Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
Brandon Long <blong@google.com> Fri, 07 April 2017 07:28 UTC
Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E038C1287A5 for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 00:28:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XbX9S-r3Xcju for <dmarc@ietfa.amsl.com>; Fri, 7 Apr 2017 00:28:42 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86E98126C25 for <dmarc@ietf.org>; Fri, 7 Apr 2017 00:28:42 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id b187so77323475oif.0 for <dmarc@ietf.org>; Fri, 07 Apr 2017 00:28:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CwnDnUxiO4q12vHT0b6sx9ajFyFAcWkB8zr6F7h7RcI=; b=e6QOwCSuKKhgO5f3TzD8hWf92p+PAeVmhg5src2d5SiqJ4OsRgmrgV1mf38rmuaEPf QKgV+gPzvQInorgh1ojruiUAhImnGRCoD47C+7NWMkuUFqaYvUjWHkLvlnVmLSYCVfFy jUeRGllegciRYT3VkqtBgaJxJgAv3CCrIPYqPV6i1lKAQmXmMhIIcm2P7q9RcSqQmIMB NpjLKgrsVipcQocgN3Wfk5C7/DzBRNrSUyWqNOrfMzKG6e/91UPdTgBK+XoESid3vLO0 bs8KlCHbW98koRpoZ+ka4BAVeLdIgMKmO5dtEeWC+tScP0FLwAjtt//e6BZ0D/ZgpWat trHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CwnDnUxiO4q12vHT0b6sx9ajFyFAcWkB8zr6F7h7RcI=; b=J07weXloWlghnCZCkvcTpmR5E353eil9uAIv5y+M5AFNElLKgIlb4zPbJBOYJFS5me a9zKmvRquBmB8mfR9gJ5JgOR108PcpTdlMWRoThvZ74uR5KokBZGgN+HMObPIPu3t1xC AB5GTX/pBFxvOLAwc179wlJqjqipveijeAI52bmroaQRKPadLfecDA7nkuuB8y9uo5/r r/EqmylOhbILm2cb1jaFGppXVE+ZweuMrXehl4/Thr9cNMU6KLu7g+qRuCu9ZuIvYm92 HiDJhTP+QDDVSMZvo/Ff85InrqlE9SKDYxP+k3O5oTjftjunUUQMz5En8demIL5Sql1z VyhQ==
X-Gm-Message-State: AFeK/H1g7Lj4e26qqkD7HdlWtW6nHUTPIhmx01HyYbozC1iWTKrORGyKV3XF76b4SMDQ6+D5Fb2FBk1l9gCP8NOp
X-Received: by 10.157.17.78 with SMTP id p14mr24161726otp.222.1491550121420; Fri, 07 Apr 2017 00:28:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.120.72 with HTTP; Fri, 7 Apr 2017 00:28:40 -0700 (PDT)
In-Reply-To: <20170406235815.47843.qmail@ary.lan>
References: <d91de205-05b4-0b59-b3a3-568fc0f57375@corp.mail.ru> <20170406235815.47843.qmail@ary.lan>
From: Brandon Long <blong@google.com>
Date: Fri, 07 Apr 2017 00:28:40 -0700
Message-ID: <CABa8R6v8xXgbhywVA4yEEsDDZ8RW7t49FHnX1rhDQUbeMWdwsg@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, Vladimir Dubrovin <dubrovin@corp.mail.ru>
Content-Type: multipart/alternative; boundary="001a1145c770274a50054c8e930b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vLGKWZx_gejt6OEjyNh4NHc3Ocs>
Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-srose-dkim-ecc-00.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 07:28:45 -0000
Should we add more hash algorithms? Also, I'm very unclear of the benefit of the fp versions, adding nearly 400 bytes per signature to the message seems expensive, and in the arc case, an extra 800 bytes per hop (nearly doubling the size of each hop) seems like an odd compromise. Maybe I'm being silly. I know that many of the sending providers now provide the DNS directly for DKIM keys, and so the end user domain only needs to put in CNAMEs, given the need to rotate keys, that may be the more sane thing than expecting anyone to routinely copy the large keys into DNS. Brandon On Thu, Apr 6, 2017 at 4:58 PM, John Levine <johnl@taugh.com> wrote: > >1. produce 2 different DKIM-Signatures with 2 different selectors: > >slector1 with SHA-1 + RSA and selector2 one with SHA-512 + ECDSA > > Of course. > > >2. add an additional field to either selector1 DKIM DNS record (need to > >consult RFC if it's allowed) or to DKIM-Signature with selector1 (it's > >allowed but probably is not enough to protect against downgrade) to > >indicate the selector is legacy-only, e.g. o=sha512/eccp256 to indicate > >this selector should be ignored if verifier supports sha-512 and eccp256. > > No. If the verifier is smart enough to understand new algorithms, it > is smart enough to figure out which signature to prefer. Also keep in > mind that the legacy crypto is sha256/rsa1024 which is plenty strong > for the forseeable future. > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- [dmarc-ietf] Fwd: New Version Notification for dr… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Brandon Long
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Brandon Long
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Federico Santandrea
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Scott Rose
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Vladimir Dubrovin
- Re: [dmarc-ietf] Fwd: New Version Notification fo… HANSEN, TONY L
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Peter Goldstein
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John R Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… John Levine
- Re: [dmarc-ietf] Fwd: New Version Notification fo… Terry Zink
- Re: [dmarc-ietf] Fwd: New Version Notification fo… MH Michael Hammer (5304)