Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 01 November 2016 21:09 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E79E81299F8; Tue, 1 Nov 2016 14:09:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.798
X-Spam-Level:
X-Spam-Status: No, score=-5.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLY7dVWxtHV9; Tue, 1 Nov 2016 14:09:05 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1215A1299E3; Tue, 1 Nov 2016 14:09:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4BB53BE4C; Tue, 1 Nov 2016 21:09:02 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OtQUM2F6lvW8; Tue, 1 Nov 2016 21:09:00 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 46408BE38; Tue, 1 Nov 2016 21:09:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1478034540; bh=cV0jAR72sOHLudbYGY8ge5Xdi9coMP36Q3SY9N0gW6o=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=gKU0z982GvEBBjldHTiBHjWgGjoCr1zL8Ic/SuHRqfiBElr1CS5TWVPIUkbw6oMdZ Nf1t0MPEvwYiXF975F9wMGuSGbKnWFAwDp+Tw170kFQiH62BY5u/4QGz7Y9MOqAvAe f3W46Y1cJG2jZVW7IaOn98/x4z57rcHQyDUNyfyM=
To: Anton Smirnov <asmirnov@cisco.com>, The IESG <iesg@ietf.org>
References: <147757226834.24715.16366455756541086706.idtracker@ietfa.amsl.com> <74bb00ca-b694-95ea-48a8-4241e3eb7e38@cisco.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <14cddbee-ebf4-6eeb-e772-4ef6f550f28b@cs.tcd.ie>
Date: Tue, 01 Nov 2016 21:09:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <74bb00ca-b694-95ea-48a8-4241e3eb7e38@cisco.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms000308030301080203020401"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/4Z2DOT7lgyzwodFYtPGH1js_blU>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 21:09:08 -0000
Hiya, On 01/11/16 18:51, Anton Smirnov wrote: > Hello Stephen, > > thanks for your comment. > > Existing DDT implementations are already using RSA-SHA1, so we cannot > simply replace it with RSA-SHA256. But we should be able to add the > latter as another signing algorithm. Really? The sha-1 weaknesses for use in signatures were found and documented in an RFC in 2005. [1] We published an RFC attempting to tidy up remaining loose ends related to sha1 for signatures in 2011. [2] Asking for rsa-sha1 now is really very far behind the state of the art. But are you talking implementations or deployments here? If mostly the former then I think you ought remove rsa-sha1 entirely and replace with rsa-sha256. That is a trivial code change and I can see no justification for not making that change. If you are talking about existing deployments please provide the argument as to why those are such that we should publish an RFC that calls for use of an obsolete signature algorithm 11 years after the initial crypto weaknesses were documented in the IETF. If there are good arguments for that a) I'll be surprised, and b) my plan would be to ask for advice from the security area - I don't think we've hit this case before where an experimental RFC wants to use such a thoroughly obsolete signature algorithm, one that would never be ok in a standards track RFC and one where it's really easy to do the right thing instead. Cheers, S. [1] https://tools.ietf.org/html/rfc4270 [2] https://tools.ietf.org/html/rfc6194 > > Authors will take in your comments in the next revision of the draft. > > Anton > > On Thursday 27 October 2016 14:44, Stephen Farrell wrote: >> Stephen Farrell has entered the following ballot position for >> draft-ietf-lisp-ddt-08: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> >> 6.4.1: RSA-SHA1 is not the right choice today, shouldn't >> this be RSA-SHA256? >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> - 6.4.1: Can you clarify what bits are signed? I'm not >> quite sure from the description given - you can have >> more than one signature but you say the the "entire >> record" is covered. >> >> - Section 8: Where's signature validation in the >> pseudo-code? >> >> >
- [lisp] Stephen Farrell's Discuss on draft-ietf-li… Stephen Farrell
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Anton Smirnov
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Anton Smirnov
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Anton Smirnov
- Re: [lisp] Stephen Farrell's Discuss on draft-iet… Anton Smirnov