Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
Mukund Sivaraman <muks@isc.org> Tue, 29 September 2015 04:43 UTC
Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA201A004A for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 21:43:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.465
X-Spam-Level:
X-Spam-Status: No, score=-0.465 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=0.77, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8Zxp5bKCEqQ for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 21:43:06 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by ietfa.amsl.com (Postfix) with ESMTP id E08481A0046 for <dnsop@ietf.org>; Mon, 28 Sep 2015 21:43:05 -0700 (PDT)
Received: from jurassic.l0.malgudi.org (unknown [115.118.74.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 136552BA0A7E; Tue, 29 Sep 2015 04:43:02 +0000 (GMT)
Date: Tue, 29 Sep 2015 10:12:59 +0530
From: Mukund Sivaraman <muks@isc.org>
To: Robert Edmonds <edmonds@mycre.ws>
Message-ID: <20150929044259.GB4513@jurassic.l0.malgudi.org>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org> <20150928173028.GA2328@mycre.ws> <20150928173255.GA23429@jurassic.l0.malgudi.org> <20150928182004.GA3197@mycre.ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="24zk1gE8NUlDmwG9"
Content-Disposition: inline
In-Reply-To: <20150928182004.GA3197@mycre.ws>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/f-dtJnWml9SE1fJ92QPWsglq1sw>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 04:43:07 -0000
Hi Robert On Mon, Sep 28, 2015 at 02:20:04PM -0400, Robert Edmonds wrote: > Mukund Sivaraman wrote: > > Hi Robert > > > > On Mon, Sep 28, 2015 at 01:30:28PM -0400, Robert Edmonds wrote: > > > 16 bits is an awful lot of space for the ALGORITHM field. Compare to > > > the DNSSEC algorithm number field, which is only 8 bits. > > > > Do you suggest changing it to 8 bits too? > > If you keep an algorithm field, yes, I suggest changing it to 8 bits. OK. I'll make this change. :) > It seems unlikely more than one or two algorithms would ever be > implemented. Is algorithm agility really needed, though, given that > there are ~65000 unused EDNS0 option codes? If I follow correctly, what you're suggesting is that if an algorithm becomes weak, we jump to a new EDNS option which has a different EDNS option code assigned. This seems like a bad idea to me, because as such option codes get assigned, they will be spread out and the code in DNS implementations which handle it will look dirty. It's better to keep it all under one option code, even if it occupies 1 more byte. > I am also curious why a cryptographic hash function (SHA-1) is needed > for this. Is a fast non-cryptographic checksum not suitable (e.g., > CRC-32C, which can be computed in hardware on x86 CPUs)? SHA-1 was chosen without too much consideration for anything. Appendix A was empty initially and SHA-1 was added as a placeholder to fill that section. The list of algorithms is best decided by discussion here, and SHA-1 can be removed if it is unsuitable. On the topic, I'll add a penny: checksum algorithms (as we want them here) have two extremes, one of which is to protect against accidental modifications of data, and another which is to protect against malicious/intentional modification of data. There are also others such as hashing functions (uniform distribution in the mapped output range, or something more specific). All these have different performance characteristics. CRCs serve towards the "accidental modifications" category, and SHA-1 towards the "intentional modification" one. We want something suitable in the latter category, a cryptographic hash function, though the level of security it provides need not be as high as that expected for a long-lived signature. Mukund
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-mu… Robert Edmonds
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-mu… Robert Edmonds
- Re: [DNSOP] New Version Notification for draft-mu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-mu… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Davey Song
- Re: [DNSOP] New Version Notification for draft-mu… Ólafur Guðmundsson