Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Andrew Sullivan <ajs@anvilwalrusden.com> Fri, 28 March 2014 13:11 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3EE01A0919 for <dnsop@ietfa.amsl.com>; Fri, 28 Mar 2014 06:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.141
X-Spam-Level:
X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYIzqbIuigyt for <dnsop@ietfa.amsl.com>; Fri, 28 Mar 2014 06:11:14 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id AAE871A065B for <dnsop@ietf.org>; Fri, 28 Mar 2014 06:11:14 -0700 (PDT)
Received: from mx1.yitter.info (69-165-131-253.dsl.teksavvy.com [69.165.131.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 24DE38A031 for <dnsop@ietf.org>; Fri, 28 Mar 2014 13:11:12 +0000 (UTC)
Date: Fri, 28 Mar 2014 09:11:10 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20140328131110.GC52393@mx1.yitter.info>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <4B70E4D6-6750-4E5A-9058-7F94588DEF4C@vpnc.org> <CAL9jLaaAYPfRNSmoO=G+q2JA4a2RVsV-z-0o3RFY7r+dQN-a_w@mail.gmail.com> <734640E6-6393-4EBF-BE36-5C05026027E5@icsi.berkeley.edu> <alpine.LFD.2.10.1403271535160.4908@bofh.nohats.ca> <DD41060F-0006-4452-876C-6095B4A502AA@icsi.berkeley.edu> <alpine.LFD.2.10.1403271630300.4908@bofh.nohats.ca> <alpine.LSU.2.00.1403281259440.31260@hermes-1.csi.cam.ac.uk> <CAMm+Lwj+B5T63C6eJuq2z3Ppn2rQNDVc_8LFw8E05A=E_7i82g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMm+Lwj+B5T63C6eJuq2z3Ppn2rQNDVc_8LFw8E05A=E_7i82g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/Fp8QbMcl489_ciOI30y4S7C9RG0
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 13:11:20 -0000

On Fri, Mar 28, 2014 at 09:06:17AM -0400, Phillip Hallam-Baker wrote:
> Code is only vulnerable if it trusts 1024bit RSA. Code should not trust
> 1024bit RSA.
> 
> Therefore ICANN needs to sign the root zone with 2048 before we consider it
> signed. End of story.

I think the point was that there was a time when the root was signed
(it happens to include now) with 1024 bit RSA, and if you want to
include that in the "signed period" then you need to accept that risk.
The selection of 1024 bits was done on the advice of those that some
people turn out now not to trust, but I think hindsight may be
different than foresight.

I don't think you can make the argument that the root zone is not
signed now, because if you do then in some future when 2048 bit RSA
turns out to be vulnerable, you'll have to repeat the argument.  That
seems absurd (it devolves to Zeno's zone signer).

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com