Re: draft-ietf-dnsext-dnssec-gost

Paul Hoffman <paul.hoffman@vpnc.org> Thu, 11 February 2010 21:23 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D37B228C164 for <ietf@core3.amsl.com>; Thu, 11 Feb 2010 13:23:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.033
X-Spam-Level:
X-Spam-Status: No, score=-6.033 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e2UkiAJ5VtU4 for <ietf@core3.amsl.com>; Thu, 11 Feb 2010 13:23:28 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 2A0C328C169 for <ietf@ietf.org>; Thu, 11 Feb 2010 13:23:28 -0800 (PST)
Received: from [75.101.18.87] (sn87.proper.com [75.101.18.87]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o1BLOKBQ044792 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Feb 2010 14:24:20 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240804c79a234f3ad8@[75.101.18.87]>
In-Reply-To: <20100211210434.GJ9592@shinkuro.com>
References: <p06240806c799d87e7406@[128.89.89.170]> <4B74646F.3080904@ogud.com> <20100211210434.GJ9592@shinkuro.com>
Date: Thu, 11 Feb 2010 13:24:05 -0800
To: Andrew Sullivan <ajs@shinkuro.com>, Olafur Gudmundsson <ogud@ogud.com>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: draft-ietf-dnsext-dnssec-gost
Content-Type: text/plain; charset="us-ascii"
Cc: ietf@ietf.org, iesg@iesg.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2010 21:23:28 -0000

At 4:04 PM -0500 2/11/10, Andrew Sullivan wrote:
>So the question here is not what algorithms get "first class" status
>in general, but whether we want to have different classes of support
>for DNSSEC, given the current conditions. 

First off, thank you for better stating the question.

There are a plethora of signing algorithms. Note that a signing algorithm consists of a public key algorithm *and* a hash algorithm.

The question here is whether they also have SHOULD-level requirements to process every signing algorithm that is in the IANA registry. Having such a requirement gives attackers a much wider target: in order to spoof a signature, they can pick the weakest of a large collection of algorithms.

For example, there is already a published attack on the GOST hash function that does not exist in SHA-256 and SHA-512. The GOST algorithms have had much less cryptographic review than other algorithms. If that attack becomes practical, an attacker can create signatures using GOST that he/she could not create in RSA/SHA-256 or RSA/SHA-512.

Given this, the answer to the question should be "no, not all algorithms automatically get SHOULD-level requirements". The IETF can, on a case-by-case basis, decide if they want to update the base DNSSEC spec to include a SHOULD-level or MUST-level requirement for a new signature algorithm.

--Paul Hoffman, Director
--VPN Consortium