Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
Federico Santandrea <federico.santandrea@diennea.com> Fri, 07 April 2017 10:19 UTC
Return-Path: <federico.santandrea@diennea.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E9DC129436 for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 03:19:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdtgdOcn2UqQ for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 03:18:59 -0700 (PDT)
Received: from mail3.informatica.it (mail3.informatica.it [151.99.189.163]) by ietfa.amsl.com (Postfix) with ESMTP id 9A15A127A91 for <dmarc@ietf.org>; Fri, 7 Apr 2017 03:18:58 -0700 (PDT)
To: dmarc@ietf.org
References: <d91de205-05b4-0b59-b3a3-568fc0f57375@corp.mail.ru> <20170406235815.47843.qmail@ary.lan> <1491556016.525223113@f391.i.mail.ru>
From: Federico Santandrea <federico.santandrea@diennea.com>
Message-ID: <30f3baa9-f13b-91b4-c931-a2fb6858243a@diennea.com>
Date: Fri, 07 Apr 2017 12:18:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <1491556016.525223113@f391.i.mail.ru>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-GatewayId: federico.santandrea=2.584357330016061233131705@diennea.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FWIGbpaY8ZYkDkECV_A_6CCr14Q>
Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 10:19:01 -0000
I agree that to avoid downgrade attacks there has to be a way to mark a key as obsolete in the DNS, meaning: "don't use this key if you know what this means". But I don't see a need to explicitly put another algorithm name in the field. For example, let's say an obsolete record can be marked with just "o=1" to say it should only be considered by legacy verifiers who don't know better. A new resolver would only consider keys that are NOT marked as obsolete, and ignore the others. So if a message is only signed with keys marked as obsolete (downgrade scenario), legacy verifiers would pass, while new ones wouldn't. Another thought: If we want to put a meaningful value in this new field, I think it would be more useful to make it the time since when the key was obsoleted, this would allow for mail dated before that moment (which was correctly signed only with then-not-obsolete keys) to pass verification. This should be optional, so one could choose if he rather have some valid mail fail verification, or risk some invalid back-dated mail pass verification. -- Federico On 07/04/2017 11:06, Vladimir Dubrovin wrote: > Without marking the published key as obsolete, downgrade attack is > possible, because attacker can still use a weaker key to spoof > signature. > > пятница, 07 апреля 2017г., 02:58 +03:00 от John Levine > johnl@taugh.com <mailto:johnl@taugh.com>: > >> 1. produce 2 different DKIM-Signatures with 2 different selectors: >> slector1 with SHA-1 + RSA and selector2 one with SHA-512 + ECDSA > > Of course. > >> 2. add an additional field to either selector1 DKIM DNS record >> (need to consult RFC if it's allowed) or to DKIM-Signature with >> selector1 (it's allowed but probably is not enough to protect >> against downgrade) to indicate the selector is legacy-only, e.g. >> o=sha512/eccp256 to indicate this selector should be ignored if >> verifier supports sha-512 and > eccp256. > > No. If the verifier is smart enough to understand new algorithms, it > is smart enough to figure out which signature to prefer. Also keep > in mind that the legacy crypto is sha256/rsa1024 which is plenty > strong for the forseeable future. > > R's, John >
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- [dmarc-ietf] Fwd: New Version Notification for dr… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Brandon Long
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Brandon Long
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Federico Santandrea
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… HANSEN, TONY L
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Peter Goldstein
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Terry Zink
- Re: [dmarc-ietf] Fwd: New Version Notification fo… MH Michael Hammer (5304)