IETF Logo Mail Archive

Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt

Phillip Hallam-Baker <hallam@gmail.com> Fri, 07 January 2011 15:44 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2C153A6905; Fri, 7 Jan 2011 07:44:38 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DFC863A6903 for <dnsext@core3.amsl.com>; Fri, 7 Jan 2011 07:44:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.662
X-Spam-Level:
X-Spam-Status: No, score=-3.662 tagged_above=-999 required=5 tests=[AWL=-0.063, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k8e21tQ9UjGp for <dnsext@core3.amsl.com>; Fri, 7 Jan 2011 07:44:36 -0800 (PST)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id 88BFD3A6905 for <dnsext@ietf.org>; Fri, 7 Jan 2011 07:44:36 -0800 (PST)
Received: by gwj17 with SMTP id 17so9369644gwj.31 for <dnsext@ietf.org>; Fri, 07 Jan 2011 07:46:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kV+7q7oXG1PdfKBmNAasIfB0kdx3J3iuROl2WyIe+l4=; b=u4T/8obaaIF+eATgql8MDGQgPD7dAT4YIoZaJRl/5VVtDoIn3V9pQsg4sgw4rIqQ7s ye7xFJ9gj+avYqKARhJGNneXUz7J6V8r7XVOYMYl8TdIcRfQ8ampQCnXrKg6lXAmn961 cfdgvtZarTSG5zSIDlxG1U3VuYFDV7aPEe31g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=YwzHzYeCOisEF4y1SF1DlALUv50PU/Q9Xb0o9ecy2G+aLJi9UvWnMukejBGdyjOO60 Nd0JHjkvgSq0IqS1oQkKzjQIMRxbNPflYaCmaKvlRjYE9sTv6xl7cvXhtfXcvLdFs/qL odI520W8Qg8aW7hyT+H4f30s07OB462PX6swY=
MIME-Version: 1.0
Received: by 10.100.255.4 with SMTP id c4mr247814ani.205.1294415203086; Fri, 07 Jan 2011 07:46:43 -0800 (PST)
Received: by 10.100.31.8 with HTTP; Fri, 7 Jan 2011 07:46:42 -0800 (PST)
In-Reply-To: <359091FCD895EA0C271718D9@Ximines.local>
References: <4D014A84.5070204@ogud.com> <4D2390DE.8050409@ogud.com> <4D23A061.3060501@vpnc.org> <4D248950.3040208@ogud.com> <4D248A72.5010404@vpnc.org> <a06240801c94a3ed54f9e@10.31.200.116> <Prayer.1.3.3.1101051839410.18449@hermes-2.csi.cam.ac.uk> <AANLkTimnz9CBDbjXc0V2=zdM6PZnSs4_+ZaEL8CCVbXk@mail.gmail.com> <359091FCD895EA0C271718D9@Ximines.local>
Date: Fri, 07 Jan 2011 10:46:42 -0500
Message-ID: <AANLkTimVJbUbH4rb2bBFOQwF6znJ0Sr5kFXqQ+SPi3H7@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Alex Bligh <alex@alex.org.uk>
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

There are two issues here:

1) Different OIDs assigned to the same algorithm with the same parameters.

2) Algorithms that take parameters that lead to different OID assignments.


In the first case we did at one point have an ambiguity where an IETF
WG got the idea that it should ignore the existing OID assignments and
assign OIDs in the IETF arc.

It is now understood that that was a mistake and should not be repeated.

If we moved to the scheme I propose it would make sense for the IETF
to maintain a registry of mandated algorithms and the ASN.1 OIDs
mandated for use in those protocols that use them. But part of the
point of getting the IETF out of the business of registering code
points for non-mandatory crypto would be to discourage use.


In the second case we have frequently ended up with different OIDs for
incompatible variations of the same algorithm. But this is exactly
what we want.

For example, we have had at least three different packaging formats
for RSA signatures over the years. The packaging formats are
incompatible and a verifier can only verify a signature if it supports
the precise packaging format used to create the signature. So even
though the public key algorithm is the same, the implementation is
different and we need to use a different identifier if we are going to
have interoperability.


ECC is a little bit of a unique case since there are parameters and
options and much more complexity than we have had to cope with in the
past.

But even so, I don't see a lot of value in having different protocols
choose different sets of options. At the end of the day consistency is
going to be far more useful than any benefit we might gain from those
options.



On Fri, Jan 7, 2011 at 10:26 AM, Alex Bligh <alex@alex.org.uk> wrote:
>
>
> --On 7 January 2011 09:32:56 -0500 Phillip Hallam-Baker <hallam@gmail.com>
> wrote:
>
>> All non-mandatory crypto would use ASN.1 OIDs to declare the algorithm
>> type. In the case of DNSSEC this would require an approach similar to
>> the one that the OID based CERT type uses. There would be a code point
>> reserved for identifying the algorithm by ASN.1 oid and a defined
>> mechanism for squeezing in the OID as a prefix to the crypto material.
>
> ...
>>
>> The only interoperability concern should be that applications that
>> support a common algorithm be able to use it to communicate. That
>> means that they all use the same code points to identify the same
>> algorithm.
>
> ...
>>
>> The fact that the OID registry is open and has no gating factor is a
>> good thing. No gate means no endorsement. If we had used ASN.1 OIDs to
>> identify algorithms there would be no RFC 5933, there would be no
>> mention of GOST in RFCs at all unless there was a decision to adopt it
>> as a mandatory to implement algorithm (which the GRU would not want in
>> any case since their whole purpose requires use of a different
>> algorithm).
>
>
> Q: is there sufficient standardisation within the ASN.1 OIDs that if a new
> crypto type FOO comes along, then 2 implementations, working solely from
> the OID, they can necessarily interoperate? IE will they thoroughly specify
> whether FOO options X and Y have to be supported, wire format, etc? To
> illustrate what I mean, I include below a section from the OpenSSH-5.7
> testing release notes. I know ssh != DNSSEC, but I suspect support for a
> new algorithm might not be as simply described as whether a single ID.
>
> --
> Alex Bligh
>
>
>
>
> * Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
>  and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
>  offer better performance than plain DH and DSA at the same equivalent
>  symmetric key length, as well as much shorter keys.
>
>  Only the mandatory sections of RFC5656 are implemented, specifically
>  the three REQUIRED curves nistp256, nistp384 and nistp521 and only
>  ECDH and ECDSA. Point compression (optional in RFC5656) is NOT
>  implemented.
>
>  Certificate host and user keys using the new ECDSA key types are
>  supported - an ECDSA key may be certified, and an ECDSA key may act
>  as a CA to sign certificates.
>
>  ECDH in a 256 bit curve field is the preferred key agreement
>  algorithm when both the client and server support it. ECDSA host
>  keys are preferred when learning a host's keys for the first time.
>
>



-- 
Website: http://hallambaker.com/
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email