From nobody Thu Sep 7 04:20:23 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060331326ED for ; Thu, 7 Sep 2017 04:20:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xC92EeHu3Kj1 for ; Thu, 7 Sep 2017 04:20:20 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41F35132D62 for ; Thu, 7 Sep 2017 04:20:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1504783215; bh=ONdVlGQvjMtjolGWx5l/wbwq5BYR1sjG7JKycChzXLY=; l=3077; h=From:To:Date; b=EiixZ+MsPLFQLWHs0//4jWavUNmttXj0xEGQxMVsNimtt63nCJRxqWz3+PCEoelS8 ajDyZEJWTRwu6Kg+epGfd7z7DTfJnyn22z7dciBPXHrgOFf+KTru3YrDnIJLVOQxuD cXSQIfo/EEDtxm/IO5fV2UhbJMpME6c6k8EDjFt4= Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 07 Sep 2017 13:20:15 +0200 id 00000000005DC085.0000000059B12B6F.0000751A From: Alessandro Vesely Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00 To: dcrup@ietf.org Message-ID: <2e2ff25d-d8a7-f1e5-b5fc-9de0b1013996@tana.it> Date: Thu, 7 Sep 2017 13:20:15 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [Dcrup] Nits and bolts of draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 11:20:22 -0000 Hi all, some points in the document seem to be amendable. *Introduction* The first sentence is garbled: DKIM [RFC6376] signs e-mail messages, by creating hashes of the message headers and content and signing the header hash with a digital signature. Traditional email literature, e.g. rfc5322, set header against body, and envelope against content. Above, content is mentioned but only the header hash is surmised to be signed. Usually, "signing with a digital signature" implies the use of hashes without saying, doesn't it? Perhaps that sentence wants to say that DKIM carefully defines its own hashing algorithms? I'd truncate the first sentence at the comma. In the last sentence, s/fits in a a 256/fits in a 256/. Possibly, the preceding "and a key fingerprint" could be "and a public key fingerprint", so as to match the title of Section 3 literally. *Public key fingerprints* This section should also explain the obvious --but maybe not to all-- notion that storing the hash of the public key does prove the ownership of a domain by the same logic that storing the whole key does (albeit the latter may also imply the availability of better tools). Hence, the point of DKIM "to claim some responsibility for a message by associating the domain with the message" is fully attained by the new "fp" technique. Why didn't p= have an url pointing to the key? If the key is long, that would seem to be convenient. Personally, I view the requirement of enlarging each message by the size of the key as a sort of punishment for not being able to set up the DNS well enough. If there is a better explanation, it might be worth giving it. In the last but one paragraph, s/it included in the signature/it is included in the signature/. *Signature syntax* The p= public key is OPTIONAL, unless a=rsafp-sha256. Formally, an rsafp without public key does not verify, but is still syntactically correct. A different position needs a version bump, lest existing signatures without p= become invalid. The q= tag deserves being updated too. While there are no formal changes, the description given in rfc6376, "query methods used to retrieve the public key", is no longer valid, as those methods are going to be used also to retrieve a fingerprint. *Transition Considerations* The strategy outlined, to use different selectors, sounds correct. However, not all DMARC aggregate reports include the selector, perhaps because it is not saved in Authentication-Results header fields. If it is not bureaucratically cumbersome to point out that issue, an audience of developers might find it useful and improve their code. *Duplicate Signature Key Selection* The second sentence, 1st par., sounds incomplete: The primary motivation for this design is allowing for a smaller key representation of larger public keys. Would the following (s/key/DNS/) be any better? The primary motivation for this design is allowing for a smaller DNS representation of larger public keys. Regards Ale From nobody Sat Sep 9 04:40:04 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A611326F3 for ; Sat, 9 Sep 2017 04:40:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgL-eN_MEw9H for ; Sat, 9 Sep 2017 04:40:01 -0700 (PDT) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AA5C1321A1 for ; Sat, 9 Sep 2017 04:40:01 -0700 (PDT) Received: from [46.33.133.68] (helo=lap.dom.ain) from_AS 51561 by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89.115) id 1dqe7D-00042s-Hv for dcrup@ietf.org (return-path ); Sat, 09 Sep 2017 11:39:59 +0000 To: dcrup@ietf.org From: Jeremy Harris Message-ID: <76507284-3767-ae7d-df99-c9dacc73e88c@wizmail.org> Date: Sat, 9 Sep 2017 12:39:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pcms-Received-Sender: [46.33.133.68] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: [Dcrup] dkim bleeding-edge X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2017 11:40:03 -0000 Does anyone have an MTA running with DKIM rsa-sha512 support? I need a test target for Exim development, and Mail::DKIM::Signer isn't there yet. -- Thanks, Jeremy From nobody Sat Sep 9 08:56:36 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C51DC132936 for ; Sat, 9 Sep 2017 08:56:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.79 X-Spam-Level: X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eBndGkJEwKTW for ; Sat, 9 Sep 2017 08:56:33 -0700 (PDT) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A3EB132153 for ; Sat, 9 Sep 2017 08:56:33 -0700 (PDT) Received: from [10.218.202.228] (mobile-166-170-35-96.mycingular.net [166.170.35.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id DAFAEC400FE; Sat, 9 Sep 2017 10:56:28 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2001409; t=1504972589; bh=rbejIiSg2i/KCY+f3W884quamB9lPseeoK0f34ZV8AQ=; h=Date:In-Reply-To:References:Subject:To:From:From; b=la5KuIBU72S/D6q9Oh/VEkxr3PZ9er93WN3qV+AT+zZjzU0f0oXFbSJJcuGPe08rJ 73KqjhBqtk412yaCKKmdebEUPsl9tpUZncsrvhe8nJvLfF7nSogJsNXCKw1V7nKrpG I+k8ityGV0okr8PTwTUhIXHMC5hIejWhrcSprdOs= Date: Sat, 09 Sep 2017 15:56:25 +0000 In-Reply-To: <76507284-3767-ae7d-df99-c9dacc73e88c@wizmail.org> References: <76507284-3767-ae7d-df99-c9dacc73e88c@wizmail.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org,Jeremy Harris From: Scott Kitterman Message-ID: Archived-At: Subject: Re: [Dcrup] dkim bleeding-edge X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2017 15:56:35 -0000 On September 9, 2017 7:39:58 AM EDT, Jeremy Harris wro= te: >Does anyone have an MTA running with DKIM rsa-sha512 support? > >I need a test target for Exim development, >and Mail::DKIM::Signer isn't there yet=2E rsa-sha512 isn't used in DKIM and I don't believe there are any plans for = it=2E Scott K From nobody Sat Sep 9 09:04:21 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE526132EE3 for ; Sat, 9 Sep 2017 09:04:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOPIbZOoRUKT for ; Sat, 9 Sep 2017 09:04:18 -0700 (PDT) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CEF4132936 for ; Sat, 9 Sep 2017 09:04:18 -0700 (PDT) Received: from [46.33.133.68] (helo=lap.dom.ain) from_AS 51561 by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89.115) id 1dqiEx-0003VR-JG for dcrup@ietf.org (return-path ); Sat, 09 Sep 2017 16:04:15 +0000 To: dcrup@ietf.org References: <76507284-3767-ae7d-df99-c9dacc73e88c@wizmail.org> From: Jeremy Harris Message-ID: <56f5be5d-48cc-50a2-a0d9-32af1a51185c@wizmail.org> Date: Sat, 9 Sep 2017 17:04:13 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pcms-Received-Sender: [46.33.133.68] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] dkim bleeding-edge X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2017 16:04:20 -0000 On 09/09/17 16:56, Scott Kitterman wrote: > > > On September 9, 2017 7:39:58 AM EDT, Jeremy Harris wrote: >> Does anyone have an MTA running with DKIM rsa-sha512 support? >> >> I need a test target for Exim development, >> and Mail::DKIM::Signer isn't there yet. > > rsa-sha512 isn't used in DKIM and I don't believe there are any plans for it. See https://tools.ietf.org/html/draft-srose-dkim-ecc-00 -- Cheers, Jeremy From nobody Sat Sep 9 10:09:10 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D48132F2B for ; Sat, 9 Sep 2017 10:09:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.79 X-Spam-Level: X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id buCJx1zVoQvy for ; Sat, 9 Sep 2017 10:09:08 -0700 (PDT) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E8D8132F02 for ; Sat, 9 Sep 2017 10:09:08 -0700 (PDT) Received: from [10.218.202.228] (mobile-166-170-35-96.mycingular.net [166.170.35.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id DF724C4026D; Sat, 9 Sep 2017 12:09:05 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2001409; t=1504976946; bh=VsRgVqi9UJQEiMq91nt+2KAHFDDqLMPz3I4HFCJoXM0=; h=Date:In-Reply-To:References:Subject:To:From:From; b=zbnTd6IN2CMZ07uDoD3QXLiXQmlRFIZORBDxmxoEF7zKpvJW5xX1Z+P25uJmQDu/k xD+2ugw9S2CMKg29w36e4fGII7OGg7lgvzAvUCnmhONytY3xaf5OCjxjTob7lwbbDF BUpkFXSKnm9iyLfeNTCxJP5rtJqQN3WhiPk2fA08= Date: Sat, 09 Sep 2017 17:09:00 +0000 In-Reply-To: <56f5be5d-48cc-50a2-a0d9-32af1a51185c@wizmail.org> References: <76507284-3767-ae7d-df99-c9dacc73e88c@wizmail.org> <56f5be5d-48cc-50a2-a0d9-32af1a51185c@wizmail.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org,Jeremy Harris From: Scott Kitterman Message-ID: <04332480-846B-4672-9CB7-F3FC18694CE1@kitterman.com> Archived-At: Subject: Re: [Dcrup] dkim bleeding-edge X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2017 17:09:10 -0000 On September 9, 2017 12:04:13 PM EDT, Jeremy Harris wr= ote: >On 09/09/17 16:56, Scott Kitterman wrote: >>=20 >>=20 >> On September 9, 2017 7:39:58 AM EDT, Jeremy Harris >wrote: >>> Does anyone have an MTA running with DKIM rsa-sha512 support? >>> >>> I need a test target for Exim development, >>> and Mail::DKIM::Signer isn't there yet=2E >>=20 >> rsa-sha512 isn't used in DKIM and I don't believe there are any plans >for it=2E > >See >https://tools=2Eietf=2Eorg/html/draft-srose-dkim-ecc-00 See https://datatracker=2Eietf=2Eorg/doc/draft-ietf-dcrup-dkim-crypto The working group is focused on Ed25519-SHA256 for future crypto=2E Scott K From nobody Wed Sep 13 10:39:51 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D5C6513307D; Wed, 13 Sep 2017 10:39:43 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: dcrup@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150532438382.30451.16153593993974678677@ietfa.amsl.com> Date: Wed, 13 Sep 2017 10:39:43 -0700 Archived-At: Subject: [Dcrup] I-D Action: draft-ietf-dcrup-dkim-crypto-06.txt X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 17:39:44 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DKIM Crypto Update WG of the IETF. Title : New cryptographic signature methods for DKIM Author : John Levine Filename : draft-ietf-dcrup-dkim-crypto-06.txt Pages : 7 Date : 2017-09-13 Abstract: DKIM was designed to allow new cryptographic algorithms to be added. This document adds a new signing algorithm and a new way to represent signature validation keys. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dcrup-dkim-crypto-06 https://datatracker.ietf.org/doc/html/draft-ietf-dcrup-dkim-crypto-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dcrup-dkim-crypto-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Sep 13 10:41:24 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5593133080 for ; Wed, 13 Sep 2017 10:41:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=p86WdDuU; dkim=pass (1536-bit key) header.d=taugh.com header.b=nV+xGmb2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gJHXLNuBPXqG for ; Wed, 13 Sep 2017 10:41:21 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8BB013308C for ; Wed, 13 Sep 2017 10:41:15 -0700 (PDT) Received: (qmail 62254 invoked from network); 13 Sep 2017 17:41:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=f32a.59b96dba.k1709; bh=sbyeaKKbcGR2mCv5sBBMDZPkaURC2E6FZIuewahcXGY=; b=p86WdDuU3n2gME9GPN5nYU+x58a4BsvSId96yXz2MLKRv608GrCz7EReR+95ugMEbw7twElMevphGG2UaxKxZf80Y05MtzvBmR/e9GAULFISbeVZCRE/kbAM9LDvsWEShTekzjcghAdfEpE44dkYjQxV6LrtQHnDhlM9XdC//TIr30Rrtz0T6bf5h0gWFjguN6seTvX6av7YXlRE4cB1eh8fKl699dAb+FoGqBo2PMSftHwD8/a9BvZF4iKd5cfk DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=f32a.59b96dba.k1709; bh=sbyeaKKbcGR2mCv5sBBMDZPkaURC2E6FZIuewahcXGY=; b=nV+xGmb2svSU62BBict/EXTxpghVu2o1iKlh+hntBujXBxpDnN3b74WlaCu3Q/y6dTMPCYMzQUAEpByqHnQII52Pq/OG4wXfBJjsBqqaM9Rlv4q5+lNTgOMwKtCpWt5Nltm+KsqM76rvqN9GQ9vUCF35BR28YQQlIw7ltnEyMwYI3IMTmmLPT+3zVN5OuZw2hAPZgi2lsakevEWuV9ICNa5eKrfg2l30JZDr43025F1+3XDUGiGX89HoEUiaumtj Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 13 Sep 2017 17:41:14 -0000 Date: 13 Sep 2017 13:41:13 -0400 Message-ID: From: "John R Levine" To: dcrup@ietf.org User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 17:41:22 -0000 I have sent in a new draft which is intended to take into account all of the comments I've seen. There aren't any changes to bits on the wire, just editorial ones. As far as I can tell, this is about as done as it's going to get. R's, John From nobody Wed Sep 13 11:34:17 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A19213207A; Wed, 13 Sep 2017 11:34:09 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Jari Arkko To: Cc: dcrup@ietf.org, draft-ietf-dcrup-dkim-usage.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150532764947.30447.10287410957823560223@ietfa.amsl.com> Date: Wed, 13 Sep 2017 11:34:09 -0700 Archived-At: Subject: [Dcrup] Genart last call review of draft-ietf-dcrup-dkim-usage-04 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 18:34:09 -0000 Reviewer: Jari Arkko Review result: Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-dcrup-dkim-usage-?? Reviewer: Jari Arkko Review Date: 2017-09-13 IETF LC End Date: 2017-09-13 IESG Telechat date: Not scheduled for a telechat Summary: This document defines modern day requirements for the cryptographic algorithms used for DKIM. The document is well written, short, and sets requirements that are quite appropriate. I have no comments beyond one small issue/question related to the wording of the main requirement. Major issues: Minor issues: The document says: Signers MUST sign using rsa-sha256. Verifiers MUST verify using rsa-sha256. rsa-sha1 MUST NOT be used for signing or verifying. I was slightly surprised by the wording of the middle requirement about MUST verify using rsa-sha256. Given that new algorithms may be defined in the future (and indeed, draft-ietf-dcrup-dkim-crypto already defines some), wouldn't a "MUST implement" type wording be more suitable? Particularly when the third requirement prohibits the use of weak algorithm. With the middle requirement, how could any other, future stronger algorithm be used? Or is the idea that the definition of those algorithms would update these requirements? Or am I missing something? Nits/editorial comments: From nobody Wed Sep 13 11:47:08 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E63B132D4C for ; Wed, 13 Sep 2017 11:47:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuZd5SdBhsel for ; Wed, 13 Sep 2017 11:47:05 -0700 (PDT) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C350132932 for ; Wed, 13 Sep 2017 11:47:05 -0700 (PDT) Received: from [2a00:b900:109e:0:c5d6:c61b:f5e0:b51f] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89.115) id 1dsCgh-0005xl-5v for dcrup@ietf.org (return-path ); Wed, 13 Sep 2017 18:47:03 +0000 To: dcrup@ietf.org References: From: Jeremy Harris Message-ID: Date: Wed, 13 Sep 2017 19:47:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Pcms-Received-Sender: [2a00:b900:109e:0:c5d6:c61b:f5e0:b51f] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 18:47:07 -0000 On 13/09/17 18:41, John R Levine wrote: > I have sent in a new draft which is intended to take into account all of > the comments I've seen. Section 4 says to use the Pure variant of Ed25519, which section 4 of rfc 8032 appears to describe as (my paraphrase) sign only; not hashing the data handed to it. What we hand to it is already a hash, using sha256. Do I have that right? The existing interfaces in both GnuTLS and OpenSSL appear to be aiming towards a Hash version of Ed25519, if I read them right - and they don't say explicitly what the hash-function is. For example, https://gnutls.org/reference/gnutls-abstract.html says, for gnutls_privkey_sign_hash() :- "Note that, not all algorithm support signing already hashed data. When signing with Ed25519, gnutls_privkey_sign_data() should be used." (I'm assuming that ...sign_data() does a hash and then signs. I also fear, reading between some lines, that the hash might not be sha256). Are we expecting these libraries to enhance their APIs? Or am I totally off track? -- Thanks, Jeremy From nobody Wed Sep 13 18:41:44 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94112133042 for ; Wed, 13 Sep 2017 18:41:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_1VYY_F0BFn for ; Wed, 13 Sep 2017 18:41:41 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A85132F8F for ; Wed, 13 Sep 2017 18:41:41 -0700 (PDT) Received: (qmail 48757 invoked from network); 14 Sep 2017 01:41:40 -0000 Received: from unknown (64.57.183.53) by gal.iecc.com with QMQP; 14 Sep 2017 01:41:40 -0000 Date: 14 Sep 2017 01:41:18 -0000 Message-ID: <20170914014118.2378.qmail@ary.lan> From: "John Levine" To: dcrup@ietf.org Cc: jgh@wizmail.org In-Reply-To: Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 01:41:42 -0000 In article you write: >On 13/09/17 18:41, John R Levine wrote: >> I have sent in a new draft which is intended to take into account all of >> the comments I've seen. > >Section 4 says to use the Pure variant of Ed25519, which section 4 >of rfc 8032 appears to describe as (my paraphrase) sign only; not >hashing the data handed to it. What we hand to it is already a >hash, using sha256. > >Do I have that right? Yes. >The existing interfaces in both GnuTLS and OpenSSL appear to >be aiming towards a Hash version of Ed25519, if I read them right - >and they don't say explicitly what the hash-function is. We know, see previous discussion of this exact topic. The existing RSA DKIM signatures already do a hash of the canonicalized text and it is operationally a lot easier to pass the same hash to EC crypto rather than invent a different canonicalization scheme just to move the hash to the other side of the call to the crypto library. >Are we expecting these libraries to enhance their APIs? I haven't looked in detail at the APIs for Ed25519 crypto, but naively assumed that if the spec says there's a pure version that doesn't hash its input, the libraries would implement it. R's, John From nobody Thu Sep 14 01:25:44 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21400124319 for ; Thu, 14 Sep 2017 01:25:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYbInCguZqpm for ; Thu, 14 Sep 2017 01:25:41 -0700 (PDT) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B08B11321D8 for ; Thu, 14 Sep 2017 01:25:41 -0700 (PDT) Received: from [2a00:b900:109e:0:c5d6:c61b:f5e0:b51f] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89.115) id 1dsPSr-0005FW-Ba for dcrup@ietf.org (return-path ); Thu, 14 Sep 2017 08:25:37 +0000 To: dcrup@ietf.org References: <20170914014118.2378.qmail@ary.lan> From: Jeremy Harris Message-ID: <2937ddbe-79b1-71b5-5725-4d90000510ad@wizmail.org> Date: Thu, 14 Sep 2017 09:25:33 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20170914014118.2378.qmail@ary.lan> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Pcms-Received-Sender: [2a00:b900:109e:0:c5d6:c61b:f5e0:b51f] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 08:25:43 -0000 On 14/09/17 02:41, John Levine wrote: > I haven't looked in detail at the APIs for Ed25519 crypto, but naively > assumed that if the spec says there's a pure version that doesn't hash > its input, the libraries would implement it. Currently there is not, and the documentation seems to say there will never be (at least for GnuTLS). I think this needs sorting out before publishing an RFC which might not be implementable. I'll ask on the library mailinglists. -- Cheers, Jeremy From nobody Thu Sep 14 09:25:58 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F008B133045 for ; Thu, 14 Sep 2017 09:25:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhcloos.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhaZ-EqqgYO8 for ; Thu, 14 Sep 2017 09:25:54 -0700 (PDT) Received: from ore.jhcloos.com (ore.jhcloos.com [IPv6:2604:2880::b24d:a297]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88BD133053 for ; Thu, 14 Sep 2017 09:25:54 -0700 (PDT) Received: by ore.jhcloos.com (Postfix, from userid 10) id 0AA471DFA9; Thu, 14 Sep 2017 16:25:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore17; t=1505406354; bh=zcC4+3it3u1p36rLkHbLv6AheZdFDdjj2ah4huwzpa4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=pzs6T6yeEQggd3NUIQ4GcYy5MI084Zuih6Wp9cRsF/q2sRVOU11xvuVoKgyGzH2/3 +kU+dOGnfJW2pfZZFzw5q3iM3Cb9fQvsNlh/ZsdhcQAOqyvMutpNbQxPX9Yqgb6n3A sqHG05Od2vTzHV2xz8YJvpjxCUDQ+LFA01lDor/ri+Hv6RB4tVx4s04sdSNd9HLxqj 5kXRiDzeFeW+3gVxaCjv/yWHwSmhqj9qE7HiOa6VURelmpErOYMHaqb8dPf/r85s5T krlf0hEpKPDw7Ag0azm5kJzAzmo+f+M9K3iZJIUZDZVj94QfHCfCgQoCihfLdi5CwZ DetPdaEzUEa1Q== Received: by carbon.jhcloos.org (Postfix, from userid 500) id D5282107BF440; Thu, 14 Sep 2017 16:24:34 +0000 (UTC) From: James Cloos To: dcrup@ietf.org Cc: John Levine , jgh@wizmail.org In-Reply-To: <20170914014118.2378.qmail@ary.lan> (John Levine's message of "14 Sep 2017 01:41:18 -0000") References: <20170914014118.2378.qmail@ary.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC Copyright: Copyright 2017 James Cloos OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Date: Thu, 14 Sep 2017 12:24:34 -0400 Message-ID: Lines: 15 MIME-Version: 1.0 Content-Type: text/plain X-Hashcash: 1:28:170914:dcrup@ietf.org::ZcpdvFQ3XhytfcR9:002u667 X-Hashcash: 1:28:170914:johnl@taugh.com::FRsyM9WxiMrzUKUj:00w3a7 X-Hashcash: 1:28:170914:jgh@wizmail.org::s9auAZtnmSlVxsQE:0JpzeM Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Sep 2017 16:25:56 -0000 >>>>> "JL" == John Levine writes: JL> I haven't looked in detail at the APIs for Ed25519 crypto, but naively JL> assumed that if the spec says there's a pure version that doesn't hash JL> its input, the libraries would implement it. I thought that the consensus was the opposite. Wasn't esr demanding that and everyone else arguing the opposite? It is certainly the case the the "pure" version of eddsa is unlikely to get much support by the crypto libraries. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 From nobody Thu Sep 14 17:32:58 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5009126B7E for ; Thu, 14 Sep 2017 17:32:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=kKATVxKp; dkim=pass (1536-bit key) header.d=taugh.com header.b=Pd4fuGy7 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ST69k5JUQQtO for ; Thu, 14 Sep 2017 17:32:54 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1536913293A for ; Thu, 14 Sep 2017 17:32:53 -0700 (PDT) Received: (qmail 63063 invoked from network); 15 Sep 2017 00:32:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=f655.59bb1fb4.k1709; bh=K3h7luez+P565KrlKl73fs8MTJAFPD1EGyNhx4C0J7U=; b=kKATVxKpcFBpCc9L20AWO4/KQeJmkiCPJ3iQczDTAGzwq0szmeMvMJv+Iu9vnQwING554W78CavpGF8EHc5IML8kDtMcDHbnrEgvvdfdVeABduuQtGF2xKuYHfonrgOx/iZ5gWxZltuf7w3oxnU6BJxc9Wi+LaGa7FeoJO9dknVjVA9VHiodvDMpnE65Et3e9aebK3EWLXOVGY6uBFozxi/Uhwhy4DVJ/4jPMORCsPUhZVOIrIjIH0FHAmgN70dJ DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=f655.59bb1fb4.k1709; bh=K3h7luez+P565KrlKl73fs8MTJAFPD1EGyNhx4C0J7U=; b=Pd4fuGy73Ff7ZBSEE+v8EEJQ/kX1//tckF+auvDda4Q3+XDRp43NG/ETSsnyJLcvw+7Vd7Wii5cvmDYH6vvo8jCEciBxvIjvGArVzlQy/kWPNTxhMkguURUaPXLKNjq6+UuZGZbNzNiEkyVYIEx/4q16txPEbVdU2WdE4PwBiVQt+tydAcMJjPNCPASF5mSQ+vYocVdIFaCWUiFNRZQzU1atwp2N1pypDrepObNR16hJFRooKHmtpL8/pD/lxHFH Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 15 Sep 2017 00:32:52 -0000 Date: 14 Sep 2017 20:32:52 -0400 Message-ID: From: "John R Levine" To: "James Cloos" Cc: dcrup@ietf.org In-Reply-To: References: <20170914014118.2378.qmail@ary.lan> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 00:32:56 -0000 > JL> I haven't looked in detail at the APIs for Ed25519 crypto, but naively > JL> assumed that if the spec says there's a pure version that doesn't hash > JL> its input, the libraries would implement it. > > I thought that the consensus was the opposite. Wasn't esr demanding > that and everyone else arguing the opposite? No, that was an unrelated issue of how to publish the verification keys. See the WG archives. > It is certainly the case the the "pure" version of eddsa is unlikely to > get much support by the crypto libraries. That seems strange, since the difference between pure and hash is that the pure version just skips the hash. But if it is really the case that it will be hard to find pure versions it would be silly buy harmless to change the spec to say that it calls the hash version of Ed25519 so it rehashes the hash we give it. As far as I know rehashing a hash with a reasonable second hash function doesn't make it any weaker. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly From nobody Fri Sep 15 05:02:35 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4891331F1 for ; Fri, 15 Sep 2017 05:02:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.721 X-Spam-Level: X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUm973KwOz0v for ; Fri, 15 Sep 2017 05:02:33 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [67.231.149.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B94161331D2 for ; Fri, 15 Sep 2017 05:02:33 -0700 (PDT) Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v8FBvA78024368; Fri, 15 Sep 2017 13:02:30 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=fSgcIsrSWHeBlMmU3DNN6bXW/WExlBmqcffhAM4RoGs=; b=KT1pkO/5JnlgRnzZlit5DJr3WDhCezw2ciGW1bm7v54cDygXSoIEPyqyBbSenu2zmbAI YSxg3vyTjsaSFbWiRLFaSCUzXbCOE6qXkyl/ojbt+5jXX/oV0RBJaJ6nC76VAlv9lLhV 6Ij8lnFr56dr0+3PA6mmXguU45Rjy5MCGiQd4/P1pCBITKAGYUAvS5YoYFhtIotayIQc XHDR1k9p0rSdJKjgiKlD4J/Sr2+zXf5tztsbVLzLtgJsajEXJrBk5pBuz2uUE4K1UyP4 /QOYqrntQm3cBtQUOIl8wxJF0FlnRGa11ZD//QSk+fxkBXVmcoNuXaDWlxjJmVeqGFbr eQ== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by mx0a-00190b01.pphosted.com with ESMTP id 2cxdwmc7sw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Sep 2017 13:02:30 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id v8FC1UDn020167; Fri, 15 Sep 2017 08:02:29 -0400 Received: from email.msg.corp.akamai.com ([172.27.25.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 2cwwqkw0kr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 15 Sep 2017 08:02:29 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.27.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 15 Sep 2017 07:02:08 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Fri, 15 Sep 2017 07:02:08 -0500 From: "Salz, Rich" To: John R Levine , James Cloos CC: "dcrup@ietf.org" Thread-Topic: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 Thread-Index: AQHTLLeHt72FwF8YcEa160mv3scBc6Kze8GAgABzwACAAKNgNYAA29YAgAB9hIA= Date: Fri, 15 Sep 2017 12:02:08 +0000 Message-ID: References: <20170914014118.2378.qmail@ary.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1b.0.161010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.40.113] Content-Type: text/plain; charset="utf-8" Content-ID: <37001F8E2B66EB47957C625AC1808469@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-09-15_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1709150176 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-09-15_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1709150175 Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 12:02:35 -0000 4p6iIEFzIGZhciBhcyBJIGtub3cgcmVoYXNoaW5nIGEgaGFzaCB3aXRoIGEgcmVhc29uYWJsZSBz ZWNvbmQgaGFzaCBmdW5jdGlvbiANCiAgICBkb2Vzbid0IG1ha2UgaXQgYW55IHdlYWtlci4NCiAg ICANCkl0IGRvZXMgbm90Lg0KDQpBcG9sb2dpZXMgdG8gdGhlIFdHLCBJIHdhc27igJl0IHBheWlu ZyBhdHRlbnRpb24gb24gdGhpcy4NCg0K From nobody Fri Sep 15 07:15:42 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F07C3133341 for ; Fri, 15 Sep 2017 07:15:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.791 X-Spam-Level: X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nv5scgHufGwl for ; Fri, 15 Sep 2017 07:15:35 -0700 (PDT) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C32471332CA for ; Fri, 15 Sep 2017 07:15:35 -0700 (PDT) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 0DDBBC40297 for ; Fri, 15 Sep 2017 09:15:34 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2001409; t=1505484934; bh=3DmuSAnRWsNvztI/fv++1Df1HBQR3cNQTYvfP85zffw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=h571MaOWPNXdpPfE7D4Klud/gwHL9l/EElII6UJh/50ProFbEqqDrUaJ54sPwX32D 8O/vh8UIM1BgMBhLtWX7hU/T+RTW9aYnt3GnwANItjkQk1/0MH1Htkh6uAgJifRKZN F3jseLa10zQNxz+uTjU3sMGzrmOkCzyRJeA2Um5Y= From: Scott Kitterman To: dcrup@ietf.org Date: Fri, 15 Sep 2017 10:15:34 -0400 Message-ID: <1739837.QWERb01LVO@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 14:15:38 -0000 On Wednesday, September 13, 2017 01:41:13 PM John R Levine wrote: > I have sent in a new draft which is intended to take into account all of > the comments I've seen. There aren't any changes to bits on the wire, > just editorial ones. > > As far as I can tell, this is about as done as it's going to get. Do we really need to add both rsafp and ed25519? I thought we had ~agreed (or at least discussed) earlier to only add ed25519 since these new methods only work if widely deployed by both signers and verifiers and adding two new methods makes it less likely that either will achieve critical mass. Scott K From nobody Fri Sep 15 08:58:07 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51F9133460 for ; Fri, 15 Sep 2017 08:58:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_ujF3svsJYT for ; Fri, 15 Sep 2017 08:58:05 -0700 (PDT) Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83203132D4B for ; Fri, 15 Sep 2017 08:58:05 -0700 (PDT) Received: from [IPv6:2601:647:5500:1330:62a4:4cff:fe65:83dd] ([IPv6:2601:647:5500:1330:62a4:4cff:fe65:83dd]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id v8FFw3Ou032445 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 15 Sep 2017 08:58:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1505491084; bh=tcmqyhIuF2F1vmsqJaKu2ppbTnlFuNeVnXQR1Gtp4AE=; h=Subject:To:References:From:Date:In-Reply-To; b=T6clkHUnxwjxrgvZrugRd/ImPCa1bRktRnpkQ+kYHWaZH00ny9KkjjsfryYXbKhH+ rFztGTwYmW92b3r3erhHepi4b8/1AFQPhLXYPGOYKxKC6ku9k6OCwbRrATUvWf9IFY /ZMzsx0XqlJOgSulvVO3BTSQ1+oQujxMVotiaxXE= To: dcrup@ietf.org References: <1739837.QWERb01LVO@kitterma-e6430> From: Jim Fenton Message-ID: Date: Fri, 15 Sep 2017 08:57:54 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <1739837.QWERb01LVO@kitterma-e6430> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 15:58:07 -0000 On 09/15/2017 07:15 AM, Scott Kitterman wrote: > On Wednesday, September 13, 2017 01:41:13 PM John R Levine wrote: >> I have sent in a new draft which is intended to take into account all of >> the comments I've seen. There aren't any changes to bits on the wire, >> just editorial ones. >> >> As far as I can tell, this is about as done as it's going to get. > Do we really need to add both rsafp and ed25519? > > I thought we had ~agreed (or at least discussed) earlier to only add ed25519 > since these new methods only work if widely deployed by both signers and > verifiers and adding two new methods makes it less likely that either will > achieve critical mass. > > Scott K +1. I don't have a strong feeling about whether we should go with rsafp or ecc, but I don't see why we need both. -Jim From nobody Fri Sep 15 09:35:35 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8247A13301E for ; Fri, 15 Sep 2017 09:35:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhcloos.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UybG2wwfXT2j for ; Fri, 15 Sep 2017 09:35:31 -0700 (PDT) Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.22.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAD5913209C for ; Fri, 15 Sep 2017 09:35:31 -0700 (PDT) Received: by ore.jhcloos.com (Postfix, from userid 10) id DC6AB1E1FF; Fri, 15 Sep 2017 16:35:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore17; t=1505493330; bh=EVDhrxeZIKVVFMwT/2w7zj71DCyvdhRVPcA7wKsXQrg=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=eYXF2YJeIyfCWDJ2J43IA4UqnMXHNeaMNTTCRw2VviiwBHzo9NiERYO5cKBBaMoYz ZoXR4ETEgZRqeWhDFhPtaW3xXoorNWpu3IFaps/f9XBmgUngsyxpScqrsWMBS1qdsW XiICA6ZKI8wkXsb2cjrMJZtj/BMdni0gAEYQxS0TejTEBHzYHnqQQ5F7DauBuIVlg1 iNjqZLnjkkYPoaWW9Edn3435O/mKveQ8H7b+4jBln/rvO0XJi93IveLwLRGcGhXerF 6NCST87fcctdrznvx84FHtuyfLMPVFFpEeFLJYsbhqXn0N9yTU7YQUfrj6tglBHqHF Tajlef4HjmRJA== Received: by carbon.jhcloos.org (Postfix, from userid 500) id 2C01A107BF000; Fri, 15 Sep 2017 16:34:47 +0000 (UTC) From: James Cloos To: "John R Levine" Cc: dcrup@ietf.org In-Reply-To: (John R. Levine's message of "14 Sep 2017 20:32:52 -0400") References: <20170914014118.2378.qmail@ary.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC Copyright: Copyright 2017 James Cloos OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Date: Fri, 15 Sep 2017 12:34:47 -0400 Message-ID: Lines: 18 MIME-Version: 1.0 Content-Type: text/plain X-Hashcash: 1:28:170915:johnl@taugh.com::Dp5dsmxqoIZCbZz7:037Y03 X-Hashcash: 1:28:170915:dcrup@ietf.org::jjR3OKTHLHJdok1Y:009PfMP Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 16:35:33 -0000 >>>>> "JL" == John R Levine writes: >> It is certainly the case the the "pure" version of eddsa is unlikely to >> get much support by the crypto libraries. JL> That seems strange, It is the impression I've gotten from reading the various project lists. If I got it correct, some hardware devs recently complained about that, too. Something about having to send the data through the hw twice if the hashing is part of eddsa rather than separate to it. So protocols seem to want to ignore the pre-hashed versions, too. The feedback between the two is likely a factor. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 From nobody Fri Sep 15 22:16:01 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF0D1321A7 for ; Fri, 15 Sep 2017 22:15:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wCO2ez4WgUZ7 for ; Fri, 15 Sep 2017 22:15:58 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C8F712EC30 for ; Fri, 15 Sep 2017 22:15:58 -0700 (PDT) Received: (qmail 54501 invoked from network); 16 Sep 2017 05:15:57 -0000 Received: from unknown (64.57.183.53) by gal.iecc.com with QMQP; 16 Sep 2017 05:15:57 -0000 Date: 16 Sep 2017 05:15:35 -0000 Message-ID: <20170916051535.2177.qmail@ary.lan> From: "John Levine" To: dcrup@ietf.org Cc: sklist@kitterman.com In-Reply-To: <1739837.QWERb01LVO@kitterma-e6430> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2017 05:16:00 -0000 In article <1739837.QWERb01LVO@kitterma-e6430> you write: >> As far as I can tell, this is about as done as it's going to get. > >Do we really need to add both rsafp and ed25519? > >I thought we had ~agreed (or at least discussed) earlier to only add ed25519 In July I proposed only doing EC but there was no consensus. I would prefer not to rerun old arguments unless we have learned something new in the meantime. From nobody Sat Sep 16 05:02:57 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF1C0132D51 for ; Sat, 16 Sep 2017 05:02:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhcloos.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRPUZd2kDwU8 for ; Sat, 16 Sep 2017 05:02:54 -0700 (PDT) Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.22.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E275713219B for ; Sat, 16 Sep 2017 05:02:54 -0700 (PDT) Received: by ore.jhcloos.com (Postfix, from userid 10) id 2677C1DFF1; Sat, 16 Sep 2017 12:02:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore17; t=1505563374; bh=9EYk6E/HvMt7QxQr3rdKckbUqO6oxOIyjy/UxnlBJAA=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Ev264SHr2eOr2zRo6mhJX18E3Hh2McDe+yLuH0pubGXNB+RL5lCMytHdioyeQ6/lA ugvacywl4TCWh7WupujbLJw8KibMfp/v8zGVnLgfH8ZQDtFDHrKFeDmxnhwWqfS/gV e6/CmYW32FAnv8BRwrmyLB/ptAoN7WgyR6EZhv/j5qt0pRYi5FPozXrnrIUIVhnpwg 2fpmsecQHkG/Y6zRbWIwJBq5FD57XB/54dAooxJ6nsDSwsnBws/T4/Cowt4gxJrOjc tiAciv7Q9316dtlIWT5lmqFXzfz4i0d1lRluMPvG6XMnHsxBIuKWkFt2A6ILrKKhZK t8xtoln9ipe1g== Received: by carbon.jhcloos.org (Postfix, from userid 500) id 20040107AC44C; Sat, 16 Sep 2017 12:02:13 +0000 (UTC) From: James Cloos To: dcrup@ietf.org In-Reply-To: (James Cloos's message of "Fri, 15 Sep 2017 12:34:47 -0400") References: <20170914014118.2378.qmail@ary.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC Copyright: Copyright 2017 James Cloos OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Date: Sat, 16 Sep 2017 08:02:13 -0400 Message-ID: Lines: 7 MIME-Version: 1.0 Content-Type: text/plain X-Hashcash: 1:28:170916:dcrup@ietf.org::e1ocQvxWdUd5V3jy:00Bp96c Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2017 12:02:56 -0000 > It is the impression I've gotten from reading the various project lists. Nikos recently posted that he skipped pure because curdle chose to avoid it. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 From nobody Mon Sep 18 10:14:02 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CBD81342E6 for ; Mon, 18 Sep 2017 10:14:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESmsso3rK9Hm for ; Mon, 18 Sep 2017 10:14:00 -0700 (PDT) Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B9F91342DB for ; Mon, 18 Sep 2017 10:13:59 -0700 (PDT) Received: from splunge.local (sfosf0017s350801.wiline.com [64.71.6.2] (may be forged)) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id v8IHDv32015409 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 18 Sep 2017 10:13:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1505754839; bh=G9SP9WctRnxvPTEe2O4Dn/BtClg8XCM5ltwaBXET66E=; h=Subject:To:References:From:Date:In-Reply-To; b=gZL3lqSXUG3mTnbjmKFFjMUewo7QGzw7zmmrVzPBFumthRuczOTZTcDImglqLgUvn 7Z0uRVb6GBh5g/KzBCaTVNj4+s1gPLxxoky5ZqOYfIvAeWPtQiP+mvuw0qMxh5oAQT NAfWD8GEKCATFO0Wn7TMIWMkMjdLKGBwtonrtMfI= To: dcrup@ietf.org References: <20170916051535.2177.qmail@ary.lan> From: Jim Fenton Message-ID: Date: Mon, 18 Sep 2017 10:13:52 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20170916051535.2177.qmail@ary.lan> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 17:14:01 -0000 On 9/15/17 10:15 PM, John Levine wrote: > In article <1739837.QWERb01LVO@kitterma-e6430> you write: >>> As far as I can tell, this is about as done as it's going to get. >> Do we really need to add both rsafp and ed25519? >> >> I thought we had ~agreed (or at least discussed) earlier to only add e= d25519=20 > In July I proposed only doing EC but there was no consensus. I would p= refer > not to rerun old arguments unless we have learned something new in the = meantime. I haven't found your proposal, but I asked on Jabber at the Prague meeting whether one or the other would suffice, and repeated that question on the list. See thread "Do we need both hashed RSA and elliptic curves?" that begins on 21 July. There were responses from 7 people including you, and I didn't see anyone arguing that we should have both (although it's not my place to judge consensus). We would be doing a disservice if we require everyone to support two ways of solving the key length problem unless there is a compelling reason to do so. I also support the use of elliptic curve signatures rather than rsafp. Part of the reason is that rsafp may have IPR issues (see disclosure 3025). AFAIK EC signatures avoid this problem unless the selector DNS record contains a hash of the public key, which shouldn't be necessary because the key is shorter. I have no opinion on the choice of curve used= =2E -Jim From nobody Mon Sep 18 10:31:43 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693C2133070 for ; Mon, 18 Sep 2017 10:31:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.791 X-Spam-Level: X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhXIJCsjOLry for ; Mon, 18 Sep 2017 10:31:41 -0700 (PDT) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27792132992 for ; Mon, 18 Sep 2017 10:31:41 -0700 (PDT) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 5CA69C401C9 for ; Mon, 18 Sep 2017 12:31:39 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2001409; t=1505755899; bh=gVNEBxokQACW0XIJntQiXuh7+ru0t82Maw0xcjX8cz8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=HcsIBI5J/pkCZQXgLUzeAN+rWzM31IRPbUYWJxb0T5UoUTOrK4iat67pAZjble/O+ HdSOnNYJE2P3ArTKK6uPR8hTTSpAh6Dwt2RZPMWqD7ukmn/I18E4yheC6cFi1gSGmf KryWesAEbThOwMHnYaipTgvF/F+5vt0X7Xf2MhZk= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 18 Sep 2017 13:31:38 -0400 Message-ID: <1853334.xPrzCzLMPD@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <20170916051535.2177.qmail@ary.lan> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 17:31:42 -0000 On Monday, September 18, 2017 10:13:52 AM Jim Fenton wrote: > On 9/15/17 10:15 PM, John Levine wrote: > > In article <1739837.QWERb01LVO@kitterma-e6430> you write: > >>> As far as I can tell, this is about as done as it's going to get. > >> > >> Do we really need to add both rsafp and ed25519? > >> > >> I thought we had ~agreed (or at least discussed) earlier to only add > >> ed25519> > > In July I proposed only doing EC but there was no consensus. I would > > prefer not to rerun old arguments unless we have learned something new in > > the meantime. > I haven't found your proposal, but I asked on Jabber at the Prague > meeting whether one or the other would suffice, and repeated that > question on the list. See thread "Do we need both hashed RSA and > elliptic curves?" that begins on 21 July. There were responses from 7 > people including you, and I didn't see anyone arguing that we should > have both (although it's not my place to judge consensus). > > We would be doing a disservice if we require everyone to support two > ways of solving the key length problem unless there is a compelling > reason to do so. > > I also support the use of elliptic curve signatures rather than rsafp. > Part of the reason is that rsafp may have IPR issues (see disclosure > 3025). AFAIK EC signatures avoid this problem unless the selector DNS > record contains a hash of the public key, which shouldn't be necessary > because the key is shorter. I have no opinion on the choice of curve used. Those all make sense to me. I don't recall anyone pushing hard for retaining both and, while I agree there was never a formal consensus call by the chairs, it seemed like that was definitely the direction the group was leaning. Scott K From nobody Tue Sep 19 08:52:02 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DF9133020 for ; Tue, 19 Sep 2017 08:52:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjflRLLXk6dD for ; Tue, 19 Sep 2017 08:51:59 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D519F134295 for ; Tue, 19 Sep 2017 08:51:58 -0700 (PDT) Received: (qmail 30367 invoked from network); 19 Sep 2017 15:51:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=769c.59c13d1d.k1709; bh=l820L6JlPLjTP/z42kE57hm8U62krIJ6tWg4eLAzt44=; b=Ytedju6srvmaFCT5k1QcpIljnds8b3TGZCV24iC2x52IhTZ1DeS1HFWJBCPgi2qiFfWIfZ0f55UgfMPXBsOwZTROcDSjLmCc6ZP7ttx4JE2Pu4dZlKYWwdGyWEXRi3ImUbv6taMqDkz+LzQTdKoTfYIQ8LQAXlifNKT4n5dHEtjznT2qf7SRD0WJV8AOKlxns3CKkX6JC91f6MzK4vBZffEjiN6Ez2IzSjm8bffyDKtCz5ZXa1kE4snlHriZC+gm Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 19 Sep 2017 15:51:57 -0000 Date: 19 Sep 2017 08:52:04 -0700 Message-ID: From: "John R. Levine" To: dcrup@ietf.org User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: [Dcrup] One algorithm to rule them all, or maybe two X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 15:52:01 -0000 Here's what I know about the two new algorithms: Hashed RSA: (good) avoids the txt record 256 byte issue (good) trivial to implement, no new library dependencies (good) key in signature prevents obscure reverse engineered un-revoke (bad) Jim's patent, unknown what Cisco might do with it (bad) DKIM headers are bigger, crypto is slower with bigger keys Ed25519: (good) avoids the txt record 256 byte issue (good) faster than RSA (good) DKIM headers don't grow or grow less with copy of key in signature (bad) popular libraries do not yet support it (bad) popular libraries may never support pure version, might need to double hash Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Fri Sep 22 17:42:55 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13B4E13304A for ; Fri, 22 Sep 2017 17:42:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.791 X-Spam-Level: X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlE00pNpKAli for ; Fri, 22 Sep 2017 17:42:52 -0700 (PDT) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84A26126B7E for ; Fri, 22 Sep 2017 17:42:52 -0700 (PDT) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 29F2FC400FE for ; Fri, 22 Sep 2017 19:42:51 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2001409; t=1506127371; bh=UTX/GFNwJ/dXKG32BS1mfjJgKbkuoQT8yByEV2M8/Qs=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mN5xk2ra1N7LXI7jmuuvH04VUBGYvHLh9TM263hZpo2ndNx7REHmxSXJ53/z8mpQv Sua/Hjy+RVIflVmN8EOVl3t9qGOofyWz9/qYKQqX+x74+f9hNS1m/73R6cHOCJjzCr xDeNlex52RaShMXlEwWnTFrRhixuYyTZwj1/byLs= From: Scott Kitterman To: dcrup@ietf.org Date: Fri, 22 Sep 2017 20:42:49 -0400 Message-ID: <3272257.svHMZeYSyp@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] One algorithm to rule them all, or maybe two X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Sep 2017 00:42:54 -0000 I think algorithm diversity is important in the long run (added below). I think it's clear Ed25519 is going to have wide support, so, if one is patient, the popular libraries do not yet support it "bad" isn't a big deal. Rsa-sha256 should be good for awhile. The biggest question is will pure be supported or not. Scott K On Tuesday, September 19, 2017 08:52:04 AM John R. Levine wrote: > Here's what I know about the two new algorithms: > > Hashed RSA: > > (good) avoids the txt record 256 byte issue > (good) trivial to implement, no new library dependencies > (good) key in signature prevents obscure reverse engineered un-revoke > (bad) Jim's patent, unknown what Cisco might do with it > (bad) DKIM headers are bigger, crypto is slower with bigger keys > > Ed25519: > > (good) avoids the txt record 256 byte issue > (good) faster than RSA > (good) DKIM headers don't grow or grow less with copy of key in signature (good) provides algorithm diversity which reduces risk DKIM becomes unusable in the future if rsa-256 is broken > (bad) popular libraries do not yet support it > (bad) popular libraries may never support pure version, might need to double > hash > > Regards, > John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for > Dummies", Please consider the environment before reading this e-mail. > https://jl.ly > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup From nobody Sun Sep 24 05:18:22 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A92133065 for ; Sun, 24 Sep 2017 05:18:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.901 X-Spam-Level: X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wo2w25QNUjwv for ; Sun, 24 Sep 2017 05:18:19 -0700 (PDT) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDBDD132A89 for ; Sun, 24 Sep 2017 05:18:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1506255497; bh=8ScipKaPaI+wfBmCZPCCsg5l6+7+jOes+u24IEpNp/0=; l=1175; h=To:References:From:Date:In-Reply-To; b=MB6kD7S2hItPoUnG8pzaVWJ0vdp3SD9INQwC3VzC0FN2J2raMQJ4ROqTd7r8PVpCd ateYNokU/W+iHESwe1mpHOfj5ldnpzSBTv0SRzu60enW3oV4Pm31sN4+1FNFmTU8RC 7cGuzZS8SEizBgDZPDo45nWvAu8d0qEFGowzV0ks= Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Sun, 24 Sep 2017 14:18:16 +0200 id 00000000005DC085.0000000059C7A288.00003C38 To: dcrup@ietf.org References: <20170914014118.2378.qmail@ary.lan> From: Alessandro Vesely Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00 Message-ID: <286369e9-a074-1215-8b80-36a33ba224ca@tana.it> Date: Sun, 24 Sep 2017 14:18:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Sep 2017 12:18:21 -0000 On Sat 16/Sep/2017 14:02:13 +0200 James Cloos wrote: >> It is the impression I've gotten from reading the various project lists. > > Nikos recently posted that he skipped pure because curdle chose to avoid it. Yes, that's the reply to the question Jeremy told us he was going to ask on that list, on Sep 14: https://lists.gnupg.org/pipermail/gnutls-help/2017-September/004387.html My understanding is that curdle's decision is due to the fact that PureEdDSA requires two passes over the input. But then I didn't read the full details of their decision (summer 2016): https://www.ietf.org/mail-archive/web/curdle/current/msg00266.html Dealing with generic functions, the GnuTLS manual does not expand much on why gnutls_privkey_sign_hash [1] won't work. It may be interesting to compare its man page with that of nettle's ed25519_sha512_sign [2]. BTW, nettle is yet another lib which doesn't seem to be going to implement the pre-hash variant any time soon. [1] GnuTLS https://gnutls.org/manual/html_node/Abstract-key-API.html#gnutls_005fprivkey_005fsign_005fhash [2] Nettle https://www.lysator.liu.se/~nisse/nettle/nettle.html#EdDSA hth Ale From nobody Sun Sep 24 23:59:48 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57AF9126B6D for ; Sun, 24 Sep 2017 23:59:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTy1tN2Zp3Y1 for ; Sun, 24 Sep 2017 23:59:45 -0700 (PDT) Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FACD1270AB for ; Sun, 24 Sep 2017 23:59:45 -0700 (PDT) Received: by mail-oi0-x232.google.com with SMTP id v188so5566243oia.5 for ; Sun, 24 Sep 2017 23:59:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0xkl1rYbrt+6zv9R9SsJF9/+fjGVYGJjOJ9LHcS/QUE=; b=QpTw5A9D0qKfGDZMJ8WuFscxpeR4bCPcQV6RvN8kRi2KbQ5CPkK3PgS8jW5PnndfQ1 Eb96iHuRMdfKxXEX9+TtJlVjGUitrsQCcBvQnskOrQcXHStZ4SvCKXxC0qgNVsdvyQI6 q8NGospuiTk1fdBh2ZiBz0FYftr3DprlEgIvF9Ot3EtP+8nlvyqO0x06cxF8CbqqkSUh +ZIbKrMUJAuHKlY9+Z6L9p7/kG3VsdNQswb5Qs5PArxAvXH21ybDKw62GGBwuph0mQ2F HMiicq1aYmAIVlxlYbbdGDT/q5FFq+GW6969GJNK52U9EZX/aCC+gNHXIZJ4U5lYEPxG GBDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0xkl1rYbrt+6zv9R9SsJF9/+fjGVYGJjOJ9LHcS/QUE=; b=SIzw73VRqcpR76EeTYtJ5ERMPdbGQ2zUnKv+0FsZN1jyNm+3WYDVeXaXEW9YCpRHs7 sYwxOQszObd68FNxWEBRG6UgVp6NFkDpoewV1anykyDjW3tWnID4r2k6E5QFQo6zadX9 8FnorVHnndNNpIS5Yj/rdnNy2iWGTvSPSCtWh41BG+C0PUXrSqTkB6F0uL7Mp1tW6Xr+ JKN0QNQW2vvPaDlWjU9lzB92GFdHDL0EM/W9dmb5TC+zQO5FS7qu10DfiOWvPqDUAoXp 1GlmMNskQvO/WkLjgg6dMrod2ehZNUV+Zku4wMOOaDuKaXUAt697Y6/T8/xpPY6nhIu/ 5sBA== X-Gm-Message-State: AHPjjUhHGVX0aAiA6pUsPd7ODa+uKLBVUp1VUMAd4O7yqCR4v/34B11I +kMZmwIHArQZbKk5FmfBsT4MU3qsbnNjWyUpLcAOnA== X-Google-Smtp-Source: AOwi7QBxNh6zwVs3GPZgfBUZV33XY9A+KB0d8nlvC7yDTsDZAytDH0K5ufuSN9YI7h3B3P6ZLrjvDVp1ommThIvC098= X-Received: by 10.202.96.69 with SMTP id u66mr5966694oib.257.1506322784607; Sun, 24 Sep 2017 23:59:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.0.38 with HTTP; Sun, 24 Sep 2017 23:59:44 -0700 (PDT) In-Reply-To: <3272257.svHMZeYSyp@kitterma-e6430> References: <3272257.svHMZeYSyp@kitterma-e6430> From: Martin Thomson Date: Mon, 25 Sep 2017 16:59:44 +1000 Message-ID: To: Scott Kitterman Cc: dcrup@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [Dcrup] One algorithm to rule them all, or maybe two X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2017 06:59:47 -0000 I think that you might want to move the point about diversity to the other column that says "both". There are indications suggest that EC breaks before RSA, but those results aren't unequivocal either (and I can't pretend to know the details). I tend to think that having and exercising both will make it easier to move to the next thing, though I hope that won't be any time soon. It might be reasonable to assume that people will put the first quantum computers to work on more lucrative pursuits than spam, but it might become an attractive target if it is so ossified around a particular scheme that deploying a PQ scheme is made impossible. On Sat, Sep 23, 2017 at 10:42 AM, Scott Kitterman wrote: > I think algorithm diversity is important in the long run (added below). > > I think it's clear Ed25519 is going to have wide support, so, if one is > patient, the popular libraries do not yet support it "bad" isn't a big deal. > Rsa-sha256 should be good for awhile. > > The biggest question is will pure be supported or not. > > Scott K > > On Tuesday, September 19, 2017 08:52:04 AM John R. Levine wrote: >> Here's what I know about the two new algorithms: >> >> Hashed RSA: >> >> (good) avoids the txt record 256 byte issue >> (good) trivial to implement, no new library dependencies >> (good) key in signature prevents obscure reverse engineered un-revoke >> (bad) Jim's patent, unknown what Cisco might do with it >> (bad) DKIM headers are bigger, crypto is slower with bigger keys >> >> Ed25519: >> >> (good) avoids the txt record 256 byte issue >> (good) faster than RSA >> (good) DKIM headers don't grow or grow less with copy of key in signature > (good) provides algorithm diversity which reduces risk DKIM becomes unusable > in the future if rsa-256 is broken >> (bad) popular libraries do not yet support it >> (bad) popular libraries may never support pure version, might need to double >> hash >> >> Regards, >> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for >> Dummies", Please consider the environment before reading this e-mail. >> https://jl.ly >> >> _______________________________________________ >> Dcrup mailing list >> Dcrup@ietf.org >> https://www.ietf.org/mailman/listinfo/dcrup > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup From nobody Mon Sep 25 15:02:33 2017 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215171345CA for ; Mon, 25 Sep 2017 15:02:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_1vcRtElhM0 for ; Mon, 25 Sep 2017 15:02:30 -0700 (PDT) Received: from gal.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E7C01345C6 for ; Mon, 25 Sep 2017 15:02:30 -0700 (PDT) Received: (qmail 24299 invoked from network); 25 Sep 2017 22:02:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=5ee9.59c97cf5.k1709; bh=zTURKr/jXbLQrdsWLiEpGmZU30gW8fpyS/tFkDfe9TM=; b=An8Y/EabHxSWXrFkhoMZxwAIaEtxDQjjSo+qAkrUgbitqxgme3Vs4oZOq63cTH2F2D3e1AUXdBLXguqdW0QoR5f1MmV4l2h++wcNqvw64CZnNhYsUiJpN+MOClI6hnlKN3A4FnbhdhIZx1qHdA4dYUgZnTbP+N2mUSnoqNTlC1aczioC2GSFoHDmoiAs3J2QzasrEmra9i8fyKn+aCleNSAXaIw816g3Rcf7sItIxzVToH96poYWY1bvwWZBAsF+ Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 25 Sep 2017 22:02:29 -0000 Date: 25 Sep 2017 15:02:28 -0700 Message-ID: From: "John R. Levine" To: "Martin Thomson" Cc: "Scott Kitterman" , dcrup@ietf.org In-Reply-To: References: <3272257.svHMZeYSyp@kitterma-e6430> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [Dcrup] One algorithm to rule them all, or maybe two X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2017 22:02:32 -0000 > It might be reasonable to assume that people will put the first > quantum computers to work on more lucrative pursuits than spam, but it > might become an attractive target if it is so ossified around a > particular scheme that deploying a PQ scheme is made impossible. It's not just spam. In the recent US political campaign, some of the political e-mail messages from a phished account were authenticated by observing that their DKIM signatures were still valid. The value of a verifiable signatures on a fake "stolen" message could be considerable, and we've already seen stuff at Wikileaks which mixes real stolen material with disinformation. This probably says something about key rotation policy, but that's a separate issue. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Tue Sep 26 10:24:13 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 279931342DB; Tue, 26 Sep 2017 10:24:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?Mirja_K=C3=BChlewind?= To: "The IESG" Cc: draft-ietf-dcrup-dkim-usage@ietf.org, Seth Blank , dcrup-chairs@ietf.org, seth@sethblank.com, dcrup@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150644664115.20780.9524597228369212227.idtracker@ietfa.amsl.com> Date: Tue, 26 Sep 2017 10:24:01 -0700 Archived-At: Subject: [Dcrup] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft-?= =?utf-8?q?ietf-dcrup-dkim-usage-04=3A_=28with_COMMENT=29?= X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 17:24:01 -0000 Mirja Kühlewind has entered the following ballot position for draft-ietf-dcrup-dkim-usage-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please check and address the feedback provided by the gen-art review (Thanks Jari!). My understanding is that the normative language was discussed in detail for this draft but Jari brought up a point on forward-comparability with future algorithms regarding verification. I would also be interested to at least see a reply to that! From nobody Tue Sep 26 22:40:54 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E453124207; Tue, 26 Sep 2017 22:40:52 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Roach To: "The IESG" Cc: draft-ietf-dcrup-dkim-usage@ietf.org, Seth Blank , dcrup-chairs@ietf.org, seth@sethblank.com, dcrup@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150649085207.24995.1867894975380491185.idtracker@ietfa.amsl.com> Date: Tue, 26 Sep 2017 22:40:52 -0700 Archived-At: Subject: [Dcrup] Adam Roach's No Objection on draft-ietf-dcrup-dkim-usage-04: (with COMMENT) X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 05:40:52 -0000 Adam Roach has entered the following ballot position for draft-ietf-dcrup-dkim-usage-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I would have expected section 4 to be explicit in the interaction between the requirement that "rsa-sha1 MUST NOT be used for signing or verifying" and the Authentication-Results header defined in RFC 7001. In particular, I would have expected to see guidance here whether receipt of a message using sha1 should be coded as "neutral" or "policy": as an implementor, I would be unsure which one to use. From nobody Wed Sep 27 19:10:20 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D96E7135255; Wed, 27 Sep 2017 19:10:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Ben Campbell To: "The IESG" Cc: draft-ietf-dcrup-dkim-usage@ietf.org, Seth Blank , dcrup-chairs@ietf.org, seth@sethblank.com, dcrup@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150656461384.13748.13197533071257342162.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 19:10:13 -0700 Archived-At: Subject: [Dcrup] Ben Campbell's Yes on draft-ietf-dcrup-dkim-usage-04: (with COMMENT) X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 02:10:14 -0000 Ben Campbell has entered the following ballot position for draft-ietf-dcrup-dkim-usage-04: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- -4: "Verifiers MUST verify using rsa-sha256." Should this say "...MUST be able to..."? That is, am I correct in assuming that a verifier will use the scheme specified by the signer if it is capable of doing so, and that it doesn't make sense to try to verify with rsa-sha256 if the signer used something else? From nobody Sat Sep 30 08:02:29 2017 Return-Path: X-Original-To: dcrup@ietf.org Delivered-To: dcrup@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7D4132026; Sat, 30 Sep 2017 08:02:28 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: superuser@gmail.com, dcrup@ietf.org, dcrup-chairs@ietf.org, aamelnikov@fastmail.fm X-Test-IDTracker: no X-IETF-IDTracker: 6.63.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150678374816.3463.17924072404505307680.idtracker@ietfa.amsl.com> Date: Sat, 30 Sep 2017 08:02:28 -0700 Archived-At: Subject: [Dcrup] dcrup - New Meeting Session Request for IETF 100 X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2017 15:02:28 -0000 A new meeting session request has just been submitted by Murray Kucherawy, a Chair of the dcrup working group. --------------------------------------------------------- Working Group Name: DKIM Crypto Update Area Name: Applications and Real-Time Area Session Requester: Murray Kucherawy Number of Sessions: 1 Length of Session(s): 30 Minutes Number of Attendees: 20 Conflicts to Avoid: First Priority: cfrg lamps jmap dmarc dispatch People who must be present: Rich Salz Alexey Melnikov Murray Kucherawy Resources Requested: Special Requests: ---------------------------------------------------------