Re: [xml2rfc-dev] cryptographic signatures over xml2rfc releases should not be made with SHA1
Robert Sparks <rjsparks@nostrum.com> Wed, 17 March 2021 19:27 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: xml2rfc-dev@ietfa.amsl.com
Delivered-To: xml2rfc-dev@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFF403A1220 for <xml2rfc-dev@ietfa.amsl.com>; Wed, 17 Mar 2021 12:27:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.079
X-Spam-Level:
X-Spam-Status: No, score=-2.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FU3IP9kh7_N for <xml2rfc-dev@ietfa.amsl.com>; Wed, 17 Mar 2021 12:27:04 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 344CF3A1221 for <xml2rfc-dev@ietf.org>; Wed, 17 Mar 2021 12:27:04 -0700 (PDT)
Received: from unformal.local ([47.186.1.92]) (authenticated bits=0) by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 12HJQxjs083833 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Wed, 17 Mar 2021 14:27:00 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1616009220; bh=2NE4pxoJ2UWcCzAQzn2aZC180JHomj//L6mfjj7Kst4=; h=Subject:To:References:From:Date:In-Reply-To; b=Xna36+PTB89h7Pk/niH6h+DbdIC0SYyU9EvVD2stBcmAitzpzBtqGJjGX+NsgQMQ1 MzXkHCUnzFa5rf88rosX8L9H5z0lby50J2MINx7cdNvdafyTuqZPOmyeoaH44YsoEd 5TQsjPzZ5L1icuYMqEdZ+vPgUI2p9Q8IzGDG5gmA=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.1.92] claimed to be unformal.local
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, xml2rfc-dev@ietf.org
References: <87y2flrr5y.fsf@fifthhorseman.net>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <bc672b51-c624-5e38-de55-fe13c0439fee@nostrum.com>
Date: Wed, 17 Mar 2021 14:26:54 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <87y2flrr5y.fsf@fifthhorseman.net>
Content-Type: multipart/alternative; boundary="------------2565B941D4AE69F33F6DE4AE"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/xml2rfc-dev/F0nLqmeoKxNRCkAwqtoEDwFESgE>
Subject: Re: [xml2rfc-dev] cryptographic signatures over xml2rfc releases should not be made with SHA1
X-BeenThere: xml2rfc-dev@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about particulars of xml2rfc V3 design, development and code." <xml2rfc-dev.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xml2rfc-dev>, <mailto:xml2rfc-dev-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xml2rfc-dev/>
List-Post: <mailto:xml2rfc-dev@ietf.org>
List-Help: <mailto:xml2rfc-dev-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xml2rfc-dev>, <mailto:xml2rfc-dev-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 19:27:07 -0000
Hi Daniel - You'll have seen that 3.6.0 was just released, and this comment has not yet been addressed. It's on the list to deal with. I wanted to make sure you knew this wasn't being ignored. RjS On 2/18/21 3:40 PM, Daniel Kahn Gillmor wrote: > Hi folks-- > > I'm looking at the latest xml2rfc tarball and its OpenPGP signature: > > https://files.pythonhosted.org/packages/c0/81/21281e78fd2afb8f5dfcb92b78c9dcd621081277304e0f25df0ee7c89c64/xml2rfc-3.5.0.tar.gz > https://files.pythonhosted.org/packages/c0/81/21281e78fd2afb8f5dfcb92b78c9dcd621081277304e0f25df0ee7c89c64/xml2rfc-3.5.0.tar.gz.asc > > The signature file (the *.asc) is made using SHA-1 for the signature: > > $ pgpdump < xml2rfc-3.5.0.tar.gz.asc > Old: Signature Packet(tag 2)(540 bytes) > Ver 4 - new > Sig type - Signature of a binary document(0x00). > Pub alg - RSA Encrypt or Sign(pub 1) > Hash alg - SHA1(hash 2) > Hashed Sub: signature creation time(sub 2)(4 bytes) > Time - Wed Nov 18 05:20:56 EST 2020 > Sub: issuer key ID(sub 16)(8 bytes) > Key ID - 0x4E9B574B8FBB171A > Hash left 2 bytes - d2 9f > RSA m^d mod n(4094 bits) - ... > -> PKCS-1 > $ > > Signatures using SHA-1 have been deprecated for over a decade now. No > modern tool should generate them. > > From the Version: comment in the .asc file, it looks to me like these > signatures are being generated from the old, deprecated "classic" > version of GnuPG ("Version: GnuPG v1"). > > Henrik (or whoever else might make a future release of xml2rfc), is > there something blocking you from updating to a more modern OpenPGP > implementation for making these signatures? The GnuPG 2.2.x series > ("modern") should make signatures with sha256 (or better) by default, as > should pretty much any other OpenPGP implementation (sequoia, > openpgp.js, gopenpgp, rnp, pgpainless, etc). There's probably also a > way to coax better-than-SHA-1 signatures out of GnuPG 1.x as well, but > that toolkit is unable to deal with modern tooling like ECC keys so i > recommend upgrading anyway. > > The irony here is that i'm trying to work on the RFC for OpenPGP itself > to refresh the cryptographic requirements in that standard, and i'm > working with modern tooling that deprecates SHA-1 signatures > appropriately; and to update the xml2rfc package i want to check the > OpenPGP signature, etc. a nice little loop! > > I figure it's probably neither possible nor advisable to re-issue a > signature over xml2rfc version 3.5.0, but if you can line it up so that > signatures of future releases avoid using SHA1, that'd be great. > > --dkg > > PS The files i've fetched from the above URLs have this content (just in > case anyone wants to replicate, they can confirm that they're getting > the same thing): > > $ sha256sum * > 3ec836a9545f549707a8c8176038160185b9d08c1dd80304a906527da21bff68 xml2rfc-3.5.0.tar.gz > ef652fda6c1f7b63f22765e7df48d627ce529155f1bcb45a01e566687b4fd4eb xml2rfc-3.5.0.tar.gz.asc > $ > > > _______________________________________________ > xml2rfc-dev mailing list > xml2rfc-dev@ietf.org > https://www.ietf.org/mailman/listinfo/xml2rfc-dev
- [xml2rfc-dev] cryptographic signatures over xml2r… Daniel Kahn Gillmor
- Re: [xml2rfc-dev] cryptographic signatures over x… Robert Sparks
- Re: [xml2rfc-dev] cryptographic signatures over x… Daniel Kahn Gillmor