IETF Logo Mail Archive

Re: [keyassure] Opening issue #21: "Need to specify which crypto algorithms and certificate types are mandatory to implement"

Warren Kumari <warren@kumari.net> Thu, 03 March 2011 19:35 UTC

Return-Path: <warren@kumari.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F1E0B3A69F4 for <keyassure@core3.amsl.com>; Thu, 3 Mar 2011 11:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfTh-JmPAG18 for <keyassure@core3.amsl.com>; Thu, 3 Mar 2011 11:35:14 -0800 (PST)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by core3.amsl.com (Postfix) with ESMTP id DAA843A69EE for <keyassure@ietf.org>; Thu, 3 Mar 2011 11:35:13 -0800 (PST)
Received: from dhcp-172-29-46-185.her.corp.google.com (unknown [74.202.225.33]) by vimes.kumari.net (Postfix) with ESMTPSA id 4C5081B40F5D; Thu, 3 Mar 2011 14:36:21 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <9933A160-3DAF-42FA-B5FA-DDF185FA5C63@kumari.net>
Date: Thu, 03 Mar 2011 14:36:21 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <7CDBED48-C800-4169-AF59-72075BA7EC2E@kumari.net>
References: <9933A160-3DAF-42FA-B5FA-DDF185FA5C63@kumari.net>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.1081)
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Opening issue #21: "Need to specify which crypto algorithms and certificate types are mandatory to implement"
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2011 19:35:15 -0000

Hi all,

After watching the thread, I'd like to propose this as a strawman:

Mandatory to implement algorithms are SHA-256 and SHA-384. For now, these are all we specify.

My reasoning behind this is:
1: We don't want to support too many algorithms -- it leads to complexity (which leads to weaker security) and opens the door to interoperability issues and fights over why algorithm X was allowed and Y was not.

2: Having more than 1 algorithm forces implementations to understand that there is not just one, and so should help lead towards algorithm agility

3: In order to do DANE, you have to be able to do DNSSEC -- in order to do DNSSEC you should already support the above.

4: (IMO, an important one, even if not technical one) giving people the ability to choose will lead to greater deployment. Some folk will claim that SHA-256 is too short. Some will claim that SHA-384 is excessively long and computationally expensive. Some will claim something completely random. Almost none of them will have any (rational) basis for their claims, but allowing them to use the algorithm they believe is superior will make them more likely to deploy. 

5: 2 algorithms seems like enough. While SHA1 may or may not be suitable (my (and to be completely blunt, your) views don't really matter) -- there are enough strong views on the strength / lifetime that we are likely to get bogged down / splinter over this. If we were already deployed with SHA1 this would be an important decision, but seeing as we're not, I think that avoiding fight (and living to see another day) is best.
Once again, I'm not saying that I think that SHA1 is (or isn't) fine for this, rather that, in order to get deployed, we should avoid the issue.

#4 and #5 might be pandering, but if it doesn't decrease security, and leads to sooner / more deployment it seems like a win....

Does anyone object to this (for any reasons other than "You're running away from the fight, you coward!")? 
Please speak soon, as we'd love to close this out....

<chair hat>
Please don't let this dissolve into a "algorithm X is better than Y, and Z is a pile o' rubble" discussion -- while that may be true, this is not the time or place to have it....
</chair hat>

W


On Feb 25, 2011, at 4:31 PM, Warren Kumari wrote:

> Hi all,
> 
> While we are all ruminating on the other issues, I figured we might as well try address this one:
> 
> Need to specify which crypto algorithms and certificate types are mandatory to implement -- http://trac.tools.ietf.org/wg/dane/trac/ticket/21
> 
> Description:
> Currently, the draft is silent on which crypto algorithms and certificate types must be implemented for interoperability. It should be specific before the document is finished.
> 
> 
> W
> _______________________________________________
> keyassure mailing list
> keyassure@ietf.org
> https://www.ietf.org/mailman/listinfo/keyassure
>

v2.23.0 | Report a Bug | By Email