IETF Logo Mail Archive

Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt

"John Levine" <johnl@taugh.com> Sat, 08 April 2017 19:50 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 559DF12946F for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2017 12:50:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hb8BZQbH5Y7J for <dmarc@ietfa.amsl.com>; Sat, 8 Apr 2017 12:50:11 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3608127A97 for <dmarc@ietf.org>; Sat, 8 Apr 2017 12:50:10 -0700 (PDT)
Received: (qmail 62070 invoked from network); 8 Apr 2017 19:50:07 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 8 Apr 2017 19:50:07 -0000
Date: Sat, 08 Apr 2017 19:49:45 -0000
Message-ID: <20170408194945.57707.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: dubrovin@corp.mail.ru
In-Reply-To: <6bf0cc38-581a-9cd6-404b-a9acf527c453@corp.mail.ru>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZIQ7NyOXGZ-7cLp3lKwbJVn8MI8>
Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2017 19:50:12 -0000

>If you believe sha256/rsa1024 are forever, there is no actual need for
>draft-srose-dkim-ecc-00.txt.  The problem is, this need may arrive at
>some time, and this time is hardly predictable. There is also possible
>there may be the need to roll back ECC and mark it as insecure at some
>point of time. So one would expect from the standard: ...

One can expect whatever one wants, but as should be self-evident to
anyone who's read RFC 6376, it's not going to happen.  As Murray
noted, signers put whatever signatures they want on the messages, and
verifiers accept whatever signatures they find acceptable.

If verifiers stop accepting signatures with a weak algorithm it'll be
because they stop accepting them, not because of a "this is a weak
signature" flag.  One of the things DCRUP may do is to recommend that
they stop accepting signatures with SHA-1 hashes or 512 bit RSA keys.

R's,
John

v2.23.0 | Report a Bug | By Email