[Gen-art] Updated draft-os-ietf-sshfp-ecdsa-sha2-06.txt

Ondřej Surý <ondrej.sury@nic.cz> Fri, 27 January 2012 13:46 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7F75A21F8592; Fri, 27 Jan 2012 05:46:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 9Yz8ojTvAPVw; Fri, 27 Jan 2012 05:46:54 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id AB59C21F8591; Fri, 27 Jan 2012 05:46:54 -0800 (PST)
Received: from kimac.office.nic.cz (fw.nic.cz []) by mail.nic.cz (Postfix) with ESMTPSA id 7CFF12A3056; Fri, 27 Jan 2012 14:46:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1327672013; bh=MlZVkJNfWV2icNfnEe5Pom86bz3CV3932502QSNP/NU=; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=Uy3YMUYDAsBZf8+ujtcoNSi9hMPMA0UG4xdW+8GhYwKoSmSW1MV+sibEjYEXAdjzp H2+4ps0MeaG3+NtDQ33ooiGOw64ysFk0B3MbqKQrbM1TWdKrgjy/OYwpxLa5GkOM+Z eoU/NDugHYHU83tNX1RIYTLovXrc0o09J18GdBaM=
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="utf-8"
From: Ondřej Surý <ondrej.sury@nic.cz>
In-Reply-To: <201201271218.q0RCIlXs009870@givry.fdupont.fr>
Date: Fri, 27 Jan 2012 14:46:53 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <A134B16E-B5E7-4F59-84E6-3A6B4D0EF46F@nic.cz>
References: <201201271218.q0RCIlXs009870@givry.fdupont.fr>
To: Francis Dupont <Francis.Dupont@fdupont.fr>, lionel.morand@orange.com, Peter Koch <pk@DENIC.DE>, Daniel Black <daniel.black@openquery.com>
X-Mailer: Apple Mail (2.1251.1)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Cc: gen-art@ietf.org, ops-dir@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>, dns-dir@ietf.org, Elwyn Davies <elwynd@googlemail.com>
Subject: [Gen-art] Updated draft-os-ietf-sshfp-ecdsa-sha2-06.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2012 13:46:55 -0000


since I have received many comments about this block:
>>           ECDSA public key fingerprints MUST use the SHA-256 algorithm
>>           for the fingerprint as using the SHA-1 algorithm would
>>           weaken the security of the key, which itself can use only
>>           SHA-2 family of algorithms RFC 5656 (Section 3.1.1).

I have removed it from the draft version -06 and kept only the part in
Implementation Considerations:

4.1.  Support for SHA-256 fingerprints

   SSHFP-aware Secure Shell implementations SHOULD support the SHA-256
   fingerprints for verification of the public key.  Secure Shell
   implementations which support SHA-256 fingerprints MUST prefer a SHA-
   256 fingerprint over SHA-1 if both are available for a server.  If
   the SHA-256 fingerprint is tested and does not match the key SSH
   public key received from the SSH server key, then the key MUST be
   rejected rather than testing the alternative SHA-1 fingerprint.

and Security Considerations

   Users of SSHFP are encouraged to deploy SHA-256 as soon as
   implementations allow for it.  SHA-2 family of algorithms is widely
   believed to be more resilient to attack than SHA-1, and confidence in
   SHA-1's strength is being eroded by recently announced attacks [IACR
   2007/474].  Regardless of whether or not the attacks on SHA-1 will
   affect SSHFP, it is believed (at the time of this writing) that SHA-
   256 is the better choice for use in SSHFP records.

I believe that now all concerns are solved, but I haven't got the review
from secdir yet.

 Ondřej Surý
 vedoucí výzkumu/Head of R&D department
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112