IETF Logo Mail Archive

Re: [dmarc-ietf] ARC Crypto Algorithm Selection

"John Levine" <johnl@taugh.com> Wed, 24 October 2018 15:59 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A463D130FD9 for <dmarc@ietfa.amsl.com>; Wed, 24 Oct 2018 08:59:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.653
X-Spam-Level:
X-Spam-Status: No, score=-0.653 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, PP_MIME_FAKE_ASCII_TEXT=0.999, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdM4VCv7xL6P for <dmarc@ietfa.amsl.com>; Wed, 24 Oct 2018 08:59:47 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70417130FC7 for <dmarc@ietf.org>; Wed, 24 Oct 2018 08:59:47 -0700 (PDT)
Received: (qmail 77362 invoked by uid 100); 24 Oct 2018 15:59:46 -0000
Date: Wed, 24 Oct 2018 15:59:46 -0000
Message-ID: <pqq4ti$2bh5$1@gal.iecc.com>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Organization: Taughannock Networks
References: <57062925.Z3iaeiTUnW@kitterma-e6430><57062925.Z3iaeiTUnW@kitterma-e6430> <CAD2i3WOaAoiDV-t6BNa4rQVWLjhr4Q0-TcQyb7cfjadLEDRDQA@mail.gmail.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FWSV1no_wrEqhKtFVmMsd2_ZQto>
Subject: Re: [dmarc-ietf] ARC Crypto Algorithm Selection
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 15:59:55 -0000

In article <CAD2i3WOaAoiDV-t6BNa4rQVWLjhr4Q0-TcQyb7cfjadLEDRDQA@mail.gmail.com>,
Seth Blank  <seth@sethblank.com> wrote:
>ARC inherits all the DKIM mechanisms by reference. So whatever’s valid for
>DKIM (the list you provided) is what’s valid for ARC.

>> DKIM, as updated by the DCRUP work, has two valid crypto algorithms:
>>
>> rsa-sha256
>> ed25119-sha256

I would defer working on this until we clarify how algorithm switching will work.

One place that ARC differs from DKIM is that many DKIM signatures are OK but
you can only have one ARC seal per forward.  In draft-ietf-dmarc-arc-multi-02
we say how I think it can work, but it's not quite backward compatible.

R's,
John
-- 
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email