Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05

Eric Rescorla <ekr@networkresonance.com> Sat, 09 January 2010 16:54 UTC

Return-Path: <ekr@networkresonance.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB8FE3A689B for <secdir@core3.amsl.com>; Sat, 9 Jan 2010 08:54:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.451
X-Spam-Level:
X-Spam-Status: No, score=0.451 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPX9nSq2RqfS for <secdir@core3.amsl.com>; Sat, 9 Jan 2010 08:54:34 -0800 (PST)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 2C9753A6846 for <secdir@ietf.org>; Sat, 9 Jan 2010 08:54:33 -0800 (PST)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id 59F9C6CC90C; Sat, 9 Jan 2010 08:57:02 -0800 (PST)
Date: Sat, 09 Jan 2010 08:57:01 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Uri Blumenthal <uri@MIT.EDU>
In-Reply-To: <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu>
References: <p06240810c76be77be756@[128.89.89.161]> <20100107222809.GA25747@shinkuro.com> <p06240818c76c1a38cbf8@[128.89.89.161]> <20100108144431.GB26259@shinkuro.com> <p06240812c76d0821dd1b@[10.20.30.158]> <20100108113528.gbmbl95nok8gsgwc@webmail.mit.edu>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20100109165702.59F9C6CC90C@kilo.networkresonance.com>
Cc: secdir@ietf.org
Subject: Re: [secdir] review of draft-ietf-dnsext-dnssec-gost-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jan 2010 16:54:35 -0000

I agree as well.

-Ekr

At Fri, 08 Jan 2010 11:35:28 -0500,
Uri Blumenthal wrote:
> 
> I am in full agreement with the arguments Paul and Steve have made.
> 
> Keep GOST as MAY.
> 
> Quoting Paul Hoffman <phoffman@imc.org>rg>:
> > To take it one step further: a signing algorithm that is easily 
> > broken opens up a new attack vector. Imagine that all DNSSEC "client" 
> > implementations (resolvers) need to support two algorithms, A and B. 
> > If A and B are of actual equal strength, an attacker has an equal 
> > problem. However, if B is found to have weaknesses that allows an 
> > attacker to forge signatures, that attacker then can create a bogus 
> > chain to a trust anchor using B in the entire path.
> >
> > It is for this reason that DNSSEC does not, for example, require that 
> > resolvers MUST be able to validate RSA signatures with 256-bit keys. 
> > However, by saying that resolvers MUST be able to validate anything 
> > other than the widely-agreed-to algorithms, you are opening up such 
> > an attack.
> >
> > GOST signatures use a hash algorithm that has a known academic 
> > attack. Thus, even if the GOST asymmetric encryption algorithm is as 
> > strong as RSA with the size of keys that people are using, the 
> > overall signing algorithm may be weaker. This is *not* an argument 
> > that Russia should not use GOST: they have made their own security 
> > decisions based on the same knowledge that we have (and possibly 
> > more). It is, however, an argument against making everyone else be 
> > able to verify GOST signatures as if they were equivalent to other 
> > mandatory-to-implement signature algorithms.
> > _______________________________________________
> > secdir mailing list
> > secdir@ietf.org
> > https://www.ietf.org/mailman/listinfo/secdir
> >
> 
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir