IETF Logo Mail Archive

[stir] stir-06: when will RS256 die? A future-proofing question

Eric Burger <eburger@standardstrack.com> Fri, 11 December 2015 06:59 UTC

Return-Path: <eburger@standardstrack.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1060A1AC40F for <stir@ietfa.amsl.com>; Thu, 10 Dec 2015 22:59:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.887
X-Spam-Level:
X-Spam-Status: No, score=0.887 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNRNbOOMV55E for <stir@ietfa.amsl.com>; Thu, 10 Dec 2015 22:59:55 -0800 (PST)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 439011AC406 for <stir@ietf.org>; Thu, 10 Dec 2015 22:59:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject:Content-Type:From; bh=Qit8J1XN6LNErpUXeT1C1T6sDRIdqqN/aHkxKZR/DyY=; b=khE/YpVHDWfqrPR/o9vh0Pav/pcrJVBUFjcZKCsxB+GYldNSfhhQ9mlpd3weB3dBB4Kg044P5qqwhTtI6BYZlYcRZ+UcAK83z8E7skEGQAiHNsVEq10ptCgbeoU7NjUeIj3rwq1Mlr0LmT2ylsB+ITgBWpaEBL/PGXncbOvIPvg=;
Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:53943 helo=[192.168.15.111]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.85) (envelope-from <eburger@standardstrack.com>) id 1a7DGI-0007Tf-NS for stir@ietf.org; Thu, 10 Dec 2015 18:17:25 -0800
From: Eric Burger <eburger@standardstrack.com>
X-Pgp-Agent: GPGMail 2.6b2
Content-Type: multipart/signed; boundary="Apple-Mail=_C2441BCF-609F-476A-A0A9-90810026AD07"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Date: Thu, 10 Dec 2015 21:15:54 -0500
Message-Id: <6F39029F-5D45-42CA-9149-1489651A8E15@standardstrack.com>
To: stir@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
X-Mailer: Apple Mail (2.3096.5)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
Archived-At: <http://mailarchive.ietf.org/arch/msg/stir/I3nIcpAfcyOwcpxqqFVInec3FfU>
Subject: [stir] stir-06: when will RS256 die? A future-proofing question
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2015 06:59:56 -0000

Section 7 states:
   Any further values MUST
   be defined in a Standards Track RFC, see Section 12.2 for more
   information.  All implementations of this specification MUST support
   'RS256'[EB1] .

So when RS256 gets compromised, we have to reissue the entire 4474bis? Or, is this a built-in downgrade attack? Maybe "MUST support 'RS256' until RS256 becomes deprecated.” Or, maybe, since we directly say to have a new algorithm requires a Standards Track RFC, such RFC could update this one. If we are thinking that, then we should say something like “check the RFC Editor data base for updates for this specification.” I know, people should do that no matter what they are doing, but who does? This is something important, and could be a downgrade attack if we do not.

v2.30.2 | Report a Bug | By Email | System Status