Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-01
Russ Housley <housley@vigilsec.com> Wed, 10 May 2017 17:46 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAC4A12E03D for <dnsop@ietfa.amsl.com>; Wed, 10 May 2017 10:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aIVtx-qiHuK for <dnsop@ietfa.amsl.com>; Wed, 10 May 2017 10:46:54 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C53812DDD2 for <dnsop@ietf.org>; Wed, 10 May 2017 10:46:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E8FCC300541 for <dnsop@ietf.org>; Wed, 10 May 2017 13:46:53 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FwHiQ1B7W65p for <dnsop@ietf.org>; Wed, 10 May 2017 13:46:52 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 9FA4B3004B6; Wed, 10 May 2017 13:46:52 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <A9522E5E-D163-4C3E-853B-CD3AC15E6C94@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A7621989-6F0D-4AA1-B4D5-AE98F0844C27"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 10 May 2017 13:46:52 -0400
In-Reply-To: <alpine.LRH.2.20.999.1705081236110.14424@bofh.nohats.ca>
Cc: IETF DNSOP WG <dnsop@ietf.org>
To: Paul Wouters <paul@nohats.ca>
References: <20170410093847.GA21654@jurassic> <CA+nkc8AebVmM46FQ3hzcz9OkNEMvBu6EcSHF-L=hp9qobS8UHQ@mail.gmail.com> <20170410150917.GA22210@jurassic> <36190869-0215-4BA9-AF9E-297CA4035849@ogud.com> <alpine.LRH.2.20.999.1705081236110.14424@bofh.nohats.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/n7QHIYCd1LeYGWlYlQh2E2OhJKM>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dnsop-dnssec-sha3-01
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 17:46:56 -0000
> On May 8, 2017, at 12:46 PM, Paul Wouters <paul@nohats.ca> wrote: > >> The RSA KEY size allowed for these new supposed stronger Digest algorithms is still left at 1024 or 1280 bytes, even though number >> of other parts of the the Internet community will not consider signatures by keys with less than 2048 bits. > > Not only that, but the reason specified is to bump RSA from > RSASSA-PKCS1-v1_5 to RSASSA-PSS. As far as I know, the security > issues of RSASSA-PKCS1-v1_5 are that when using it to _encrypt_ > bogus data, it can be used as an oracle to obtain private key > bits. That means there is no on-the-wire security issue with > RSASSA-PKCS1-v1_5 for Digital Signatures. And if HSMs are used > to protect access to private keys, those keys should be marked > as "signing only keys" to avoid exposing the private key via this > attack if the machine with the HSM is compromised. If we are going to stick with RSA signatures, then I agree that we should move toward RSASSA-PSS. However, if we are going to make a change, then it is probably time to move toward the shorter public keys offered by elliptic cure cryptography. Russ
- [DNSOP] Fwd: New Version Notification for draft-m… Mukund Sivaraman
- Re: [DNSOP] Fwd: New Version Notification for dra… Bob Harold
- Re: [DNSOP] Fwd: New Version Notification for dra… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Olafur Gudmundsson
- Re: [DNSOP] New Version Notification for draft-mu… Russ Housley
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Russ Housley
- Re: [DNSOP] New Version Notification for draft-mu… Petr Špaček