IETF Logo Mail Archive

Re: [DNSOP] ECDSA woes

Mikael Abrahamsson <swmike@swm.pp.se> Sat, 15 October 2016 15:53 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E9E129670 for <dnsop@ietfa.amsl.com>; Sat, 15 Oct 2016 08:53:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.297
X-Spam-Level:
X-Spam-Status: No, score=-7.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yt-yEqgSPq5r for <dnsop@ietfa.amsl.com>; Sat, 15 Oct 2016 08:53:44 -0700 (PDT)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F98A1296E6 for <dnsop@ietf.org>; Sat, 15 Oct 2016 08:53:43 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 077E1A2; Sat, 15 Oct 2016 17:53:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1476546821; bh=0b4C9g32cfuS2tI3mMbDeLg6ej7EdcPOZfyXZ405fx4=; h=Date:From:To:Subject:In-Reply-To:References:From; b=Esou1fZsUAGqO/rhp+DrzKVV8uUubwrEK/C6MooyWf8Vhy3gPh2hZ1ZXqORD6Aqtc pspAm3LuNZbYn+umJKaCl3lY6fg1xfdmyHValmJ3ZHKW/WyCU2mjDr7CAr3s4pSDKa L00S1WchB0gwHt4TYRev61EG2e3epJwgCSeQUMGc=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id F3BD3A1 for <dnsop@ietf.org>; Sat, 15 Oct 2016 17:53:40 +0200 (CEST)
Date: Sat, 15 Oct 2016 17:53:40 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: dnsop@ietf.org
In-Reply-To: <0A83A7D9-E7E8-4494-86F9-F19AE96967D7@fl1ger.de>
Message-ID: <alpine.DEB.2.02.1610151751210.12036@uplift.swm.pp.se>
References: <alpine.DEB.2.02.1610150806380.26951@uplift.swm.pp.se> <c1e14584-a444-37ef-1e4c-d1077ba4f384@bellis.me.uk> <alpine.DEB.2.02.1610151717420.12036@uplift.swm.pp.se> <0A83A7D9-E7E8-4494-86F9-F19AE96967D7@fl1ger.de>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/w4eaGIckEaDVrTHQPHPf2VO7eVg>
Subject: Re: [DNSOP] ECDSA woes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 15:53:46 -0000

On Sat, 15 Oct 2016, Ralf Weber wrote:

> Geoff Houston did some research here some years ago and just did an update to 
> his findings. You might want to look at:
> 	http://www.potaroo.net/ispcol/2016-10/ecdsa-v2.html

Do we know how many experiments failed because the resolver erroneously 
reported error for ECDSA signed domains?

>From reading Geoffs text, it's not obvious to me that this error case is 
caught by his tests?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email