[xml2rfc-dev] cryptographic signatures over xml2rfc releases should not be made with SHA1
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 18 February 2021 21:40 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: xml2rfc-dev@ietfa.amsl.com
Delivered-To: xml2rfc-dev@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC9333A18BB for <xml2rfc-dev@ietfa.amsl.com>; Thu, 18 Feb 2021 13:40:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=x6LJyiAg; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=h0jm68DM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovspQQTwZq0F for <xml2rfc-dev@ietfa.amsl.com>; Thu, 18 Feb 2021 13:40:29 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CEE3A18B8 for <xml2rfc-dev@ietf.org>; Thu, 18 Feb 2021 13:40:29 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1613684428; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=aQKhucWxUsPYxScm2HRyLsuNQhoFCi33OqNJ4tfLScU=; b=x6LJyiAgZ4S1omZI3m8H4lgHHmov1enjkm8IUB+enE+H2HvUEfoMxut/Fw2/k82eZ50l1 b+NCJ3IlkqTwoqmCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1613684428; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=aQKhucWxUsPYxScm2HRyLsuNQhoFCi33OqNJ4tfLScU=; b=h0jm68DMt+PB6nokVD1gtlSaIVYIo0xydnPqrmohSYfYn/IFWcBVIm/GHNk+K3ljNSSzr +aqkn6TFcSXjT4X3Cb1aitWLo7x88J3O9cd+mD83VJ7m3dqj3FS6Q43idVxb8cn80M5hxz/ RwmV3ty8N6t5//0bzj4klQly246YvCutkAWFia50P7+eUA/l6Q8j622L+t6/sfb7sZDBVQ0 Lp05kaPpjwDJlLYrH53/HoJQFIGh27dKKbCMwH1a0czilhFz3dwBOkpbLVMP51SzsRzP52X 94Rrq/yJg4WkD4BFQxqeqFei4Ol8Je1RqWwewN2HhTjaumZgBTr9pY44jYgA==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 90BA9F9A6 for <xml2rfc-dev@ietf.org>; Thu, 18 Feb 2021 16:40:28 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 83894204BF; Thu, 18 Feb 2021 16:40:10 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: xml2rfc-dev@ietf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 18 Feb 2021 16:40:09 -0500
Message-ID: <87y2flrr5y.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/xml2rfc-dev/G89V9M7_qSGxDVBb0QpSIqzznVc>
Subject: [xml2rfc-dev] cryptographic signatures over xml2rfc releases should not be made with SHA1
X-BeenThere: xml2rfc-dev@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about particulars of xml2rfc V3 design, development and code." <xml2rfc-dev.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xml2rfc-dev>, <mailto:xml2rfc-dev-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xml2rfc-dev/>
List-Post: <mailto:xml2rfc-dev@ietf.org>
List-Help: <mailto:xml2rfc-dev-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xml2rfc-dev>, <mailto:xml2rfc-dev-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 21:40:32 -0000
Hi folks-- I'm looking at the latest xml2rfc tarball and its OpenPGP signature: https://files.pythonhosted.org/packages/c0/81/21281e78fd2afb8f5dfcb92b78c9dcd621081277304e0f25df0ee7c89c64/xml2rfc-3.5.0.tar.gz https://files.pythonhosted.org/packages/c0/81/21281e78fd2afb8f5dfcb92b78c9dcd621081277304e0f25df0ee7c89c64/xml2rfc-3.5.0.tar.gz.asc The signature file (the *.asc) is made using SHA-1 for the signature: $ pgpdump < xml2rfc-3.5.0.tar.gz.asc Old: Signature Packet(tag 2)(540 bytes) Ver 4 - new Sig type - Signature of a binary document(0x00). Pub alg - RSA Encrypt or Sign(pub 1) Hash alg - SHA1(hash 2) Hashed Sub: signature creation time(sub 2)(4 bytes) Time - Wed Nov 18 05:20:56 EST 2020 Sub: issuer key ID(sub 16)(8 bytes) Key ID - 0x4E9B574B8FBB171A Hash left 2 bytes - d2 9f RSA m^d mod n(4094 bits) - ... -> PKCS-1 $ Signatures using SHA-1 have been deprecated for over a decade now. No modern tool should generate them. From the Version: comment in the .asc file, it looks to me like these signatures are being generated from the old, deprecated "classic" version of GnuPG ("Version: GnuPG v1"). Henrik (or whoever else might make a future release of xml2rfc), is there something blocking you from updating to a more modern OpenPGP implementation for making these signatures? The GnuPG 2.2.x series ("modern") should make signatures with sha256 (or better) by default, as should pretty much any other OpenPGP implementation (sequoia, openpgp.js, gopenpgp, rnp, pgpainless, etc). There's probably also a way to coax better-than-SHA-1 signatures out of GnuPG 1.x as well, but that toolkit is unable to deal with modern tooling like ECC keys so i recommend upgrading anyway. The irony here is that i'm trying to work on the RFC for OpenPGP itself to refresh the cryptographic requirements in that standard, and i'm working with modern tooling that deprecates SHA-1 signatures appropriately; and to update the xml2rfc package i want to check the OpenPGP signature, etc. a nice little loop! I figure it's probably neither possible nor advisable to re-issue a signature over xml2rfc version 3.5.0, but if you can line it up so that signatures of future releases avoid using SHA1, that'd be great. --dkg PS The files i've fetched from the above URLs have this content (just in case anyone wants to replicate, they can confirm that they're getting the same thing): $ sha256sum * 3ec836a9545f549707a8c8176038160185b9d08c1dd80304a906527da21bff68 xml2rfc-3.5.0.tar.gz ef652fda6c1f7b63f22765e7df48d627ce529155f1bcb45a01e566687b4fd4eb xml2rfc-3.5.0.tar.gz.asc $
- [xml2rfc-dev] cryptographic signatures over xml2r… Daniel Kahn Gillmor
- Re: [xml2rfc-dev] cryptographic signatures over x… Robert Sparks
- Re: [xml2rfc-dev] cryptographic signatures over x… Daniel Kahn Gillmor