Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt
Phillip Hallam-Baker <hallam@gmail.com> Fri, 07 January 2011 14:30 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 53F983A68D8; Fri, 7 Jan 2011 06:30:53 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 783A23A68D8 for <dnsext@core3.amsl.com>; Fri, 7 Jan 2011 06:30:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.889
X-Spam-Level:
X-Spam-Status: No, score=-2.889 tagged_above=-999 required=5 tests=[AWL=-0.290, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IeDa4jxc7Ap for <dnsext@core3.amsl.com>; Fri, 7 Jan 2011 06:30:50 -0800 (PST)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by core3.amsl.com (Postfix) with ESMTP id DB9833A68BE for <dnsext@ietf.org>; Fri, 7 Jan 2011 06:30:49 -0800 (PST)
Received: by yie19 with SMTP id 19so5352537yie.31 for <dnsext@ietf.org>; Fri, 07 Jan 2011 06:32:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=bVTEe0Wud6yeNedB0T4zslRMjkiHWemFR8VFo1bw8II=; b=UQo0Tikqdqfmj8/IbYRqwNNSiXORH6uriYwE9Po5yYSnKHG4+xJ6/JxsoLr8Z9LBF3 P1ZAFjbtZ5Fa10aYW/ysR7+PoPtcC+uLCSxBeX6VLUn7dhIhXH9PeabUWDeIfdUPkBKP 6okEmmJJNUPJsbOqWvzm3/LeU3XUO+q+4CHD0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cl9FG4GesSpb2y8v8zmtJHqgUJ+lYrBnsWPW+dxfC7M52CIXsATI9exUf9x8sDzYbF Jo8jWRotK9QvYQ3u3DGIjmuFR+aJD6bXRgDS3L22z/j/OpuqGN5Xk5G3cA7/bhA1cAUu I4citZs8cKDrVRtwkebnYXn7ulxUpIK3I0JYI=
MIME-Version: 1.0
Received: by 10.100.93.6 with SMTP id q6mr3124415anb.69.1294410776267; Fri, 07 Jan 2011 06:32:56 -0800 (PST)
Received: by 10.100.31.8 with HTTP; Fri, 7 Jan 2011 06:32:56 -0800 (PST)
In-Reply-To: <Prayer.1.3.3.1101051839410.18449@hermes-2.csi.cam.ac.uk>
References: <4D014A84.5070204@ogud.com> <4D2390DE.8050409@ogud.com> <4D23A061.3060501@vpnc.org> <4D248950.3040208@ogud.com> <4D248A72.5010404@vpnc.org> <a06240801c94a3ed54f9e@10.31.200.116> <Prayer.1.3.3.1101051839410.18449@hermes-2.csi.cam.ac.uk>
Date: Fri, 07 Jan 2011 09:32:56 -0500
Message-ID: <AANLkTimnz9CBDbjXc0V2=zdM6PZnSs4_+ZaEL8CCVbXk@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: cet1@cam.ac.uk
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] Adopting draft: draft-hoffman-dnssec-ecdsa-04.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Rather than using the term 'strength' I suggest we use the term 'work factor'. The term strength tends to be interpreted relative to the algorithm concerned, 'what strength RSA key', it is not really defined as an absolute measure. Work factor using known best attack is much better defined. Although there is always going to be a degree of slop since many attacks have memory/CPu tradeoffs. But all this is really outside the parameters of what DNSEXT should have to concern itself with. What matters most in choice of cryptographic algorithm is consistency. The attacker only needs to break the weakest link in the chain. So if we have SHA3 in the DNSSEC layer and MD5 in the S/MIME we are still vulnerable. I would like to propose we change the model here. The IETF should get out of the business for issuing DNSSEC code points for any algorithm other than those which are mandatory to implement. Mandatory to implement algorithms should be specified in RFCs that apply to a collection of protocols. Working Groups would be free to decide whether to specify their own algorithms or use the common mandatory set. The advantage of using a common mandatory set being that they would be subject to ongoing maintenance and revision. So an implementation that offered DNSSEC with the 2012 crypto set might specify RFC4043 + RFC 7xxx compliance. All non-mandatory crypto would use ASN.1 OIDs to declare the algorithm type. In the case of DNSSEC this would require an approach similar to the one that the OID based CERT type uses. There would be a code point reserved for identifying the algorithm by ASN.1 oid and a defined mechanism for squeezing in the OID as a prefix to the crypto material. Some people are going to complain about the lack of control here. But that is worrying about the wrong problem. The only problems we should be concerned with are interoperability and endorsement. The only interoperability concern should be that applications that support a common algorithm be able to use it to communicate. That means that they all use the same code points to identify the same algorithm. It is not a big concern to me as people who use non standard crypto should know what to expect. It is their funeral, we should not try to stop them attending. The much bigger concern for me is endorsement. The problem with having the IETF control the registry is that making an entry into the registry implies an endorsement. Like it or not, the IETF has effectively endorsed the use of GOST, a Soviet era crypto algorithm that is being promoted for specific political reasons that I believe to be contrary to the principles of an open Internet. The fact that the OID registry is open and has no gating factor is a good thing. No gate means no endorsement. If we had used ASN.1 OIDs to identify algorithms there would be no RFC 5933, there would be no mention of GOST in RFCs at all unless there was a decision to adopt it as a mandatory to implement algorithm (which the GRU would not want in any case since their whole purpose requires use of a different algorithm). On Wed, Jan 5, 2011 at 1:39 PM, Chris Thompson <cet1@cam.ac.uk> wrote: > On Jan 5 2011, Edward Lewis wrote: > >> I'd like to see this stated in DNS terms - i.e., the notion of strength is >> not one of them. >> >> I would suggest that >> >> - the authoritative set of the DS record SHOULD include a DS RR for each >> key that is of the same hash algorithm as is used in the key and MAY have >> other hashes (and MAY even have only other hashes[1]) >> >> [1] The parenthetical comment is redundant, put it there for emphasis. >> >> - a validator SHOULD prefer the DS record of the same hash algorithm over >> other hash algorithms for a key. > > You mean that a validator should prefer a digest type 1 (SHA-1) DS over > a type 2 (SHA-256) DS if the key to be validated uses algorithm RSASHA1? > This directly contradicts the SHOULD in RFC 4509 section 3, and also > doesn't seem too sensible to me. > >> Prefer means that it SHOULD be the >> first tried and if it fails, the validator MAY declare failure without >> examining the other applicable hash algorithms. A validator MUST NOT >> require that there be a hash of the same algorithm present, with require >> meaning - if such a hash is absent, failure is not automatic. >> >> You may note that I spec "the same hash algorithm" because I don't know of >> any way to say if one hash algorithm is stronger than the next. I.e., bit >> length might be an indicator but I bet it also isn't reliable. > > It's perfectly possible for an implementor, or an operator, to have > opinions about this, though. > > -- > Chris Thompson University of Cambridge Computing Service, > Email: cet1@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH, > Phone: +44 1223 334715 United Kingdom. > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext > -- Website: http://hallambaker.com/ _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] Adopting draft: draft-hoffman-dnssec-ecd… Olafur Gudmundsson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Francis Dupont
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Alfred Hönes
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Rose, Scott W.
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Matthijs Mekking
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Olafur Gudmundsson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Olafur Gudmundsson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Olafur Gudmundsson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Edward Lewis
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Basil Dolmatov
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- [dnsext] strngths, was Re: Adopting draft:... Edward Lewis
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Chris Thompson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Basil Dolmatov
- Re: [dnsext] strngths, was Re: Adopting draft:... Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] strngths, was Re: Adopting draft:... Edward Lewis
- [dnsext] RFC 4509 was Re: Adopting draft: draft-h… Edward Lewis
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Jeffrey A. Williams
- Re: [dnsext] strngths, was Re: Adopting draft:... Paul Hoffman
- Re: [dnsext] strngths, was Re: Adopting draft:... Brian Dickson
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Francis Dupont
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Dmitry Burkov
- Re: [dnsext] strngths, was Re: Adopting draft:... Florian Weimer
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Phillip Hallam-Baker
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Florian Weimer
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Alex Bligh
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Phillip Hallam-Baker
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Paul Hoffman
- Re: [dnsext] Adopting draft: draft-hoffman-dnssec… Phillip Hallam-Baker
- Re: [dnsext] strngths, was Re: Adopting draft:... Colm MacCárthaigh