Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-00.txt

Jelte Jansen <> Thu, 06 April 2017 08:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE7AE12783A for <>; Thu, 6 Apr 2017 01:37:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ztFN-7tFkxe4 for <>; Thu, 6 Apr 2017 01:37:40 -0700 (PDT)
Received: from ( [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A2F61201FA for <>; Thu, 6 Apr 2017 01:37:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt;; s=sidn-nl; c=relaxed/relaxed; h=subject:to:references:from:message-id:date:user-agent:mime-version:in-reply-to:content-type:x-originating-ip:x-clientproxiedby; bh=uZH0qZIlUVt3vu0R1lanQhWhucBQ0qSHi9hKvNRLc+k=; b=C/PcEExwKhTBAPzvFJQbvbqrfKKHpk3CEMVP9r5Oba/lpfvSPs0MQ2jbaKUoyxlklbIpJ/YGVA29q0+vuQ6KS/C+vOle+nEIqdH1AHiVaf36OaLDEpaqtC+CNbcXOaFm/52P7Th+OBWNlvQz68OmUvrQLd36aPOzy8FRnwyYE5Yr8cbgANiN3sLQjwXln7EbpTgGvCq7QOs15fag6x841npIxUdVvLsvDSJsZi+9zKKFKJj8jyU6xuF1sHcSfLHHqGr/PP29MX9TW4X0gj1bZ20OitxYsec6b4vMfJtwrbIMfih/ngRt3jG62RS5a1VUImI24vGBYdXtuUoNLaqUfw==
Received: from ka-mbx01.SIDN.local ([]) by with ESMTP id v368bbQh000331-v368bbQj000331 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <>; Thu, 6 Apr 2017 10:37:37 +0200
Received: from ( by ka-mbx01.SIDN.local ( with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 6 Apr 2017 10:37:37 +0200
To: <>
References: <20170405084256.GA22692@jurassic> <> <20170405145010.GA29337@jurassic>
From: Jelte Jansen <>
Message-ID: <>
Date: Thu, 6 Apr 2017 10:37:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0
MIME-Version: 1.0
In-Reply-To: <20170405145010.GA29337@jurassic>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ikbELf8E7XjOpVbgXOHOqtl5PXBNwDkPS"
X-Originating-IP: []
X-ClientProxiedBy: ka-hubcasn02.SIDN.local ( To ka-mbx01.SIDN.local (
X-FEAS-SPF: 2 / 2, ip=, helo=,,
Authentication-Results:; spf=pass ( domain of designates as permitted sender)
Archived-At: <>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-00.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Apr 2017 08:37:43 -0000

On 2017-04-05 16:50, Mukund Sivaraman wrote:
>> Also, it is weird that a draft that is about having a fallback if a hash
>> algorithm becomes weakened uses the RSASSA-PKCS1-v1_5 signature scheme,
>> given that PKCS1 1.5 is already known to be weakened.
> It was to allow simple addition of the algorithm to existing
> implementations. However, in light of your comment, we'll discuss
> revising it.

We can certainly discuss alternative schemes, RSASSA-PSS is a potential
alternative, which I understand is considered (much?) better. It has a
big drawback though, in that it requires salt, which can be a big issue
for large deployments.

An advantage would be that then we not only have an alternative within
the RSA family for SHA2, but also for the signature scheme itself.

Speaking of the use-case to pick up this work; IMO having more
cryptographic algorithms ready for use is generally a good thing; we
don't have to wait until the existing ones are completely broken :)