IETF Logo Mail Archive

Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 04 November 2016 16:27 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 569E41294EA; Fri, 4 Nov 2016 09:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.798
X-Spam-Level:
X-Spam-Status: No, score=-5.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDPfGdzel3w8; Fri, 4 Nov 2016 09:27:03 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A6511295B1; Fri, 4 Nov 2016 09:27:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B0093BE4C; Fri, 4 Nov 2016 16:27:01 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6m67D0WooVt; Fri, 4 Nov 2016 16:27:01 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D6CCCBE47; Fri, 4 Nov 2016 16:27:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1478276821; bh=vGsqd1PyvO66PZ7+w+5mA/JDGNUGV2A7qCFZwKzOuJY=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=n8rnwCgWjLY1XlIQnCDRdUxejonUYrhKNUYV3fKyMKu3IcWk87cFqm54zn3jpLr3F HStugz2Rw7j56VJPueqBMryoeP/9oEuFzVzu0BGNcAAxSR2AmCztsU6pg3YLhEIicH +kuUj/EVy5kiQ6ragWO7Smu2gOmd3cyrxWvoc5pc=
To: Anton Smirnov <asmirnov@cisco.com>, The IESG <iesg@ietf.org>
References: <147757226834.24715.16366455756541086706.idtracker@ietfa.amsl.com> <74bb00ca-b694-95ea-48a8-4241e3eb7e38@cisco.com> <14cddbee-ebf4-6eeb-e772-4ef6f550f28b@cs.tcd.ie> <29496480-ebe1-2c3d-4ba5-2f814774f5f1@cisco.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <70451832-0828-3108-9f9c-1c706eb1322d@cs.tcd.ie>
Date: Fri, 04 Nov 2016 16:27:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <29496480-ebe1-2c3d-4ba5-2f814774f5f1@cisco.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060301050709040508030906"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/R4tHODCGtqNbIvNrwNvyHGabVXY>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 16:27:05 -0000

Hiya,

On 04/11/16 16:12, Anton Smirnov wrote:
>    Hi Stephen,
> 
>    will it be OK if we mark in the document security algorithm 1 as
> reserved without even elaborating that it is/was RSA-SHA1 and the only
> security algorithm specified in the RFC will be 2 == RSA-SHA256 ?
> 
>    This will ensure that whoever is using algorithm 1 will not run into
> compatibility issues but RSA-SHA1 will be clearly non-RFC-compliant.

How about defining alg=1 as rsa-sha1 and marking that as
deprecated with alg=2 as rsa-sha256 as the MUST implement?
(I don't care myself if you have an IANA registry for those
yet or not, doing it in text is fine.)

S

> 
> Anton
> 
> On Tuesday 01 November 2016 22:09, Stephen Farrell wrote:
>> Hiya,
>>
>> On 01/11/16 18:51, Anton Smirnov wrote:
>>>     Hello Stephen,
>>>
>>>     thanks for your comment.
>>>
>>>    Existing DDT implementations are already using RSA-SHA1, so we cannot
>>> simply replace it with RSA-SHA256. But we should be able to add the
>>> latter as another signing algorithm.
>> Really? The sha-1 weaknesses for use in signatures were
>> found and documented in an RFC in 2005. [1] We published
>> an RFC attempting to tidy up remaining loose ends related
>> to sha1 for signatures in 2011. [2] Asking for rsa-sha1 now
>> is really very far behind the state of the art.
>>
>> But are you talking implementations or deployments here?
>> If mostly the former then I think you ought remove rsa-sha1
>> entirely and replace with rsa-sha256. That is a trivial
>> code change and I can see no justification for not making
>> that change.
>>
>> If you are talking about existing deployments please
>> provide the argument as to why those are such that we
>> should publish an RFC that calls for use of an obsolete
>> signature algorithm 11 years after the initial crypto
>> weaknesses were documented in the IETF. If there are good
>> arguments for that a) I'll be surprised, and b) my plan
>> would be to ask for advice from the security area - I
>> don't think we've hit this case before where an experimental
>> RFC wants to use such a thoroughly obsolete signature
>> algorithm, one that would never be ok in a standards
>> track RFC and one where it's really easy to do the right
>> thing instead.
>>
>> Cheers,
>> S.
>>
>> [1] https://tools.ietf.org/html/rfc4270
>> [2] https://tools.ietf.org/html/rfc6194
>>
>>
>>>     Authors will take in your comments in the next revision of the
>>> draft.
>>>
>>> Anton
>>>
>>> On Thursday 27 October 2016 14:44, Stephen Farrell wrote:
>>>> Stephen Farrell has entered the following ballot position for
>>>> draft-ietf-lisp-ddt-08: Discuss
>>>>
>>>> When responding, please keep the subject line intact and reply to all
>>>> email addresses included in the To and CC lines. (Feel free to cut this
>>>> introductory paragraph, however.)
>>>>
>>>>
>>>> Please refer to
>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>
>>>>
>>>> The document, along with other ballot positions, can be found here:
>>>> https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>> DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>>> 6.4.1: RSA-SHA1 is not the right choice today, shouldn't
>>>> this be RSA-SHA256?
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>> COMMENT:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>>> - 6.4.1: Can you clarify what bits are signed? I'm not
>>>> quite sure from the description given - you can have
>>>> more than one signature but you say the the "entire
>>>> record" is covered.
>>>>
>>>> - Section 8: Where's signature validation in the
>>>> pseudo-code?
>>>>
>>>>
>

v2.23.0 | Report a Bug | By Email