03:00 от John Levine  johnl@taugh.com :

>>1. produce 2 different DKIM-Signatures with 2 different selectors:
>>slector1  with SHA-1 + RSA and selector2 one with  SHA-512 + ECDSA
>
>Of course.
>
>>2. add an additional field to either selector1 DKIM DNS record (need to
>>consult RFC if it's allowed) or to DKIM-Signature with selector1 (it's
>>allowed but probably is not enough to protect against downgrade) to
>>indicate the selector is legacy-only, e.g. o=sha512/eccp256 to indicate
>>this selector should be ignored if verifier supports sha-512 and eccp256.
>
>No.  If the verifier is smart enough to understand new algorithms, it
>is smart enough to figure out which signature to prefer.  Also keep in
>mind that the legacy crypto is sha256/rsa1024 which is plenty strong
>for the forseeable future.
>
>R's,
>John

v2.23.0 | Report a Bug | By Email