Re: [secdir] secdir review of draft-kucherawy-authres-header-b-02

"Murray S. Kucherawy" <msk@cloudmark.com> Thu, 10 June 2010 04:38 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A56E3A6985 for <secdir@core3.amsl.com>; Wed, 9 Jun 2010 21:38:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[AWL=-2.001, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWv8YIETl7A4 for <secdir@core3.amsl.com>; Wed, 9 Jun 2010 21:38:10 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.35]) by core3.amsl.com (Postfix) with ESMTP id 89EB03A6898 for <secdir@ietf.org>; Wed, 9 Jun 2010 21:38:10 -0700 (PDT)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.1.71]) with mapi; Wed, 9 Jun 2010 21:38:12 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>
Date: Wed, 9 Jun 2010 21:38:11 -0700
Thread-Topic: secdir review of draft-kucherawy-authres-header-b-02
Thread-Index: AcsIKvCxJ08bWbICRvSc+liNi1UsfQAK2LmA
Message-ID: <BB012BD379D7B046ABE1472D8093C61C01F408E995@EXCH-C2.corp.cloudmark.com>
References: <4C1022B6.7000500@cs.tcd.ie>
In-Reply-To: <4C1022B6.7000500@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 10 Jun 2010 06:49:50 -0700
Subject: Re: [secdir] secdir review of draft-kucherawy-authres-header-b-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2010 04:38:11 -0000

Hi Stephen, thanks for the review!

> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Wednesday, June 09, 2010 4:25 PM
> To: Murray S. Kucherawy; secdir@ietf.org
> Subject: secdir review of draft-kucherawy-authres-header-b-02
> 
> 1. What if someone defines a MACing scheme for DKIM with
>    a teensy-weensy MAC? There might be no way to get 8
>    characters then. Suggest allowing the full authenticator
>    in that case if its <8 bytes long. Very unlikely but
>    maybe worth a sentence.

I had that in originally, but a LC reviewer suggested it be removed on the grounds that such a signature method is collision-prone, and thus this spec should try not to support it.  Instead, I think I'll add it back in with a new subsection in Security Considerations making this concern clear and reminding consumers that collisions must be ignored.

> 2. Apppendix A says:
> 
>   "Presumably due to a change in one of the five header fields covered
>    by the two signatures, the former signature failed to verify while
>    the latter passed."
> 
>    I think that could only happen if they use different c14n, if
>    so maybe say so. Or could be better to say the results may
>    differ due for key mgmt reasons (e.g. an inaccessible public key)
>    or because the signature values have been corrupted. Reason to
>    prefer those is that they're more likely. (Or am I missing
>    something?)

An inaccessible key produces a result of "neutral" or "temperror" (I forget which) so a "fail" would only be the former case of one c14n surviving while the other didn't.  I'll add a little more explanatory text to point that out.

Cheers,
-MSK