IETF Logo Mail Archive

Re: [DNSOP] ECDSA woes

Mikael Abrahamsson <swmike@swm.pp.se> Sun, 16 October 2016 08:16 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92DF21295DA for <dnsop@ietfa.amsl.com>; Sun, 16 Oct 2016 01:16:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.432
X-Spam-Level:
X-Spam-Status: No, score=-2.432 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oeVx8a14KZMm for <dnsop@ietfa.amsl.com>; Sun, 16 Oct 2016 01:16:21 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F9251295D1 for <dnsop@ietf.org>; Sun, 16 Oct 2016 01:16:21 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 866FEA2; Sun, 16 Oct 2016 10:16:19 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1476605779; bh=59mzDPzKUdBI2t52wynWAIULw248ldS98XgOLJLWWQg=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=B48VTA0hFCKjX1soZyQITauD5xMK36TFdlA2EOox4U+itj60hgoTnS9JzvSACc2QT sOOEUafC5MhESMYFKFXse7szjGJzluNuYzJRrr36x6CyDVe/twEjS85KTjzw2CFyMi 9OOjbm7GeVHMEjdfLnr86tzEVhhWV0FBgUcZ+B34=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 746CCA1; Sun, 16 Oct 2016 10:16:19 +0200 (CEST)
Date: Sun, 16 Oct 2016 10:16:19 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Ólafur Guðmundsson <olafur@cloudflare.com>
In-Reply-To: <CAN6NTqz1Qk57KWFUio0jY36gkMi+HNmMvH4+PpSF-nhux+UXWg@mail.gmail.com>
Message-ID: <alpine.DEB.2.02.1610161014330.12036@uplift.swm.pp.se>
References: <alpine.DEB.2.02.1610150806380.26951@uplift.swm.pp.se> <c1e14584-a444-37ef-1e4c-d1077ba4f384@bellis.me.uk> <alpine.DEB.2.02.1610151717420.12036@uplift.swm.pp.se> <0A83A7D9-E7E8-4494-86F9-F19AE96967D7@fl1ger.de> <alpine.DEB.2.02.1610151751210.12036@uplift.swm.pp.se> <11BD031F-EDBF-4DF6-A167-0240581EBD0F@apnic.net> <CAN6NTqz1Qk57KWFUio0jY36gkMi+HNmMvH4+PpSF-nhux+UXWg@mail.gmail.com>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-137064504-1437314212-1476605779=:12036"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/3JZV21rS7hUnH0pU3xhUZy6DeN0>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] ECDSA woes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2016 08:16:22 -0000

On Sat, 15 Oct 2016, Ólafur Guðmundsson wrote:

> I have domains signed by all combinations of signing algorithms and DS
> digests as well as Nsec variants
> Ds-n.alg-m-nsec.dnssec-test.org
>
> Replace n with 1..4
> M with 1..14
> Nsec is one of Nsec nsec3 none

I'd be veryinterested if you could create an algorithm called "99" (or 
something), and we could test that. Anyone not loading the "99" resource 
is violating the "SHOULD", even if they understand ECDSA.

This would investigate ratio of problems when we want to introduce a new 
algorithm in the future.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email