Re: [secdir] secdir review of draft-kucherawy-authres-header-b-02

"Murray S. Kucherawy" <> Thu, 10 June 2010 04:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5A56E3A6985 for <>; Wed, 9 Jun 2010 21:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[AWL=-2.001, BAYES_50=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UWv8YIETl7A4 for <>; Wed, 9 Jun 2010 21:38:10 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 89EB03A6898 for <>; Wed, 9 Jun 2010 21:38:10 -0700 (PDT)
Received: from ([]) by ([]) with mapi; Wed, 9 Jun 2010 21:38:12 -0700
From: "Murray S. Kucherawy" <>
To: Stephen Farrell <>, "" <>
Date: Wed, 9 Jun 2010 21:38:11 -0700
Thread-Topic: secdir review of draft-kucherawy-authres-header-b-02
Thread-Index: AcsIKvCxJ08bWbICRvSc+liNi1UsfQAK2LmA
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 10 Jun 2010 06:49:50 -0700
Subject: Re: [secdir] secdir review of draft-kucherawy-authres-header-b-02
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Jun 2010 04:38:11 -0000

Hi Stephen, thanks for the review!

> -----Original Message-----
> From: Stephen Farrell []
> Sent: Wednesday, June 09, 2010 4:25 PM
> To: Murray S. Kucherawy;
> Subject: secdir review of draft-kucherawy-authres-header-b-02
> 1. What if someone defines a MACing scheme for DKIM with
>    a teensy-weensy MAC? There might be no way to get 8
>    characters then. Suggest allowing the full authenticator
>    in that case if its <8 bytes long. Very unlikely but
>    maybe worth a sentence.

I had that in originally, but a LC reviewer suggested it be removed on the grounds that such a signature method is collision-prone, and thus this spec should try not to support it.  Instead, I think I'll add it back in with a new subsection in Security Considerations making this concern clear and reminding consumers that collisions must be ignored.

> 2. Apppendix A says:
>   "Presumably due to a change in one of the five header fields covered
>    by the two signatures, the former signature failed to verify while
>    the latter passed."
>    I think that could only happen if they use different c14n, if
>    so maybe say so. Or could be better to say the results may
>    differ due for key mgmt reasons (e.g. an inaccessible public key)
>    or because the signature values have been corrupted. Reason to
>    prefer those is that they're more likely. (Or am I missing
>    something?)

An inaccessible key produces a result of "neutral" or "temperror" (I forget which) so a "fail" would only be the former case of one c14n surviving while the other didn't.  I'll add a little more explanatory text to point that out.