Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC
Michael Sinatra <michael@brokendns.net> Tue, 27 March 2018 17:03 UTC
Return-Path: <michael@brokendns.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3141271DF for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 10:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOyHmTPP6Nas for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 10:03:03 -0700 (PDT)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6579E126DED for <dnsop@ietf.org>; Tue, 27 Mar 2018 10:03:03 -0700 (PDT)
Received: from elwha.brokendns.net (elwha.brokendns.net [206.125.172.202]) by burnttofu.net (8.15.2/8.15.2) with ESMTPS id w2RH2xTA070730 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 27 Mar 2018 13:03:01 -0400 (EDT) (envelope-from michael@brokendns.net)
Received: from nofx.lbl.gov (nofx.lbl.gov [IPv6:2620:83:8000:107::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elwha.brokendns.net (5.65c/IDA-1.4.4/5.63) with ESMTPSA id CEF7E40A20; Tue, 27 Mar 2018 10:02:58 -0700 (PDT)
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: dnsop@ietf.org
References: <EBE54422-0A97-4B33-BD55-01CACF1F272A@isc.org> <525a5b1f-07a6-1fb1-aada-5a5dc07db110@brokendns.net> <524A0C89-F1CE-4D36-BB45-1FDFF210E656@vpnc.org>
From: Michael Sinatra <michael@brokendns.net>
Message-ID: <09435ace-eadf-d5cb-bd00-c007a9126316@brokendns.net>
Date: Tue, 27 Mar 2018 10:21:59 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <524A0C89-F1CE-4D36-BB45-1FDFF210E656@vpnc.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (burnttofu.net [162.217.113.18]); Tue, 27 Mar 2018 13:03:01 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mCkUU7SvU2W1dWmwYBgdCEYkNAg>
Subject: Re: [DNSOP] New Version of draft-ietf-dnsop-algorithm-update-00: Algorithm Implementation Requirements and Usage Guidance for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 17:03:05 -0000
On 03/27/18 05:43, Paul Hoffman wrote: > On 26 Mar 2018, at 17:30, Michael Sinatra wrote: > >> I am a bit uncomfortable with the document's disrecommendation of SHA384 >> and ECDSAP384SHA384. The main reason for this is that for crypto >> recommendations here in the USG, > > Note that those are for encryption, where they want to keep some things > secret for 40 or more years. DNSSEC is an authentication mechanism. If > it takes two decades to break an P256 key that is used for encryption, > the attacker gets much (much!) more value than breaking one that is used > for authentication. Agree, and I would even add that the limited signature validity interval of DNSSEC makes ECDSAP256SHA256 more than "good enough" for DNSSEC. However, my motivation is based on your next point... > The fact that the NSA document is unclear on this point has been causing > problems for many people, including for people inside the NSA. My goal is to basically avoid confusion and just tell people to use the strongest algorithm they can reasonably use. I.e. follow the CNSA recommendations and don't spend a lot of time thinking about the application. I'll try to come up with some wording for the draft (i.e. the sentence that I was uncomfortable with) that captures the notion that P-384/SHA384 doesn't add much in the way of security, but that there's nothing wrong with "crypto maximalism" in this case, and see what the WG thinks. michael
- [DNSOP] New Version of draft-ietf-dnsop-algorithm… Ondřej Surý
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Paul Wouters
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Ondřej Surý
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Frederico A C Neves
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Viktor Dukhovni
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Ondřej Surý
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Frederico A C Neves
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Paul Wouters
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Michael Sinatra
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Ondřej Surý
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Paul Hoffman
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Michael Sinatra
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Paul Hoffman
- Re: [DNSOP] New Version of draft-ietf-dnsop-algor… Michael Sinatra