Re: [sidr] WGLC for draft-ietf-sidr-algorithm-agility-03

Christopher Morrow <morrowc.lists@gmail.com> Fri, 18 November 2011 06:21 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2740411E80B0 for <sidr@ietfa.amsl.com>; Thu, 17 Nov 2011 22:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.553
X-Spam-Level:
X-Spam-Status: No, score=-103.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBYtZZIrwrx7 for <sidr@ietfa.amsl.com>; Thu, 17 Nov 2011 22:21:12 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9B0B411E8097 for <sidr@ietf.org>; Thu, 17 Nov 2011 22:21:12 -0800 (PST)
Received: by iaeo4 with SMTP id o4so3945557iae.31 for <sidr@ietf.org>; Thu, 17 Nov 2011 22:21:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=Qe/fYRtbKE90ZNB4q66laLo9bBs8t1kGZPrfS4xMoSU=; b=T9Ci5a3yvdFrdgf0uYT07hJGQGRJ9NUC/2uOG9cXrLoHn+f8l0B40jNEPg53npeemv ibYcIYuWctPEjLbjR1RQAjL9MSspLVoba7pL4o2N8fL2AQWfPgdHeJFCPG2abZtLedqH 0slSTi4DpXxZCcwm9Ub+WgHlleD3XlwOlJ30g=
MIME-Version: 1.0
Received: by 10.42.176.130 with SMTP id be2mr6941icb.11.1321597272042; Thu, 17 Nov 2011 22:21:12 -0800 (PST)
Sender: christopher.morrow@gmail.com
Received: by 10.231.202.142 with HTTP; Thu, 17 Nov 2011 22:21:11 -0800 (PST)
In-Reply-To: <CAH1iCioh1em9KjhFq2vTijpAOogL4nnc5=k0Eg3NFejVVdACRQ@mail.gmail.com>
References: <CAD6DA02.1C611%terry.manderson@icann.org> <p06240803cad6af1b0ce7@193.0.26.186> <7B40776F-D906-46DA-A788-C4E9C0E758A9@verisign.com> <p06240803cad951813fd9@193.0.26.186> <CB6FE413-BEC2-4910-AEEF-98D6EAFD4E83@verisign.com> <p06240802cadde494171b@128.89.89.6> <3F1388E3-A694-42C9-AE2F-F12BF15DC86F@verisign.com> <p06240811cade1873e723@128.89.89.6> <BDA75A7E-2B2D-44A5-A18F-2D7DA01DF3A2@verisign.com> <p06240808cadf618efaa8@128.89.89.6> <E9BAE21C-A8EF-4D07-90C1-E8A5FD7F00E7@verisign.com> <p06240803cae62a2b13af@128.89.89.129> <CAH1iCiotmm47yZ_S_JyY8a0cODPFcnLe-CUSbzjYm7fdPcZDkA@mail.gmail.com> <p06240801cae63c0d5322@172.20.1.65> <CAH1iCioh1em9KjhFq2vTijpAOogL4nnc5=k0Eg3NFejVVdACRQ@mail.gmail.com>
Date: Fri, 18 Nov 2011 01:21:11 -0500
X-Google-Sender-Auth: ENM2pIcJzCW4Wzlz4TApa2LNbFA
Message-ID: <CAL9jLaa+f3Be6M1tfrD+vLaivQ0Xf4a_6CEnvaSzXJDW3dZiFQ@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-algorithm-agility-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 06:21:13 -0000

On Thu, Nov 17, 2011 at 12:50 PM, Brian Dickson
<brian.peter.dickson@gmail.com> wrote:

> Here's the thing - if all-A chains continue to exist until Phase 4,
> _and_ fallback to Suite A is required, this is a downgrade-attack
> vulnerability.
>

It seems to me that as long as there are consumers of cert material
that can not do the 'new hotness' (B in your example) you will have to
make products in the 'old and busted' form. Once everyone can do 'new
hotness', there is a relatively short period of time required to kill
off 'old and busted'.

I don't think you can get away with not making 'old and busted' until
everyone is able to plan ball, eh?

-Chris