IETF Logo Mail Archive

Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt

Peter Goldstein <peter@valimail.com> Fri, 07 April 2017 15:33 UTC

Return-Path: <peter@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA014128B38 for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 08:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.018
X-Spam-Level:
X-Spam-Status: No, score=-1.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n8IMyvAPIdzO for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 08:33:42 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE532127444 for <dmarc@ietf.org>; Fri, 7 Apr 2017 08:33:41 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id x35so63599799qtc.2 for <dmarc@ietf.org>; Fri, 07 Apr 2017 08:33:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UfzPRLsLSJadM/s/qHJXx05i0UdgvduKVz9B1OLBxXg=; b=EwIEiNvKwlh2vIkycHzk4tU0KXcSs7xebaBAtZEOlYM1AG6+gGIb5Gtsu+d7r7I/UC +W42kvBkGhm8TrpNZAN0e8E6pL/wAPX4Apnm0D586Zlnti6L55oszuICKoh0oU8Ho9ut lW4KTFMRNt3Z2UiATPrsp2HcpGki7AjWJzkjQYQpgN9dME3XWPSDPyfOeYWj5I/ljaWt bI8AIYK5G+EBu2Q34RY2yPdwQa1KwKI9l4+lhf8QfwX5Y3WmWiaqMZGJ6rjXNzGuphW+ aZQhTdmRzwq9gvtyQe3RT/LNCXp5CWU9bgw8lWSHgcrVcu84T7PFKnqiG1wuaIODHMuK xnVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UfzPRLsLSJadM/s/qHJXx05i0UdgvduKVz9B1OLBxXg=; b=j1YE+NXb8nPt+S0ejDaQA4ixYetrj2w0mDEdhMAtebnOKKa3/RO0d7q0fREk86xopA xU636y/mbypALh3a1hJtKx3XMh7yHcCwshsAKC+Ikt8RaiFjghVaYmQL8WzYg/Isy7UN 7DVMYzqqYk+BfBJLHPkhiPgmu2WtGMKMG2EZldAXo4JOZ8Q2zV5t50oZy5IjMZyFXc+Y Vk0+rXgB2OfEs492f5H9OKHCk/BngEVWiCl9bZIMkFHkSII/aFcG1K5NT0zCm0se2lzX yhTxoBQq3JdHDJtwc6ZTX26wQ3beAyg25FNWZylGC3LQSsGaufQ7rGT7hsrIDH7/snWx oIdA==
X-Gm-Message-State: AN3rC/5ci8z5bPfKUYcPaVZE2qFGD9ALEEuEDo/UiLMS+rMYyIIRVFY6gUgHVA8Ko/6QVxEe/3fryMvYzvKLOQ==
X-Received: by 10.200.53.45 with SMTP id y42mr3676414qtb.136.1491579220990; Fri, 07 Apr 2017 08:33:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.141.207 with HTTP; Fri, 7 Apr 2017 08:33:40 -0700 (PDT)
In-Reply-To: <20170406235815.47843.qmail@ary.lan>
References: <d91de205-05b4-0b59-b3a3-568fc0f57375@corp.mail.ru> <20170406235815.47843.qmail@ary.lan>
From: Peter Goldstein <peter@valimail.com>
Date: Fri, 07 Apr 2017 08:33:40 -0700
Message-ID: <CAOj=BA2P5e1o-QsZGAxGCV6rM1D=sNiL_ciL4BDtMkbQU1tSXA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: dmarc <dmarc@ietf.org>, Vladimir Dubrovin <dubrovin@corp.mail.ru>
Content-Type: multipart/alternative; boundary="001a11403cc89f436e054c9559e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ggXc3FgGKn9VzRajP1um88SGssI>
Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 15:33:45 -0000

John,

Really glad to see this.

Does this initiative include an intention to update the cryptographic
guidance from RFC 6376 sections 3.3 and 3.3.3 ?  The proposed charter
speaks of adding new algorithms, but doesn't discuss deprecating/removing
old ones.

Some specific concerns are:

1. Expressly forbidding RSA keys < 1024 bits in size - While the fact that
some major receivers ignore such keys has made this a de facto standard, it
would be good for the RFCs to reflect best practice here.  And as we saw
with the ARC discussion, using the DKIM spec as a reference can
inadvertently result in new standards supporting known insecure practices.

2. Eliminating SHA-1 - Even at the time of publication RFC 6376 recommended
that signers avoid the use of SHA-1.  Despite this, a simple check of my
inbox shows that quite a few senders - including a number of large,
sophisticated ESPs - still use SHA-1 in preference to SHA-256.  While the
recent developed PDF collision attack against SHA-1 is not entirely on
point, it seems to be further evidence that SHA-1 should not be used.  And
given the widespread support for SHA-256, this seems like it's mostly a
configuration issue for senders.

If these items don't belong in the charter for the new group, do they have
a different natural home for discussion?

Thanks.

Best,

Peter

On Thu, Apr 6, 2017 at 4:58 PM, John Levine <johnl@taugh.com> wrote:

> >1. produce 2 different DKIM-Signatures with 2 different selectors:
> >slector1  with SHA-1 + RSA and selector2 one with  SHA-512 + ECDSA
>
> Of course.
>
> >2. add an additional field to either selector1 DKIM DNS record (need to
> >consult RFC if it's allowed) or to DKIM-Signature with selector1 (it's
> >allowed but probably is not enough to protect against downgrade) to
> >indicate the selector is legacy-only, e.g. o=sha512/eccp256 to indicate
> >this selector should be ignored if verifier supports sha-512 and eccp256.
>
> No.  If the verifier is smart enough to understand new algorithms, it
> is smart enough to figure out which signature to prefer.  Also keep in
> mind that the legacy crypto is sha256/rsa1024 which is plenty strong
> for the forseeable future.
>
> R's,
> John
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>



-- 


[image: logo for sig file.png]

Bringing Trust to Email

Peter Goldstein | CTO & Co-Founder

peter@valimail.com
+1.415.793.5783

v2.23.0 | Report a Bug | By Email