Re: [DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)

George Michaelson <ggm@algebras.org> Mon, 27 March 2017 21:16 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2223C12956E for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2017 14:16:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cCwIjM9rYg9S for <dnsop@ietfa.amsl.com>; Mon, 27 Mar 2017 14:16:42 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EAE5129699 for <dnsop@ietf.org>; Mon, 27 Mar 2017 14:16:32 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id s68so67451496vke.3 for <dnsop@ietf.org>; Mon, 27 Mar 2017 14:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pScQHlksuVzxbb3rMGbWo8Z0fZ5yfB1sA5NKIjx5LpE=; b=qTASBCo4HOYhWByh42EqzrF58bLzZvy4ODtuEA6PT+uVZbKrKfrNNy5Mx3udsqmMW7 6B6WvoYvWJRofeIZsHyMywFV/IYrU2WF/kGF4m8p9WtqwacUiDz0TaXxg8g7Dr1QRHHi Ew+AlXmC2qsTnW5rj7bT3FNVbleq3pGmmkzCnxKTmwZmmY4Oqx4kpL/3yaI3Z5ZhNBAR PfAvIe27P98EMh9iXZj9ool+ynUcEkPpHgeBTr17tbA4NIzfHjoPXUXL9t+LwbxtR/te f4IP99VrNt3HrcztFkzXPtC9JXyQ3sFtwlrBJG065gLeoHQQpT2EQ4LTX24D+IY13+mo AHhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pScQHlksuVzxbb3rMGbWo8Z0fZ5yfB1sA5NKIjx5LpE=; b=uS9YQK4y35ARFGsXusIDpCBUiHueBS/7BfUkHARRGAo/Y1F1mr1YJLCC6eiXt5X2DX hNbtUJSa+c/cAscM6uXEDIRAO11kLKgnmVjDwcPxtL9CDs4JAhzc4M7ohNxk5pvmngFw bjtpxHzHgKKhl19LToiEgANy2wXSt850hI3c8/Bkp7303hyeX3z1DkPMrTeyz70K6KRU JSCgcq0q7d5rG05xYYsYPyGC8rjGld1FADSTET6kmiNCaccJwPKyyvq/IVw8ZEGuJ2AV ikLSZlcxO68xPTYCv2bnKBtbvwS43WuEIOH9NF28pC9oJmft8xrHWHfS0SNA3bXx+72t hxJw==
X-Gm-Message-State: AFeK/H0wNRrblw1onubqGFsbPkejlhHLg9I9JfvaZJHOb0/OpwEy1M0SoOX+IPwG2z6SOmzNNQLdk8XtadBsew==
X-Received: by 10.159.48.193 with SMTP id k1mr10162602uab.49.1490649391070; Mon, 27 Mar 2017 14:16:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.84.20 with HTTP; Mon, 27 Mar 2017 14:16:30 -0700 (PDT)
X-Originating-IP: [2001:67c:370:128:7d2b:3ede:b43f:2f90]
In-Reply-To: <CEA6CE48-E9ED-4618-8A09-0D88AB01500F@rfc1035.com>
References: <58D96BC0.9040701@redbarn.org> <CEA6CE48-E9ED-4618-8A09-0D88AB01500F@rfc1035.com>
From: George Michaelson <ggm@algebras.org>
Date: Mon, 27 Mar 2017 16:16:30 -0500
Message-ID: <CAKr6gn19the=c=SekYhZQVDd2HyPha-t_bk-KWi=hAyfQSFgeg@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cO8r8wSQ-NvjgAwfYJh1b8_F9iE>
Subject: Re: [DNSOP] on staleness of code points and code (mentions MD5 commentary from IETF98)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 21:16:45 -0000

also +1.

if we define them beyond deprecated to REMOVED then we get some
confidence its the pool of dead code who remain at risk, should
threats emerge.

if we leave them in validation, we can't tell if 'modern' technology
is exposed to risk we didn't understand as attacks get better.

RC4 got removed from browsers. RC4 got removed from OpenSSH. I know
we're a different crypto use-case, but I think we should reflect on
this.

-G

On Mon, Mar 27, 2017 at 4:10 PM, Jim Reid <jim@rfc1035.com> wrote:
>
>> On 27 Mar 2017, at 20:45, Paul Vixie <paul@redbarn.org> wrote:
>>
>> all code has bugs, eventually. or at least, there is no
>> existence proof to the contrary, and also, no reason to suspect
>> otherwise. so, code that is not used will not be reviewed or maintained.
>> it's a risk, just by existing.
>
> +1. The most reliable and safest code is the code that isn't there.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop