IETF Logo Mail Archive

Re: [dns-dir] some comments on draft-os-ietf-sshfp-ecdsa-sha2-04.txt

Ondřej Surý <ondrej.sury@nic.cz> Fri, 27 January 2012 08:01 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: dns-dir@ietfa.amsl.com
Delivered-To: dns-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5455B21F8522 for <dns-dir@ietfa.amsl.com>; Fri, 27 Jan 2012 00:01:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rmQ9YtXz3rgC for <dns-dir@ietfa.amsl.com>; Fri, 27 Jan 2012 00:01:01 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id 44E5A21F851E for <dns-dir@ietf.org>; Fri, 27 Jan 2012 00:01:00 -0800 (PST)
Received: from [IPv6:2001:1488:ac14:1400:e0b7:7a23:933c:691b] (unknown [IPv6:2001:1488:ac14:1400:e0b7:7a23:933c:691b]) by mail.nic.cz (Postfix) with ESMTPSA id 2D91F2A2E2D; Fri, 27 Jan 2012 09:00:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1327651259; bh=fgotDQIAHRCl+al8LcRUwd7R6Z5aYPIbfuaZ1ltL/g0=; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=HJYdw8TivvmIXjfChwu1/T3FD2BLdTdfnpMuXEQf4PvjKvaafnkJF8aWw58sBW/Nw XwNy6kbIQ3YZZLSJEG+tLcn7d6Ttp1Xs3XmWbXABrGR6m4uizT5x1OW4e5atilf80u 8V1LccPj5emQQRAffNJvaVJ3U4gnCimyEd1M/2JU=
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="utf-8"
From: Ondřej Surý <ondrej.sury@nic.cz>
In-Reply-To: <20120104181709.GP13424@x27.adm.denic.de>
Date: Fri, 27 Jan 2012 09:00:58 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <A1AF0D31-AC51-47C1-8528-9A3A28A12A1D@nic.cz>
References: <20120104181709.GP13424@x27.adm.denic.de>
To: Peter Koch <pk@DENIC.DE>
X-Mailer: Apple Mail (2.1251.1)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
X-Mailman-Approved-At: Thu, 02 Feb 2012 08:03:13 -0800
Cc: dns-dir@ietf.org
Subject: Re: [dns-dir] some comments on draft-os-ietf-sshfp-ecdsa-sha2-04.txt
X-BeenThere: dns-dir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNS directorate discussion list <dns-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-dir>
List-Post: <mailto:dns-dir@ietf.org>
List-Help: <mailto:dns-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2012 08:01:02 -0000

Hi Peter,

On 4. 1. 2012, at 19:17, Peter Koch wrote:

> Hi Ondrej,
> 
> i came across another review of <draft-os-ietf-sshfp-ecdsa-sha2-04.txt>
> and would like to add some remarks.  I've copied the DNS Directorate
> for information.  Not sure what the status of the draft is - the
> datatracker confuses me by claiming 'wg document', but i do not see
> which WG?  Generally the draft looks like a good idea!
> 
> To start with some formalities, the header and abstract claim the draft
> updates RFC 4255. I would suggest it does not.  It updates two IANA
> registries defined and seeded by RFC 4255, but it does not (to my
> reading) change any content of RFC 4255.   If it were to update 4255,
> it should probably adjust the registry policies from "IETF consensus"
> as per RFC 2434 to "IETF Review" as per RFC 5226, but that's probably
> for another venue to discuss.

Fixed.  Sound reasonable.

> Second, the document aims at Standards Track and I do not see why.
> An IETF/IESG reviewed RFC would be sufficient.  Not saying it
> should be less than ST, but what's the purpose here?  Later serving
> as normative reference?

I am not aware of such thing as IESG reviewed RFC. RFC 2026 is no
help here.  Maybe you can point me to a reading material?

> In section 3.2 the use of an ECDSA fingerprint is defined.  I could
> not find the description of the Fingerprint in RFC 5656.
> Furtheron it reads
> 
>   ECDSA public key fingerprints MUST use the SHA-256 algorithm for the
>   fingerprint as using the SHA-1 algorithm would weaken the security of
>   the key.
> 
> First, could the claim 'would weaken the security' be substantiated
> (maybe by reference) a bit?  Second, what is the consequence, i.e.
> who is supposed to act on a violation? Is it the DNS implementation
> (hard to achieve with 'transparent' RR types), the DNS operator or
> the consuming entity?  I would suggest to reverse the logic here and
> only demand that a consuming party MUST ignore SHA-1 FPs for ECDSA.

Sounds reasonable, but if I were to reverse the login, it would also
mean that if there's an implementation which generates ECDSA with SHA-1
it wouldn't work for consuming party and it breaks the robustness
principle.

I want to say - if you create the FP use SHA-256, if you receive SHA-1
key then you may use it unless you also receive SHA-256.

> In 4.1, the SHA-256 fingerprint is introduced. The consuming entity
>   is advised "Secure Shell
>   implementations which support SHA-256 fingerprints MUST prefer a SHA-
>   256 fingerprint over SHA-1 if both are available for a server.  If
>   the SHA-256 fingerprint is tested and does not match the supplied
>   key, then the key MUST be rejected rather than testing the
>   alternative SHA-1 fingerprint."
> 
> This assumes that both FPs are for the same key? Couldn't it happen that
> the server offers an RSA and an ECDSA key, using SHA-1 for the former
> and ECDSA for the latter?

No, I don't think so.  The server always offers just one key.  And in the
unlikely scenario where more servers are behind balanced IP address you
would need to keep the keys in sync, because SSH would yell at you every
time you get different server key.

As for key rollovers - you first need to upgrade hashing algorithm
and then add new key.

> Nit: Add some text after the headline "5. Examples", e.g.
> 
>  The following examples provide reference for both the newly defined
>  ECDSA algorithm number and the use of the SHA-256 fingerprint
>  combined with both the new and the existing algorithm numbers.

Thanks for the text, added.

> The examples refer to "OpenSSH format" without any reference.

Good catch.

> The references to the DNSSEC RFCs are probably informative only.


Fixed.

O.
--
 Ondřej Surý
 vedoucí výzkumu/Head of R&D department
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------

v2.23.0 | Report a Bug | By Email