IETF Logo Mail Archive

Re: [stir] Choice of STIR signature algorithm

Russ Housley <housley@vigilsec.com> Mon, 09 May 2016 20:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2EED12D150 for <stir@ietfa.amsl.com>; Mon, 9 May 2016 13:37:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJ07eZT7-v8z for <stir@ietfa.amsl.com>; Mon, 9 May 2016 13:37:16 -0700 (PDT)
Received: from mail.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id D48C812D110 for <stir@ietf.org>; Mon, 9 May 2016 13:37:15 -0700 (PDT)
Received: from localhost (ronin.smetech.net [209.135.209.5]) by mail.smetech.net (Postfix) with ESMTP id A916FF24036; Mon, 9 May 2016 16:37:15 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from mail.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id v4SblNLV7o-L; Mon, 9 May 2016 16:20:34 -0400 (EDT)
Received: from [10.128.112.181] (unknown [207.43.147.50]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.smetech.net (Postfix) with ESMTP id 157E2F24013; Mon, 9 May 2016 16:37:15 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <2C466A8A-D638-49AE-9698-699D67762FF1@standardstrack.com>
Date: Mon, 09 May 2016 16:37:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EED4C512-B57C-47EC-9CE4-07C64365D246@vigilsec.com>
References: <D32953D1.4770F%john.mattsson@ericsson.com> <1A843300-AEB7-4EC6-8256-C88F6847B82E@neustar.biz> <D329995E.477D9%john.mattsson@ericsson.com> <A3723DBB-476C-4F22-95E0-37AE0872FBBD@shockey.us> <F4F09888-780B-4725-9A74-AD2EF661C5C0@vigilsec.com> <0DD82221-E79D-4F15-B2B5-93165EC98919@shockey.us> <570534D4.6010707@nostrum.com> <5195FEBC-8395-4E77-B768-2B2D81144121@shockey.us> <56DF2D20-9381-45CB-8057-6B1AB99B05E9@chriswendt.net> <BB4B8171-BF3E-4D3F-B81B-73AC9768ED75@shockey.us> <D3316C0C.485E4%john.mattsson@ericsson.com> <2EC06927-2614-491E-A499-C86ABB30573C@chriswendt.net> <26AE9662-B919-4B22-AFF8-45CF351AA03F@vigilsec.com> <2C466A8A-D638-49AE-9698-699D67762FF1@standardstrack.com>
To: Eric Burger <eburger@standardstrack.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/BJuf_6yFCpV0l8BElxeTS6_KwkM>
Cc: IETF STIR Mail List <stir@ietf.org>
Subject: Re: [stir] Choice of STIR signature algorithm
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2016 20:37:18 -0000

I would rather be a bit more granular.

	MUST support ECDSA for PASSporT signatures
	SHOULD support RSA PKCS#1 v1.5 for PASSporT signatures

and

	MUST support ECDSA for certificate signatures
	MUST support RSA PKCS#1 v1.5 for certificate signatures

Then, we should say something to product planners that at some point in the future, we expect support for RSA to be downgraded.

Russ


On May 6, 2016, at 10:18 AM, Eric Burger <eburger@standardstrack.com> wrote:

> FINALLY, a cogent *engineering* reason for needing RSA.
> 
> How about:
> 	MUST support ECDSA
> 	SHOULD support RSA unless you know you will not need it
> 
> Rationale:
> ECDSA is ubiquitous today. ECDSA has lots of deployment advantages. Pretty much everything else s*cks in comparison.
> 
> However, especially for delegated certificates, there is a chance that one of the intermediate certificates will not be signed with ECDSA but with RSA. As such, if you know you will be deployed in such an environment, RSA is OK.
> 
> I would also suggest putting in a toxic waste warning in the document that the support of RSA is *not* a built-in downgrade attack. This is something that is covered by policy, not necessarily engineering. As such, a note to the implementor suggesting that if they know they should only see ECDSA (or better) signatures, they can feel free to reject an INVITE signed with RSA, even if it looks legitimate.
> 
>> On Apr 12, 2016, at 4:57 PM, Russ Housley <housley@vigilsec.com> wrote:
>> 
>> 
>>> I don’t know why so much of the discussion during the Tuesday meeting was
>>> about root certificates. As Eric pointed out on the mail, it is not hard
>>> to get a ECDSA certificate as Digicert, Entrust, Globalising, Symantec,
>>> Certicom, Comodo, and soon Let’s encrypt will happily give you one. As
>>> Russ pointed out most (or all) of these ECDSA certificates will be signed
>>> by a RSA root certificate. But root certificates and verification of the
>>> credentials seems to be out of scope of STIR and does not affect the
>>> PASSporT object. As far as I understand, the only thing STIR should
>>> specify is verification of the PASSporT object.
>> 
>> We will need to say that the validation will include RFC 5280 path validation to a trust anchor.  This means that the signature on each certificate will be validated.  So, for quite some time we will need to be able to validate RSA PKCS#1 v1.5 signatures, either on the PASSporT object or on a certificate, even if we state a strong preference for ECDSA.
>> 
>> Russ
>> 
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.29.0 | Report a Bug | By Email | System Status