[DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)
Paul Vixie <paul@redbarn.org> Mon, 27 March 2017 19:45 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96FC21295E3 for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2017 12:45:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHJNL5taYpBC for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2017 12:45:12 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F0F1294AE for <dnsop@ietf.org>; Mon, 27 Mar 2017 12:45:08 -0700 (PDT)
Received: from [IPv6:2001:67c:370:128:a0d6:a112:7504:16a1] (t2001067c03700128a0d6a112750416a1.v6.meeting.ietf.org [IPv6:2001:67c:370:128:a0d6:a112:7504:16a1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 5980161F9C for <dnsop@ietf.org>; Mon, 27 Mar 2017 19:45:08 +0000 (UTC)
Message-ID: <58D96BC0.9040701@redbarn.org>
Date: Mon, 27 Mar 2017 12:45:04 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.12 (Windows/20170323)
MIME-Version: 1.0
To: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/G3UAMpGCUgXPz4S9RAPV4eR69gc>
Subject: [DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 19:45:14 -0000
evan hunt of isc just spoke at the microphones and said "an md5 validator implementation that isn't used isn't hurting anybody." on pressure of time, the microphones had closed, so i'm commenting here. i disagree. all code has bugs, eventually. or at least, there is no existence proof to the contrary, and also, no reason to suspect otherwise. so, code that is not used will not be reviewed or maintained. it's a risk, just by existing. also, a validator that outputs "secure" based on MD5 inputs is making a promise it can't keep. noone should believe such an output, but there is no way to signal such a policy -- other than by removing the code point, and the code that implements it. -- P Vixie
- [DNSOP] on staleness of code points and code (men… Paul Vixie
- Re: [DNSOP] on staleness of code points and code … Jim Reid
- Re: [DNSOP] on staleness of code points and code … George Michaelson
- Re: [DNSOP] on staleness of code points and code … Evan Hunt
- Re: [DNSOP] on staleness of code points and code … Evan Hunt
- Re: [DNSOP] on staleness of code points and code … Mukund Sivaraman
- Re: [DNSOP] on staleness of code points and code … Tony Finch
- Re: [DNSOP] on staleness of code points and code … Philip Homburg
- Re: [DNSOP] on staleness of code points and code … Jan Včelák
- Re: [DNSOP] on staleness of code points and code … Paul Hoffman
- Re: [DNSOP] on staleness of code points and code … Tony Finch
- Re: [DNSOP] on staleness of code points and code … Evan Hunt
- Re: [DNSOP] on staleness of code points and code … Jim Reid
- Re: [DNSOP] on staleness of code points and code … Petr Špaček
- Re: [DNSOP] on staleness of code points and code … Paul Wouters
- Re: [DNSOP] on staleness of code points and code … Petr Špaček
- Re: [DNSOP] on staleness of code points and code … Peter van Dijk
- Re: [DNSOP] on staleness of code points and code … Evan Hunt
- Re: [DNSOP] on staleness of code points and code … Philip Homburg