Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA validation of <2048 keys
Bjørn Mork <bjorn@mork.no> Mon, 25 April 2022 10:02 UTC
Return-Path: <bjorn@miraculix.mork.no>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584843A15A5 for <dnsop@ietfa.amsl.com>; Mon, 25 Apr 2022 03:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mork.no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xmlSQifas7b for <dnsop@ietfa.amsl.com>; Mon, 25 Apr 2022 03:02:45 -0700 (PDT)
Received: from louie.mork.no (louie.mork.no [IPv6:2001:41c8:51:8a:feff:ff:fe00:e5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C08BE3A15A3 for <dnsop@ietf.org>; Mon, 25 Apr 2022 03:02:43 -0700 (PDT)
Received: from canardo.dyn.mork.no ([IPv6:2a01:799:c9d:7e00:0:0:0:1]) (authenticated bits=0) by louie.mork.no (8.15.2/8.15.2) with ESMTPSA id 23PA2Z4Z1268144 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Mon, 25 Apr 2022 11:02:39 +0100
Received: from miraculix.mork.no ([IPv6:2a01:799:c9d:7e02:9be5:c549:1a72:4709]) (authenticated bits=0) by canardo.dyn.mork.no (8.15.2/8.15.2) with ESMTPSA id 23PA2Tur1213123 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Mon, 25 Apr 2022 12:02:29 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b; t=1650880950; bh=9gfwtDqemreMC5fouKQtiHm0yTGW7/9sMM1UIXS5xcQ=; h=From:To:Cc:Subject:References:Date:Message-ID:From; b=VaMgqK+CChCJcqmMe7rHmFbGbyEpAm81xwLtlkpPYHWeg6qZD0rfds+V4kce9b8uy mjDSOvsKYj7Y7ugPul+QufK3ypjqiJUU35amRBTQCTmQjlZsZ0ss5EC3/U0oadpkNC XGA88cXig8K1M6pAd8UcxFdNF6tSPthkR9xj9DWw=
Received: (nullmailer pid 1116978 invoked by uid 1000); Mon, 25 Apr 2022 10:02:28 -0000
From: Bjørn Mork <bjorn@mork.no>
To: Petr Menšík <pemensik@redhat.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Organization: m
References: <356059e5-e973-3d6c-569c-9ff9d9fe16e6@redhat.com>
Date: Mon, 25 Apr 2022 12:02:28 +0200
In-Reply-To: <356059e5-e973-3d6c-569c-9ff9d9fe16e6@redhat.com> ("Petr Menšík"'s message of "Mon, 25 Apr 2022 11:20:19 +0200")
Message-ID: <87v8uxh45n.fsf@miraculix.mork.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.103.5 at canardo
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ySIyg2w9JDILh0DCo2tZVByyCPE>
Subject: Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA validation of <2048 keys
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2022 10:02:51 -0000
Petr Menšík <pemensik@redhat.com> writes: > Our crypto team is > responsible for preparing RHEL 9 for FIPS 140-3 certification. They said > there is legal obligation to stop using all RSA signatures with keys > shorter than 2048 bits. Either they're wrong or you're misquoting them by merging "signing" and "verifying" into the confusing and misleading term "using". FIPS 140-3 is a bit more specific than that, fortunately. See table 2 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf which shows the status of RSA keys with 1024 ≤ len(n) < 2048 for Digital Signature Verification as "Legacy use". The text following that table provides more detail: Key lengths providing less than 112 bits of security that were previously specified in FIPS 186 are allowed for legacy use when verifying digital signatures. and RSA: See FIPS 186-239 and FIPS 186-4,40 which include modulus lengths of 1024, 1280, 1536 and 1792 bits, may continue to be used for signature verification but not signature generation Bjørn
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Petr Menšík
- [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA validat… Petr Menšík
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Bjørn Mork
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Bill Woodcock
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Havard Eidnes
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Bill Woodcock
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Paul Wouters
- Re: [DNSOP] FIPS 140-3 mode on RHEL 9 and RSA val… Petr Menšík