From nobody Thu Feb 1 09:36:35 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 915C212EAFA for ; Thu, 1 Feb 2018 09:36:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Joj0BLMSKw23 for ; Thu, 1 Feb 2018 09:36:29 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D5D512EC0A for ; Thu, 1 Feb 2018 09:36:17 -0800 (PST) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w11HRIMu014732; Thu, 1 Feb 2018 17:36:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=5qXy/hOcEk6WSArw4l8DkKTbTNHRZhXXj7CqnQHpPwU=; b=iVQpPb88pTt2ReDkkrCpmO0Ke1xs7WypSDB7EOCLuBCh1JsKEB69lBFQFX3GZ7rkrA05 I9AnQMHetxxyl982iSaCS3B9sbeRsRA6iKGSDmMg3B8S03eDszStVH8oQBEoKYJ/p7Dq +frNu2tkgpG4densdxudoNmxPm721bYsXwV8UkGwfP7ccbd4u87W8xa0fN7uMjKD1+HG CVacYCTsNlAnKqXUc43uGrJ6kEMdzxdo5vmLAZoSxhlZFzBSvmIPHkuyTz7L5TS/T6Ri 61J4Qufu7UuUt7+yoVpj/LAvBv3/lqz+x8KxWFR551ct85hHQNdq11WSaDeKE81viImG 9w== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0b-00190b01.pphosted.com with ESMTP id 2fv5ydrbjc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2018 17:36:12 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w11Ha6K9007225; Thu, 1 Feb 2018 12:36:11 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 2frnmyu7j7-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2018 12:36:11 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 1 Feb 2018 12:36:09 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Thu, 1 Feb 2018 12:36:09 -0500 From: "Salz, Rich" To: Scott Kitterman , "dcrup@ietf.org" Thread-Topic: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTmqKfjG6+cXRWMEypzMoeK481UKOOZ2qAgAG9bIA= Date: Thu, 1 Feb 2018 17:36:09 +0000 Message-ID: References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <2142766D-1404-409E-9419-C883737AE23E@kitterman.com> In-Reply-To: <2142766D-1404-409E-9419-C883737AE23E@kitterman.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.35.27] Content-Type: text/plain; charset="utf-8" Content-ID: <90D4C9B651F93B4EB091878F6F6FC995@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=863 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802010225 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=810 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802010224 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 17:36:34 -0000 DQogICAgSSBkb24ndCB0aGluayBtaXNzaW5nIHRvIHNwZWNpZnkgaGFzaC1hbGcgaXMgZWRpdG9y aWFsLiAgSSBhZ3JlZSB0aGUgc2Vjb25kIGlzIGVkaXRvcmlhbC4NCg0KQXMgeW91ciBub3RlIHBv aW50cyBvdXQsIFNIQTI1NiBpcyBvYnZpb3VzbHkgaW1wbGllZCBieSB0aGUgbmFtZSBvZiB0aGUg ZGVmaW5pdGlvbiA6KSAgQnV0IHdlIGRpZCBoYXZlIGNvbnNlbnN1cyB0byB1c2UgU0hBMjU2IGZv ciB0aGlzIG1lY2hhbmlzbS4NCg0KTXIuIEF1dGhvciwgcGxlYXNlIHVwZGF0ZSBhbmQgcmVzdWJt aXQgdGhlIGRvYyB0byBhY2NvdW50IGZvciB0aG9zZSBmaXJzdCB0d28gaXNzdWVzIGZyb20gaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi9kY3J1cC9jdXJyZW50L21zZzAwNjE5 Lmh0bWwNCg0KDQo= From nobody Thu Feb 1 11:14:26 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32FF012EC6E for ; Thu, 1 Feb 2018 11:14:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.009 X-Spam-Level: X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=gVmDGIHT; dkim=pass (1536-bit key) header.d=taugh.com header.b=YmfPl3/Y Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JTezSxC4lI2Q for ; Thu, 1 Feb 2018 11:14:22 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B72124207 for ; Thu, 1 Feb 2018 11:14:22 -0800 (PST) Received: (qmail 16781 invoked from network); 1 Feb 2018 19:14:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=418b.5a73670d.k1802; bh=2HkrMI261+Yj4JQcN6PvYuqVh9Zyb5d25ppRiJ47PJM=; b=gVmDGIHTfS7Y/q+aRaNnxJFYkU8/ADjD7vk6/3tLiE5zpuuRl1V/WkS0QNhVRgxzRyYbkXGXUNKC06Ni1jCtTfVQ3JefL6M8FNpi3frRvLhmT6LFKhL8JHRJ/LfylcDZJF5iFCI8WnB/0fTr6aW1sGHKqfWdjxD2/c1s2Cch7LRDe1f4OMr0EFo/t2egWc9jtDymzOypOCQCxiumOTujDzUO2VJfUopoLGIZnsgpsF4aevKYGaq4J1qAR2TBYcEw DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=418b.5a73670d.k1802; bh=2HkrMI261+Yj4JQcN6PvYuqVh9Zyb5d25ppRiJ47PJM=; b=YmfPl3/YSTX9k2KZfv6kpvrvjW2oawjbwhkHQedulcVK7aiXSv+UOWKTQOmoo/vAUyXzu2u6ZIZDFVVvP1mxuCehZBN0p5m2kAcHXf2lGFmlVlWUF5mhlGMTKNcA7QAWchH1Hvc547EXAZu6ML1APIU3jsJi4BBJq7abDFZwFsVh9lOoS4JCOqBq778nH3IzbQBg91Xe4bSFdaMar0M6/qcntos+0V6Cmj6ATmrNOWj2zYJMRxGzAL7MLFCj9A7W Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 01 Feb 2018 19:14:21 -0000 Received: by ary.qy (Postfix, from userid 501) id D41ED1A2A6E5; Thu, 1 Feb 2018 14:14:20 -0500 (EST) Date: 1 Feb 2018 14:14:20 -0500 Message-Id: <20180201191420.D41ED1A2A6E5@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: rsalz@akamai.com In-Reply-To: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 19:14:25 -0000 In article <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> you write: >Scott has asked that his WGLC call issues from December be addressed. I believe this is the message he >means is this: > https://www.ietf.org/mail-archive/web/dcrup/current/msg00619.html >and that only the first two points remain. They seem like editorial clarifications to me; John can you make >those changes or something similar? Done, an updated draft is sitting here waiting for ... >There has also been discussion about including samples in the document. Where are we with that? I think a lot of us are twiddling our thumbs waiting for the OpenSSL version it is that will include ed25519 signatures since we'd rather not rewrite our RSA code to call some library that already has ed25519 and we don't want to call two different crypto libraries from our DKIM code. I see 1.1.0g in the freebsd packages which looks like it's got ed25519, so now I just have to figure out how to use the fricking thing. R's, John From nobody Thu Feb 1 15:15:34 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A99BF12F28B for ; Thu, 1 Feb 2018 15:15:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.009 X-Spam-Level: X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=aam3Y9Mz; dkim=pass (1536-bit key) header.d=taugh.com header.b=Ccgaf7fP Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5arNTsDLaH51 for ; Thu, 1 Feb 2018 15:15:29 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E5C12F2A0 for ; Thu, 1 Feb 2018 15:15:28 -0800 (PST) Received: (qmail 63267 invoked from network); 1 Feb 2018 23:15:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f721.5a739f90.k1802; bh=62AJtXwXllLfnINGQqNxEyh+3Oy65Nl/6n6Eav0ix84=; b=aam3Y9MzCxfNpbF6zf0AEiJBDFVGUEEFPY2VirxbjIxSdx9BfnxG9ltcNoneDEUnXQJl0T7/awiHZ/Aujk7VzEI+DOl62OI6B651tl5TzztOOP5fjvCaDqq5sRwZEAq2OS0KuTkE/i2UlNwW4+/07qRHNv0YBdv65+/rFYaX+pb937PFZBePdjvHfwrIJx4gX2I1XgHZ+vbDXTprPsi4pXH0Na0Uoc1FFmhz9rOtwal6+C7ViawMB5UAYJEv71j0 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f721.5a739f90.k1802; bh=62AJtXwXllLfnINGQqNxEyh+3Oy65Nl/6n6Eav0ix84=; b=Ccgaf7fP8sjQgnYr4vEmhEedRSH9U/+lvHZWAigIIUYxav9PZQUHQ18NthYwslQ/UZ4wyLh3wZtIRraEQ5rdPu7T36q/cHhNZsnAtP3AoVxTvM704QDINKuyX9271T4k4irhRx+wn9cmt3FsFmutlUZ7FykyohNeZGjQ5BGsXZl21gUJ2bS4lolK+3nrVbVX6CfNG4QX/KgQqA7zH8HiFug3IctvQCoOIu0JxZLvFzseZ0k182aXtwEGo/AtVTte Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 01 Feb 2018 23:15:27 -0000 Received: by ary.qy (Postfix, from userid 501) id 7B2531A2BCBC; Thu, 1 Feb 2018 18:15:25 -0500 (EST) Date: 1 Feb 2018 18:15:25 -0500 Message-Id: <20180201231527.7B2531A2BCBC@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: rsalz@akamai.com In-Reply-To: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 23:15:32 -0000 In article <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> you write: >Scott has asked that his WGLC call issues from December be addressed. I believe this is the message he means is this: > https://www.ietf.org/mail-archive/web/dcrup/current/msg00619.html >and that only the first two points remain. They seem like editorial clarifications to me; John can you make those changes or something similar? I have the changes in a copy here waiting to be sent in ... >There has also been discussion about including samples in the document. Where are we with that? ... once we deal with this. I use the perl DKIM library and as far as I can tell there is not yet any perl library support for OpenSSL ed25519 signatures, even though the underlying OpenSSL has had it for a while. There are other perl crypto libraries but I only see one that does ed25519 and it uses underlying code from it's not clear where. R's, John From nobody Thu Feb 1 15:19:00 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE58212F2A6 for ; Thu, 1 Feb 2018 15:18:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NUHwzZgncxV for ; Thu, 1 Feb 2018 15:18:58 -0800 (PST) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0A812F2A0 for ; Thu, 1 Feb 2018 15:18:57 -0800 (PST) Received: from [2a00:b900:109e:0:8dd1:c9bf:bd41:2d93] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90.102) id 1ehO85-0004LR-S0 for dcrup@ietf.org (return-path ); Thu, 01 Feb 2018 23:18:53 +0000 To: dcrup@ietf.org References: <20180201191420.D41ED1A2A6E5@ary.qy> From: Jeremy Harris Message-ID: <6ce59089-e229-bf68-4729-4400912a7fab@wizmail.org> Date: Thu, 1 Feb 2018 23:18:51 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180201191420.D41ED1A2A6E5@ary.qy> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pcms-Received-Sender: [2a00:b900:109e:0:8dd1:c9bf:bd41:2d93] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 23:19:00 -0000 On 01/02/18 19:14, John Levine wrote: > I see 1.1.0g in the freebsd packages which looks like it's got > ed25519, so now I just have to figure out how to use the fricking > thing. My build of 1.1.0g spits out: error:0608F096:digital envelope routines:EVP_PKEY_verify_init:operation not supported for this keytype with my attempted use for DKIM with a=ed25519-sha256. Current master ditto. -- Jeremy From nobody Thu Feb 1 17:15:42 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D0D126B7E for ; Thu, 1 Feb 2018 17:15:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWAoqp74MHyy for ; Thu, 1 Feb 2018 17:15:39 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F1841200E5 for ; Thu, 1 Feb 2018 17:15:39 -0800 (PST) Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1216qe2013335; Fri, 2 Feb 2018 01:15:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=KntzIYjCTOVRCN0vf8MDKw0EViL9iVcm9oN9K0nwr3Y=; b=hqHPzOsKqjh0YK3MblUZDaWk2/3QLH98cl4b6UyJmLYW/F6UfCNEDAHnyyIvqn+FIaaZ KaNt3fFKkBbEn+fRreTtrcrAwf1Yo7WgJbKDWZbGX9P6tt7P65HmH1MysplLFeddAvQW 6z4r2I1rFZczHUam9l+5GzoMx3zbpd6pT+2T2tzW3kZQfHm5RZ4IBV5Gbe0liMFsnO4H QAVrxWHyefXkqRq5ibXne++VM4iRXuMvnqPdwjUeziW9/R2KOGDovHQyaZktHJQviK6L OJpsrsMbZ1D5WeerzCcofj7xBDjULjxEmxjMS8XpTW1YAs6yX+V7Nuy/CKs5p+3sNJdf SA== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by mx0a-00190b01.pphosted.com with ESMTP id 2fu1xb9v2w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Feb 2018 01:15:38 +0000 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1216Bca022856; Thu, 1 Feb 2018 20:15:36 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 2frnmycpw1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2018 20:15:36 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 1 Feb 2018 20:15:35 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Thu, 1 Feb 2018 20:15:35 -0500 From: "Salz, Rich" To: John Levine , "dcrup@ietf.org" Thread-Topic: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTmqKfjG6+cXRWMEypzMoeK481UKOQg6CAgAAhk4A= Date: Fri, 2 Feb 2018 01:15:35 +0000 Message-ID: <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> In-Reply-To: <20180201231527.7B2531A2BCBC@ary.qy> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.124] Content-Type: text/plain; charset="utf-8" Content-ID: <71F258FB14B4E146A91F19ACA4B93F34@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=968 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802020008 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=918 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802020008 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 01:15:41 -0000 4p6iIFRoZXJlIGFyZSBvdGhlciBwZXJsIGNyeXB0byBsaWJyYXJpZXMgYnV0IEkgb25seSBzZWUg b25lIHRoYXQgZG9lcw0KICAgIGVkMjU1MTkgYW5kIGl0IHVzZXMgdW5kZXJseWluZyBjb2RlIGZy b20gaXQncyBub3QgY2xlYXIgd2hlcmUuDQogICAgDQpDYW4geW91IHRyeSBpdCBhbmQgcG9zdCB0 aGUgcmVzdWx0cz8gIElGIHNvbWVvbmUgZWxzZSBjYW4gdmVyaWZ5IHRoZSBzaWduYXR1cmUgdGhl biB3ZSBjYW4gcHVibGlzaCBpdCwgZXZlbiBpZiBpdOKAmXMgbm90IHRoZSBjb2RlIHlvdSB3b3Vs ZCB3YW50IHRvIHVzZSBpbiBwcm9kdWN0aW9uLg0KDQo= From nobody Thu Feb 1 17:27:57 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9E212E052 for ; Thu, 1 Feb 2018 17:27:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Iszhw4R1; dkim=pass (1536-bit key) header.d=taugh.com header.b=OUOxtcfI Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atjQVzvSQFfo for ; Thu, 1 Feb 2018 17:27:53 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B77B12E6D7 for ; Thu, 1 Feb 2018 17:27:53 -0800 (PST) Received: (qmail 87696 invoked from network); 2 Feb 2018 01:27:51 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1568e.5a73be97.k1802; bh=TL/Z62xryb6ILSVJx+D0wm6S66Kt5HmkjFAne2nIMLs=; b=Iszhw4R1f7s5xDVFv9VM4dZqpWG99aRI5TsmeYY7K/9ZaFsrRIMdR7bhrCpANXjKmN3c2onW/L4RocdaNvTXLQhGCJSX4nril86PLgh/tuLewovQ5xU4QMgbi2hxIuB013Mv2Nld7AKyZxJnzmyutvPug+4DECZzluLmrgwNPP2m4LO764Af+I9OlshSuHkagdmOPvhOYp2PDk8YzVfATy68/YKTTmGdNPFR/VTsa1BnlYmn9CdV5q672MyEa+1u DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1568e.5a73be97.k1802; bh=TL/Z62xryb6ILSVJx+D0wm6S66Kt5HmkjFAne2nIMLs=; b=OUOxtcfIHrZIR2hWBYoBBULIcbx+y/5RrEYcBsa4dmgAARbmymB+4hQ/onleqVE7wUH+NISLyV5mMU4QgJAu3N0XkmCp+r+nZWY+ndSKjuZAXvj0lOuNBz3xoiVpVTL3f+Bmc0w7DGjX5YIHxCFzsWW/1W6qLB7BWj76r2UkxU9FJM6osD+YuYQK3t/4R4MuabnXfQeJdNFJgdL9OIWAYfC9gUfbHhRg0dkCMUNfid5YgsVxMCKioS3ZQ7LtRiQS Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 02 Feb 2018 01:27:51 -0000 Date: 1 Feb 2018 20:27:50 -0500 Message-ID: From: "John R Levine" To: "Salz, Rich" Cc: "dcrup@ietf.org" In-Reply-To: <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="0-1024102098-1517534871=:10280" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 01:27:55 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1024102098-1517534871=:10280 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT > ➢ There are other perl crypto libraries but I only see one that does > ed25519 and it uses underlying code from it's not clear where. > Can you try it and post the results? IF someone else can verify the signature then we can publish it, even if it’s not the code you would want to use in production. I'll take a look. The existing code is pretty tied to openssl. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly --0-1024102098-1517534871=:10280-- From nobody Thu Feb 1 17:33:29 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB8A12E88A for ; Thu, 1 Feb 2018 17:33:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCa4vQWGn_Gz for ; Thu, 1 Feb 2018 17:33:26 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45B9812E869 for ; Thu, 1 Feb 2018 17:33:26 -0800 (PST) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w121QZ3l007477; Fri, 2 Feb 2018 01:33:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=W3hUJFxNHQbHMPhAAh0GWTs6AS5RrW7kKBi6EBolI5s=; b=jMJ62WqsegW7FDocFtqUX8uq6QYLIBVAm65ZrKh8pagvhHyPsNUUS0fQTaYsYkWPDCUl cmCOFS5wTVUoVr/XL+QvbZTn1y6tQr4a2X+DUXy1TNGGV0f+8IdlI80AyEw6DuwNv6Wc RffOiG5G/VZ0XfhFmh62Iswo5aS+Ev8PnU33LaTFyUQmuFD0YQmp9O0d9Wu4cnWCVxFS 7i60Nd0H+pKT2fC855dUKBmWmjH5ppiWzLCB2TnGQXzJyMi/pYlUPfw9bGOipYU+pSkD oIgwW4mgnuxWWvVBLe0xGf0YPlGMVzLuVliu8LtlLNcDVTu0kbK9hYqyW88vDHUrgov3 zg== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050102.ppops.net-00190b01. with ESMTP id 2fu0tb1vd3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Feb 2018 01:33:23 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w121VWHG006939; Thu, 1 Feb 2018 20:33:19 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint2.akamai.com with ESMTP id 2frnmyvn9x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 01 Feb 2018 20:33:18 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 1 Feb 2018 20:33:17 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Thu, 1 Feb 2018 20:33:17 -0500 From: "Salz, Rich" To: John R Levine CC: "dcrup@ietf.org" Thread-Topic: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTmqKfjG6+cXRWMEypzMoeK481UKOQg6CAgAAhk4CAAANtAIAAAYQA Date: Fri, 2 Feb 2018 01:33:16 +0000 Message-ID: <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.124] Content-Type: text/plain; charset="utf-8" Content-ID: <1DE47DC220982C408FA65F900A15486A@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=669 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802020011 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-01_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=627 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802020011 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 01:33:28 -0000 Q2FuIGFueW9uZSBlbHNlIGdlbmVyYXRlIG9yIHZlcmlmeSBhIHNpZ25hdHVyZT8gIFNvIHdlIGhh dmUgc29tZXRoaW5nIHRvIHB1dCBpbnRvIHRoZSBkcmFmdD8/DQoNCg0K From nobody Thu Feb 1 18:10:56 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A02126DC2 for ; Thu, 1 Feb 2018 18:10:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91m9z6YWCOkG for ; Thu, 1 Feb 2018 18:10:51 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A00F2126DEE for ; Thu, 1 Feb 2018 18:10:51 -0800 (PST) Received: from [192.168.1.146] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 45BBFC40218; Thu, 1 Feb 2018 20:10:50 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517537450; bh=jDvN+f6iTdg1B+GGQ2QKtxC+nNKJM/qimsJaFpNlIjQ=; h=Date:In-Reply-To:References:Subject:To:From:From; b=gt7O1AA062pQr1Pv9OKgJ+HOo0kCxmlWXdblGZ2kxkO+RgaIcg8mvHSbf9GnzDHd0 pLt3cGUcDTjO7bIf5fLfadACRFP1lAXUNqwsQnaX0wdMMUU3iBQAj+N0qX+4QoSkw4 URmvrUVk0UpIdIhUwJ47koTkubjSmu+lwv4jGjyo= Date: Fri, 02 Feb 2018 02:10:45 +0000 In-Reply-To: <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org From: Scott Kitterman Message-ID: <60B1CECC-162F-466A-A3BB-AC5544704F28@kitterman.com> Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 02:10:55 -0000 I think I'm close=2E There's a good chance I'll have something this weeken= d=2E Scott K On February 2, 2018 1:33:16 AM UTC, "Salz, Rich" wrot= e: >Can anyone else generate or verify a signature? So we have something >to put into the draft?? > > >_______________________________________________ >Dcrup mailing list >Dcrup@ietf=2Eorg >https://www=2Eietf=2Eorg/mailman/listinfo/dcrup From nobody Fri Feb 2 01:19:37 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CAD127909 for ; Fri, 2 Feb 2018 01:19:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIpScf3jV1TB for ; Fri, 2 Feb 2018 01:19:35 -0800 (PST) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E65124205 for ; Fri, 2 Feb 2018 01:19:34 -0800 (PST) Received: from [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90.102) id 1ehXVK-0004xS-Kv for dcrup@ietf.org (return-path ); Fri, 02 Feb 2018 09:19:30 +0000 To: dcrup@ietf.org References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> From: Jeremy Harris Message-ID: Date: Fri, 2 Feb 2018 09:19:27 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pcms-Received-Sender: [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 09:19:36 -0000 On 02/02/18 01:33, Salz, Rich wrote: > Can anyone else generate or verify a signature? I can, but... > So we have something to put into the draft?? ... having no independent verification, I don't trust it. I'm hoping Scott will give me that assurance. -- Jeremy From nobody Sat Feb 3 21:26:30 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D38C120727 for ; Sat, 3 Feb 2018 21:26:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6H20-riKqaC for ; Sat, 3 Feb 2018 21:26:26 -0800 (PST) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48F931201FA for ; Sat, 3 Feb 2018 21:26:26 -0800 (PST) Received: by mail-lf0-x22d.google.com with SMTP id 63so37245585lfv.4 for ; Sat, 03 Feb 2018 21:26:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=i/riKJ+oJwlfSiUZNxzWq1wBGpP0yffpkKLYXZ4EhOk=; b=gUkkEarAkFdUc4xX3zFY/xKn4Vxtk1k12TLp1pfy7dJdHf/yfoYmEKCyQK00Lir0lq GUvxjiyZ5saC9HCulknmaGFM0rHWRHhyHQQQhTbCGPNsJK5x7Q008F5zPZZedWNejijk qXYoD2k2u8s22y/1QcwI4J0l2Fgef3X+6M4EL5CjjA3D2YjRrsKGPBd7SqpPt9yt9w4J Q3Tx8Q3RPeq+DTM1p1GpWt+gqyHNYvsz6Sg6ZoX9mvNyRYg0dZ/iV9eUyupBOoZZ7WYH Y5a/ppcst0GcXljdhJ4x99pYb+z2P5IdH5Doe463maIk3zJmgsjnda0BRr/egRmfwuB0 Powg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=i/riKJ+oJwlfSiUZNxzWq1wBGpP0yffpkKLYXZ4EhOk=; b=oxLfSVQIhrxr9nZL8Q+mVFiYgyIvNUGvXw52ekuFhb1S9EMwNrzepI8pLpkyMvEf1L Io2+FseZGq8vfRGwycyK292EEoFHonygiClZbVEC05wLQ1f5DMzKto7uFmgKN1ti1Uvp 1qxghl3e0rwlJOia2Q9S3SbGsxhh/+xKAnGSb/ZJOuuwqPPUoi6MJAskWhJaqZtcLC/B g1dgVz2N4Qaz9+q2N6YqwUR9LfQWfUCTwWRNjSvuQvogzWRf5so4X3junS7/KudbBRqR 9tEe+wSkBugk26BVmpgqc3JIgsms1LN1yT+lZXYcp9aL50SiSX5vlAoZZnW848jpq8wv wCpA== X-Gm-Message-State: AKwxytd8iZmpZfwv5/folf0sy6gGmHIa34PWbdoNGV5KXYfZU0ww0Y3U UlxFzr3zk39Ce1iZjFy7vu+uzZAj7/LZELYx+PNJqA== X-Google-Smtp-Source: AH8x2265yTBqb7zKPbW40YSvHbxMHhDkzR7H1ThNB1koM3cxweA/2C+lHt1S2cfwjHctLJOC0OIccb709BpYxJod4oE= X-Received: by 10.46.126.18 with SMTP id z18mr11986971ljc.131.1517721984405; Sat, 03 Feb 2018 21:26:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.46.66.79 with HTTP; Sat, 3 Feb 2018 21:26:23 -0800 (PST) In-Reply-To: References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> From: "Murray S. Kucherawy" Date: Sat, 3 Feb 2018 21:26:23 -0800 Message-ID: To: Jeremy Harris Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="089e0827c104bf958d05645c2ffb" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2018 05:26:28 -0000 --089e0827c104bf958d05645c2ffb Content-Type: text/plain; charset="UTF-8" On Fri, Feb 2, 2018 at 1:19 AM, Jeremy Harris wrote: > On 02/02/18 01:33, Salz, Rich wrote: > > Can anyone else generate or verify a signature? > > I can, but... > > > So we have something to put into the draft?? > > ... having no independent verification, I don't trust it. > I'm hoping Scott will give me that assurance. I can try in the next few days to test it against OpenDKIM. -MSK --089e0827c104bf958d05645c2ffb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Feb 2, 2018 at 1:19 AM, Jeremy Harris <jgh@wizmail.= org> wrote:
On 02/02/18 01:33, = Salz, Rich wrote:
> Can anyone else generate or verify a signature?

I can, but...

> So we have something to put into the draft??

... having no independent verification, I don't trust it.
I'm hoping Scott will give me that assurance.

I can try in the next few days to test it against OpenDKIM.

-MSK
--089e0827c104bf958d05645c2ffb-- From nobody Sat Feb 3 21:42:44 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A9B41250B8 for ; Sat, 3 Feb 2018 21:42:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwgOI--C9TlS for ; Sat, 3 Feb 2018 21:42:40 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A66361201FA for ; Sat, 3 Feb 2018 21:42:40 -0800 (PST) Received: from [192.168.1.146] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 49FB3C402A6; Sat, 3 Feb 2018 23:42:38 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517722958; bh=CtPIRqrdSmLcWZ3oZWOQZ5Lb97kCnmnsMSG46NkpwJE=; h=Date:In-Reply-To:References:Subject:To:From:From; b=jMIOyRyjASe9kn7+LNCTKQuN+ApVoViy0MztVS0+U9chc4tnc9GwP10b1aYmAAS0K n1QPqcPr9UklxvM8jf/AjDWCVFjcvlM9LnVrYmVgBkxgpl2n8TlCA5PeODyNhGorAg GdXE7LyOtEU+TCt8gU3mthkBlbpnZuQKpYC+3scA= Date: Sun, 04 Feb 2018 05:42:32 +0000 In-Reply-To: References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <20180201231527.7B2531A2BCBC@ary.qy> <0F56A62C-A195-454C-A0A1-C7FB03AEBFF5@akamai.com> <7042FF19-2572-42E0-B06B-17F438AB0178@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org From: Scott Kitterman Message-ID: Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2018 05:42:43 -0000 On February 4, 2018 5:26:23 AM UTC, "Murray S=2E Kucherawy" wrote: >On Fri, Feb 2, 2018 at 1:19 AM, Jeremy Harris wrote: > >> On 02/02/18 01:33, Salz, Rich wrote: >> > Can anyone else generate or verify a signature? >> >> I can, but=2E=2E=2E >> >> > So we have something to put into the draft?? >> >> =2E=2E=2E having no independent verification, I don't trust it=2E >> I'm hoping Scott will give me that assurance=2E > > >I can try in the next few days to test it against OpenDKIM=2E > We've had some off list exchange of data and we each learned something=2E = My implementation is still incomplete, but I'm working on it=2E Scott K From nobody Mon Feb 5 00:57:47 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA3F912946D for ; Mon, 5 Feb 2018 00:57:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jsLd7dGFfqry for ; Mon, 5 Feb 2018 00:57:43 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14FA61241F5 for ; Mon, 5 Feb 2018 00:57:41 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 3853BC40144 for ; Mon, 5 Feb 2018 02:57:39 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517821059; bh=PKLdGxHJwP0gOwVobHjG955fmSjB+XnsrFU2s+zDGAQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=pbeOxid3GCEB7+s2wAZSYR9birOD0IwjqbzaL41xOtRHftO9znYwBstP0Aj50NK24 hs2LJmsTeYlZBDqk/beuxt4NQE9Z418ysEzHUzGuxk3humc9BvouwmwKAq243Dwok0 LdyuBxIdircp/1OLsKAYgv2Aya5uYc5uPx5Cwbr8= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 03:57:39 -0500 Message-ID: <4495955.l4dWtiFfH9@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 08:57:46 -0000 On Sunday, February 04, 2018 05:42:32 AM Scott Kitterman wrote: > On February 4, 2018 5:26:23 AM UTC, "Murray S. Kucherawy" wrote: > >On Fri, Feb 2, 2018 at 1:19 AM, Jeremy Harris wrote: > >> On 02/02/18 01:33, Salz, Rich wrote: > >> > Can anyone else generate or verify a signature? > >> > >> I can, but... > >> > >> > So we have something to put into the draft?? > >> > >> ... having no independent verification, I don't trust it. > >> I'm hoping Scott will give me that assurance. > > > >I can try in the next few days to test it against OpenDKIM. > > We've had some off list exchange of data and we each learned something. My > implementation is still incomplete, but I'm working on it. > > Scott K I can now sign and verify messages I signed. Before we put anything in the draft as an example though, I think we ought to get two implementations to agree. Jeremy and I both have working, internally consistent implementations. Now we need to exchange some data. Hopefully we can get OpenDKIM in the mix too. My python code is published in the usual location: https://code.launchpad.net/~dkimpy-hackers/dkimpy/trunk Scott K From nobody Mon Feb 5 09:23:29 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EF0C1273B1 for ; Mon, 5 Feb 2018 09:23:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H65FSOXtVyeS for ; Mon, 5 Feb 2018 09:23:26 -0800 (PST) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 718E61270AB for ; Mon, 5 Feb 2018 09:23:26 -0800 (PST) Received: from [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90.102) id 1eikUG-0006OO-Fx for dcrup@ietf.org (return-path ); Mon, 05 Feb 2018 17:23:24 +0000 To: dcrup@ietf.org References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <4495955.l4dWtiFfH9@kitterma-e6430> From: Jeremy Harris Message-ID: Date: Mon, 5 Feb 2018 17:23:24 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <4495955.l4dWtiFfH9@kitterma-e6430> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Pcms-Received-Sender: [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 17:23:29 -0000 On 05/02/18 08:57, Scott Kitterman wrote: > On Sunday, February 04, 2018 05:42:32 AM Scott Kitterman wrote: > I can now sign and verify messages I signed. Before we put anything in the > draft as an example though, I think we ought to get two implementations to > agree. Jeremy and I both have working, internally consistent implementations. > Now we need to exchange some data. Looking good; I can verify a sample message signed by Scott. -- Jeremy From nobody Mon Feb 5 10:15:41 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C4FC12D886 for ; Mon, 5 Feb 2018 10:15:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5V4vYwKpKjn for ; Mon, 5 Feb 2018 10:15:37 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66631267BB for ; Mon, 5 Feb 2018 10:15:37 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 15B93C4005E for ; Mon, 5 Feb 2018 12:15:34 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517854534; bh=CyMxExPCCl7aPGNj2LLLCXeZo9DP4DQU0GfmmQUG0As=; h=From:To:Subject:Date:In-Reply-To:References:From; b=HvbpOPe+tLkpAb/42nvMlVgFWW6AvJzHdNLzgS+sqE6HqI10H+GQvElNT4b0n31b7 +jSQKWaIntcZ3+BhSyiN8u76KKS36vufv1m+Q22f4Ar7GvuDu/ZdBTw1+Z59QxBnIj J3SsWlLP1Z72zEUtt2y08bdJsr2eeHag4+8ahMBc= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 13:15:34 -0500 Message-ID: <3180788.trd3Qjhcid@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <4495955.l4dWtiFfH9@kitterma-e6430> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 18:15:39 -0000 On Monday, February 05, 2018 05:23:24 PM Jeremy Harris wrote: > On 05/02/18 08:57, Scott Kitterman wrote: > > On Sunday, February 04, 2018 05:42:32 AM Scott Kitterman wrote: > > I can now sign and verify messages I signed. Before we put anything in > > the > > draft as an example though, I think we ought to get two implementations to > > agree. Jeremy and I both have working, internally consistent > > implementations. Now we need to exchange some data. > > Looking good; I can verify a sample message signed by Scott. And I can do the same for a sample message from Jeremy. If someone would provide the text of the example message you want signed for the draft, I can provide the signature. I recommend we use the keys from Section 7.1, Test 1 of RFC 8032. Scott K From nobody Mon Feb 5 10:20:13 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CC5612D941 for ; Mon, 5 Feb 2018 10:20:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OCah-mxixODN for ; Mon, 5 Feb 2018 10:20:10 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7EEE12D940 for ; Mon, 5 Feb 2018 10:20:08 -0800 (PST) Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w15IIDO3018892; Mon, 5 Feb 2018 18:20:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=eh+p0I2Lc280gXojYWusc1oLJdrZDX1HkSUXlJicQ14=; b=MB7Ga4VtYDUcSiYQkDylrjn6C36M8eHEZdYMHLhIb9V90ZhA8+YiU+HmX2SwVYignAua ERIXkZviVdpZvELPpA+e8DJ4eV/ezpjqKcGEG3lT4eNxioacfN9fU3tICyQqM3ZWq2My j7V44V+G0Nt5fgTD7jcOvOOkcpIhNXtS4CcA3vIu2Pz36/v6f9f36k1Ed799uJL5lYJK pzDoAdNGQb2w1sQKsaqeeQ1Sd4lAH75oAf79fkDdSqCQYAWDMGu8qbNNoh1a9NLh84hO VY9hdw1qYU0ELkBvjnUwJPE7aa/jgklOesIxbVbaxW2KLR/CRiJTd1HgcFyuOu5hY0ho DA== Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050096.ppops.net-00190b01. with ESMTP id 2fw6caesma-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 05 Feb 2018 18:20:06 +0000 Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w15IG9Xi023527; Mon, 5 Feb 2018 13:20:05 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint4.akamai.com with ESMTP id 2fw9agn9ut-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 05 Feb 2018 13:20:05 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 5 Feb 2018 13:20:04 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 5 Feb 2018 13:20:04 -0500 From: "Salz, Rich" To: Scott Kitterman , "dcrup@ietf.org" Thread-Topic: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTmqKfjG6+cXRWMEypzMoeK481UKOQg6CAgAAhk4CAAANtAIAAAYQAgACCQICAAuOMgIAABIMAgAHI2YCAAI1OAIAADpMAgAABQIA= Date: Mon, 5 Feb 2018 18:20:03 +0000 Message-ID: <5374F933-0BAE-42AA-86E7-02763DC483D5@akamai.com> References: <3569AEBA-5089-4827-8C18-EC13246BC201@akamai.com> <4495955.l4dWtiFfH9@kitterma-e6430> <3180788.trd3Qjhcid@kitterma-e6430> In-Reply-To: <3180788.trd3Qjhcid@kitterma-e6430> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.33.207] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-05_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=956 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802050230 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-05_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=894 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802050231 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 18:20:12 -0000 4p6iID4gTG9va2luZyBnb29kOyBJIGNhbiB2ZXJpZnkgYSBzYW1wbGUgbWVzc2FnZSBzaWduZWQg YnkgU2NvdHQuDQogICAgDQo+ICAgIEFuZCBJIGNhbiBkbyB0aGUgc2FtZSBmb3IgYSBzYW1wbGUg bWVzc2FnZSBmcm9tIEplcmVteS4NCiAgICANCuKeoiAgICAgSWYgc29tZW9uZSB3b3VsZCBwcm92 aWRlIHRoZSB0ZXh0IG9mIHRoZSBleGFtcGxlIG1lc3NhZ2UgeW91IHdhbnQgc2lnbmVkIGZvciAN CiAgICB0aGUgZHJhZnQsIEkgY2FuIHByb3ZpZGUgdGhlIHNpZ25hdHVyZS4gIEkgcmVjb21tZW5k IHdlIHVzZSB0aGUga2V5cyBmcm9tIA0KICAgIFNlY3Rpb24gNy4xLCBUZXN0IDEgb2YgUkZDIDgw MzIuDQogICAgDQpUaGlzIGlzIGdyZWF0IG5ld3MuICBZb3VyIHJlY29tbWVuZGF0aW9uIG1ha2Vz IHNlbnNlIHRvIG1lLg0KDQoNCg== From nobody Mon Feb 5 11:34:17 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7734C128961 for ; Mon, 5 Feb 2018 11:34:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=eV+FUt8s; dkim=pass (1536-bit key) header.d=taugh.com header.b=nzFqDOR8 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ejFYuIV3QGC7 for ; Mon, 5 Feb 2018 11:34:12 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A394E1275C5 for ; Mon, 5 Feb 2018 11:34:12 -0800 (PST) Received: (qmail 50090 invoked from network); 5 Feb 2018 19:34:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c3a8.5a78b1b3.k1802; bh=hUTL95nEAFQsiqLvWBMA/XSLvCL0hP/DbUG2K8IqXmc=; b=eV+FUt8sYReVle8Um1Zd0Gq6f7k6d77nHPVY8+0MynhfSWYfIBem7jg8WCXAOqtoO3pfVqa4DvwkHyKCRT6ejc7azuWUaRkw5R/fOdCiwH9qyYsEKOLD7GBQnmWU1I0ZZi6VYgm3oGNEq23edlMavJ6oLWxhZRCiB8NF0rrbyU85wM/I/eFOZIwiki4i5hV8uCXKv4e3mQN10GW4rXfkdfGi9SNscGaCsy2eyZhaK1DBAK1gL6eoDg7ERNbK1Chw DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c3a8.5a78b1b3.k1802; bh=hUTL95nEAFQsiqLvWBMA/XSLvCL0hP/DbUG2K8IqXmc=; b=nzFqDOR8gq5oy874PuQ/IqkHQtszdl+Il9OOGrZqsgdn54KUugEnUrtAPmMiGsS6b6s/8yBJnbwf3V3NJxCdrhi42vv4uOG/BjEg1M094rEYQ9wiMpRW0b5vBVL4FgPKhXyWjiEX5YsmAcsgISZmDfWEPWm3sU7w6o0ZDEnbOKODUa7l8/ksaa0uCbh96jAMkMNyeCNY6Ff0u+GvB/4TfA7TOdjPC+TiUBB/hPzIkEmU1hA/2nKAEE5gk8g0oKr9 Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 05 Feb 2018 19:34:10 -0000 Received: by ary.qy (Postfix, from userid 501) id 7F1EA1A4EE99; Mon, 5 Feb 2018 14:34:09 -0500 (EST) Date: 5 Feb 2018 14:34:09 -0500 Message-Id: <20180205193410.7F1EA1A4EE99@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: sklist@kitterman.com In-Reply-To: <4495955.l4dWtiFfH9@kitterma-e6430> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 19:34:15 -0000 In article <4495955.l4dWtiFfH9@kitterma-e6430> you write: >I can now sign and verify messages I signed. Before we put anything in the >draft as an example though, I think we ought to get two implementations to >agree. Jeremy and I both have working, internally consistent implementations. >Now we need to exchange some data. Hopefully we can get OpenDKIM in the mix >too. > >My python code is published in the usual location: >https://code.launchpad.net/~dkimpy-hackers/dkimpy/trunk This may be a dumb question, but are you sure you're doing ed25519ph rather than ed25519? When I look at your code, I see it calling .sign() which I am reasonably sure is ed25519. In the libsodium library, crypto_sign() does ed25519, while crypto_sign_init() and crypto_sign_update() and crypto_sign_final_verify() do ed25519ph. They're different, and the signatures they create are different. A straightforward way to check is to pull out your signing code and feed it the test vector in RFC 8032 section 7.2 and make sure it creates the right signature. It took me a while to realize that ed25519(sha512(foo)) is not the same as ed25519ph(foo). Having said that, and also having wasted much of the weekend looking at perl crypto libraries, I found a lot of bindings to ed25519() and none for ed25519ph(). A cursory look at the python library suggests the same thing. So perhaps all the people who told us that libraries would only do the prehash version were misinformed and I should change the draft to use the regular not prehash version. R's, John From nobody Mon Feb 5 11:56:40 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 616F9128954 for ; Mon, 5 Feb 2018 11:56:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FInEIY3rNJu for ; Mon, 5 Feb 2018 11:56:35 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80E4127909 for ; Mon, 5 Feb 2018 11:56:35 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 2B882C402A6 for ; Mon, 5 Feb 2018 13:56:34 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517860594; bh=Hb5SuCR/lwWoJE6OiLOqA4VryOhqcZPwOztNMThRkoI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Hp8HeT3czu7xDXd4kubfvz7Mb+83WH+a+mE/zLB4anskFSJCjA+GlKgE7ezmFjjr2 qaVzd/PcDf+bQUPyS9dCj1jr5FkhAJZcvtQaIz5OXTHUllo1MfZwyaYFcjyDe0U9rs L+BSLirrb5SEYLEQJN2XoRBwMg1wixZhzMFMudd0= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 14:56:33 -0500 Message-ID: <3167570.jLmRcgZrqZ@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <20180205193410.7F1EA1A4EE99@ary.qy> References: <20180205193410.7F1EA1A4EE99@ary.qy> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 19:56:39 -0000 On Monday, February 05, 2018 02:34:09 PM John Levine wrote: > In article <4495955.l4dWtiFfH9@kitterma-e6430> you write: > >I can now sign and verify messages I signed. Before we put anything in the > >draft as an example though, I think we ought to get two implementations to > >agree. Jeremy and I both have working, internally consistent > >implementations. Now we need to exchange some data. Hopefully we can get > >OpenDKIM in the mix too. > > > >My python code is published in the usual location: > >https://code.launchpad.net/~dkimpy-hackers/dkimpy/trunk > > This may be a dumb question, but are you sure you're doing ed25519ph rather > than ed25519? > > When I look at your code, I see it calling .sign() which I am > reasonably sure is ed25519. > > In the libsodium library, crypto_sign() does ed25519, while > crypto_sign_init() and crypto_sign_update() and > crypto_sign_final_verify() do ed25519ph. They're different, and the > signatures they create are different. > > A straightforward way to check is to pull out your signing code and > feed it the test vector in RFC 8032 section 7.2 and make sure it > creates the right signature. It took me a while to realize that > ed25519(sha512(foo)) is not the same as ed25519ph(foo). > > Having said that, and also having wasted much of the weekend looking > at perl crypto libraries, I found a lot of bindings to ed25519() and > none for ed25519ph(). A cursory look at the python library suggests > the same thing. > > So perhaps all the people who told us that libraries would only do the > prehash version were misinformed and I should change the draft to > use the regular not prehash version. Sigh. I misread the draft, and apparently I'm not the only one. I checked myself against TEST 1 of Section 7.1, since that's the one I thought we were doing. No need to feed it the other test vector. I already know it's wrong. Since Jeremy and I are interoperable using ed25519 and support for ed25519ph is limited (in addition to your findings, it's not supported by the Python bindings for libsodium that I'm using) I'd say switch the draft. ~All the running code uses ed25519 and it'll be easier for others to implement as well. It also lets you get rid of the note about hashing something that's already hashed (right? - I stayed up depressingly late last night finishing this, so I'm likely not firing on all cylinders at the moment). Scott K From nobody Mon Feb 5 12:44:32 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A4CC12D879 for ; Mon, 5 Feb 2018 12:44:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bnhK2nK5idBi for ; Mon, 5 Feb 2018 12:44:22 -0800 (PST) Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66C2012D954 for ; Mon, 5 Feb 2018 12:44:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=denisbider.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to: references; bh=ilkeYJ+s9AMM/k2ECfWpmnPAAv72SUP7wp/gFm7RXc8=; b=QeMagRdn+osIKfxULd4SOoeMgQntKr86fOoTYLhrUs485oE7YBmozuZvW+yu8FhqqlsLQ7CBrV87/ QrPVMUsfKWHz/iXdP1qGA3iT04laP91uVyrp3xyBwRRr2zMIMUCiV1JHHwtOyTRP1CD3BwS9Bb6vLH 18Epe8yVJ6IpVu2TQMlOXnaoym7yT19zWLb/nSUgfQ+2N9sWSLzMBQ7h3njcO6OpNE6zewvCYGKxnN INEkuZp9qFZ2B7tiexjevm10ajWgcnS5TBOFr97gU3wTaxM+Dgg306RbXivM9aso5IfpX43x0EqpaC aQ1kc/UOa/UXzA8itFo+Mg46/Qo7hoQ== X-Footer: ZGVuaXNiaWRlci5jb20= Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com with ESMTPSA (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 5 Feb 2018 20:44:15 +0000 Message-ID: <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> From: "denis bider \(Bitvise\)" To: "Scott Kitterman" , References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> In-Reply-To: <3167570.jLmRcgZrqZ@kitterma-e6430> Date: Mon, 5 Feb 2018 14:44:39 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01AF_01D39E8F.DA0CA4D0" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3528.331 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 20:44:24 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_01AF_01D39E8F.DA0CA4D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > Since Jeremy and I are interoperable using ed25519 and > support for ed25519ph is limited (in addition to your findings, > it's not supported by the Python bindings for libsodium that I'm > using) I'd say switch the draft. =20 I believe this has already been discussed and agreed on (to use Ed25519, = and not Ed25519-prehash). The reasons were along the lines you mention. It sounds as though your implementation reflects the last agreement I am = aware of. If the draft says differently, it likely needs to be updated. denis From: Scott Kitterman=20 Sent: Monday, February 5, 2018 13:56 To: dcrup@ietf.org=20 Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto On Monday, February 05, 2018 02:34:09 PM John Levine wrote: > In article <4495955.l4dWtiFfH9@kitterma-e6430> you write: > >I can now sign and verify messages I signed. Before we put anything = in the > >draft as an example though, I think we ought to get two = implementations to > >agree. Jeremy and I both have working, internally consistent > >implementations. Now we need to exchange some data. Hopefully we can = get > >OpenDKIM in the mix too. > > > >My python code is published in the usual location: > >https://code.launchpad.net/~dkimpy-hackers/dkimpy/trunk >=20 > This may be a dumb question, but are you sure you're doing ed25519ph = rather > than ed25519? >=20 > When I look at your code, I see it calling .sign() which I am > reasonably sure is ed25519. >=20 > In the libsodium library, crypto_sign() does ed25519, while > crypto_sign_init() and crypto_sign_update() and > crypto_sign_final_verify() do ed25519ph. They're different, and the > signatures they create are different. >=20 > A straightforward way to check is to pull out your signing code and > feed it the test vector in RFC 8032 section 7.2 and make sure it > creates the right signature. It took me a while to realize that > ed25519(sha512(foo)) is not the same as ed25519ph(foo). >=20 > Having said that, and also having wasted much of the weekend looking > at perl crypto libraries, I found a lot of bindings to ed25519() and > none for ed25519ph(). A cursory look at the python library suggests > the same thing. >=20 > So perhaps all the people who told us that libraries would only do the > prehash version were misinformed and I should change the draft to > use the regular not prehash version. Sigh. I misread the draft, and apparently I'm not the only one. I checked myself against TEST 1 of Section 7.1, since that's the one I = thought=20 we were doing. No need to feed it the other test vector. I already = know it's=20 wrong. Since Jeremy and I are interoperable using ed25519 and support for = ed25519ph=20 is limited (in addition to your findings, it's not supported by the = Python=20 bindings for libsodium that I'm using) I'd say switch the draft. ~All = the=20 running code uses ed25519 and it'll be easier for others to implement as = well. =20 It also lets you get rid of the note about hashing something that's = already=20 hashed (right? - I stayed up depressingly late last night finishing = this, so=20 I'm likely not firing on all cylinders at the moment). Scott K _______________________________________________ Dcrup mailing list Dcrup@ietf.org https://www.ietf.org/mailman/listinfo/dcrup ------=_NextPart_000_01AF_01D39E8F.DA0CA4D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
> Since Jeremy and I are interoperable using ed25519 and
> support for ed25519ph is limited (in addition to your = findings,
> it's not supported by the Python bindings for libsodium that = I'm
> using) I'd say switch the draft. 
 
I believe this has already been discussed and agreed on (to use = Ed25519,=20 and not Ed25519-prehash). The reasons were along the lines you = mention.
 
It sounds as though your implementation reflects the last agreement = I am=20 aware of. If the draft says differently, it likely needs to be = updated.
 
denis
 
 
 
Sent: Monday, February 5, 2018 13:56
Subject: Re: [Dcrup] WGLC final issues=20 draft-ietf-dcrup-dkim-crypto
 
On=20 Monday, February 05, 2018 02:34:09 PM John Levine wrote:
> In = article=20 <4495955.l4dWtiFfH9@kitterma-e6430> you write:
> >I can = now sign=20 and verify messages I signed.  Before we put anything in = the
>=20 >draft as an example though, I think we ought to get two = implementations=20 to
> >agree.  Jeremy and I both have working, internally=20 consistent
> >implementations. Now we need to exchange some = data. =20 Hopefully we can get
> >OpenDKIM in the mix too.
> = >
>=20 >My python code is published in the usual location:
>=20 >https://code.launchpad.net/~dkimpy-hackers/dkimpy/trunk
> =
>=20 This may be a dumb question, but are you sure you're doing ed25519ph=20 rather
> than ed25519?
>
> When I look at your code, = I see it=20 calling <key>.sign() which I am
> reasonably sure is=20 ed25519.
>
> In the libsodium library, crypto_sign() does = ed25519,=20 while
> crypto_sign_init() and crypto_sign_update() and
>=20 crypto_sign_final_verify() do ed25519ph.  They're different, and=20 the
> signatures they create are different.
>
> A=20 straightforward way to check is to pull out your signing code = and
> feed=20 it the test vector in RFC 8032 section 7.2 and make sure it
> = creates the=20 right signature.  It took me a while to realize that
>=20 ed25519(sha512(foo)) is not the same as ed25519ph(foo).
>
> = Having=20 said that, and also having wasted much of the weekend looking
> at = perl=20 crypto libraries, I found a lot of bindings to ed25519() and
> = none for=20 ed25519ph().  A cursory look at the python library suggests
> = the=20 same thing.
>
> So perhaps all the people who told us that=20 libraries would only do the
> prehash version were misinformed and = I=20 should change the draft to
> use the regular not prehash=20 version.

Sigh.  I misread the draft, and apparently I'm not = the only=20 one.

I checked myself against TEST 1 of Section 7.1, since that's = the one=20 I thought
we were doing.  No need to feed it the other test=20 vector.  I already know it's
wrong.

Since Jeremy and I = are=20 interoperable using ed25519 and support for ed25519ph
is limited (in = addition to your findings, it's not supported by the Python
bindings = for=20 libsodium that I'm using) I'd say switch the draft.  ~All the =
running=20 code uses ed25519 and it'll be easier for others to implement as = well. =20
It also lets you get rid of the note about hashing something that's = already=20
hashed (right? - I stayed up depressingly late last night finishing = this, so=20
I'm likely not firing on all cylinders at the moment).

Scott=20 K

_______________________________________________
Dcrup = mailing=20 list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup
=
------=_NextPart_000_01AF_01D39E8F.DA0CA4D0-- From nobody Mon Feb 5 13:50:06 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01CB312DA08 for ; Mon, 5 Feb 2018 13:50:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=FxIt0hxj; dkim=pass (1536-bit key) header.d=taugh.com header.b=jTLjOVU9 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDeaPbemxEbF for ; Mon, 5 Feb 2018 13:50:03 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C090612D969 for ; Mon, 5 Feb 2018 13:50:02 -0800 (PST) Received: (qmail 75918 invoked from network); 5 Feb 2018 21:50:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12887.5a78d189.k1802; bh=z/1Ashh5NTgjkQqzqvU6MBSuISlTayYlOT9nmIs0jCc=; b=FxIt0hxjcPRIprlIA7spxzB6RJrXAHCyhh2HTMMlc0vp6YPx0FaO0sXMRFaFaYZO0kNUPf+YcLad30PLb9AlO5bYCx4D+Teq81Y+oTz3UqAPaPVaL8KShurJ5quHL8Mq8VCJ2PKY7bfaNWdRvEArWAcrlh55D1xDDuGEBIaWksfec//n+NT8yZJ44s1tIfOBNHsezPaMZRjpwerItPbvbjOe38w410JaYjz+MAzA0kf5lIuhK8GvJym715LfxMBH DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=12887.5a78d189.k1802; bh=z/1Ashh5NTgjkQqzqvU6MBSuISlTayYlOT9nmIs0jCc=; b=jTLjOVU9Yt/wm8CpAohQAfNhYeZPqOON+fE2LPOI8FxaQy2Xwq2D7FH556DJCI9HgkPXbyxCjd3+ZDeXHk1HbThmRosaXCZxMnTfce4fLJB1+Sc/8mD4vg1XDMG7tW4tdfqnXdBdlqdS0O2GDMYhuhtx8KgKsq8UvQdv+RML70hQ+7qBL56umpWW51RKuspVYGNPdIxuc6FoggqekGfst6jVrYxH6xR43xB6D1JGqrYB5wBrVRIlqtqatc+nmNEh Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 05 Feb 2018 21:50:01 -0000 Received: by ary.qy (Postfix, from userid 501) id 541A21A52946; Mon, 5 Feb 2018 16:50:00 -0500 (EST) Date: 5 Feb 2018 16:50:00 -0500 Message-Id: <20180205215001.541A21A52946@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: rsalz@akamai.com In-Reply-To: <5374F933-0BAE-42AA-86E7-02763DC483D5@akamai.com> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 21:50:05 -0000 In article <5374F933-0BAE-42AA-86E7-02763DC483D5@akamai.com> you write: >➢ > Looking good; I can verify a sample message signed by Scott. > >> And I can do the same for a sample message from Jeremy. > >➢ If someone would provide the text of the example message you want signed for > the draft, I can provide the signature. I recommend we use the keys from > Section 7.1, Test 1 of RFC 8032. Hey, wait a minute. Those keys are for ed25519, but the draft says ed25519ph. The test vectors for ed25519ph are in section 7.3. For months people have been telling me that nobody will implement plain ed25519, only prehashed ed25519ph. But when I looked at Scott's code it was pretty clear he's using plain ed25519, and now you're saying to use the test vectors for ed25519. FYI, I wasted a fair amount of time over the weekend looking at perl wrappers for crypto libraries, where I found lots of wrappers for ed25519 and none for ed25519ph. Needless to say I'm not going to ship a draft where the examples don't match the spec. Should I conclude that all that stuff about prehashing was wrong and take it out of the spec? R's, John From nobody Mon Feb 5 14:07:57 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A04312DA15 for ; Mon, 5 Feb 2018 14:07:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ticP3iig2894 for ; Mon, 5 Feb 2018 14:07:52 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2D2712DA16 for ; Mon, 5 Feb 2018 14:07:52 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id F2D6BC40144 for ; Mon, 5 Feb 2018 16:07:48 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517868469; bh=IvBXeOy/O8YFkE7SBoFJnna+UO5jeTJSUxMBEEoqhmw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=llZGxesAvEjrYLiZ+pp5LryK7h5e8Ui31D7f4fN5oHpNjNt5zuEBq8qw0NKGOFTeQ 5P9m0Dac/l1Qatpm75X7no7yXN8QOiEBxlDut1V8KY2PDXZtLbj/qE+WX7i9hLXZCJ sYrm5HRlei3JUOkLlAZmjCyJpJ0E1Yj5S8bSC0Og= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 17:07:48 -0500 Message-ID: <6226133.OdZD3a3Jb0@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <20180205215001.541A21A52946@ary.qy> References: <20180205215001.541A21A52946@ary.qy> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Archived-At: Subject: Re: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 22:07:56 -0000 On Monday, February 05, 2018 04:50:00 PM John Levine wrote: > In article <5374F933-0BAE-42AA-86E7-02763DC483D5@akamai.com> you writ= e: > >=E2=9E=A2 > Looking good; I can verify a sample message signed by Sc= ott. > > > >> And I can do the same for a sample message from Jeremy. > > > >=E2=9E=A2 If someone would provide the text of the example messa= ge you want > >signed for> > > the draft, I can provide the signature. I recommend we use the = keys > > from > > Section 7.1, Test 1 of RFC 8032. >=20 > Hey, wait a minute. Those keys are for ed25519, but the draft says > ed25519ph. The test vectors for ed25519ph are in section 7.3. >=20 > For months people have been telling me that nobody will implement > plain ed25519, only prehashed ed25519ph. But when I looked at Scott'= s > code it was pretty clear he's using plain ed25519, and now you're > saying to use the test vectors for ed25519. FYI, I wasted a fair > amount of time over the weekend looking at perl wrappers for crypto > libraries, where I found lots of wrappers for ed25519 and none for > ed25519ph. >=20 > Needless to say I'm not going to ship a draft where the examples don'= t > match the spec. Should I conclude that all that stuff about > prehashing was wrong and take it out of the spec? I think it was wrong. Jeremy was able to get things working with GNU T= LS=20 using ed25519. Given you found ed25519 in perl, I think it's fair to s= ay it's=20 common. I said use the test vectors for the crypto type I implemented. I confe= ss to=20 being confused about ed25519 versus ed25519ph. In the python bindings = I was=20 using, I had one choice, so I used it. Given the only reason we picked ed25519 pre-hash, was presumably superi= or=20 library availability, I think we ought to change the draft. Clearly "p= eople"=20 were wrong. I, for one, am glad we waited for running code before shipping the docu= ment. Scott K From nobody Mon Feb 5 14:17:16 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC5912D72F for ; Mon, 5 Feb 2018 14:17:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P34ZClliGyrQ for ; Mon, 5 Feb 2018 14:17:13 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4E12120724 for ; Mon, 5 Feb 2018 14:17:12 -0800 (PST) Received: (qmail 80446 invoked from network); 5 Feb 2018 22:17:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=13a3c.5a78d7e7.k1802; bh=D/wQ8i9AdMK2Nh3VVMolDHLgIwdfFoPtOKmHf1PlyM4=; b=FdCUkordIg5P8qvu+//c8bz5dzhr34HlYK6EN7HMiRFyEjWirL/ZJK8QHUXNzH7DkmPJW4z6i7IscixMIOqM45goIjJ8H0S3VQTA69PBenYlC1oLCnqw7G8zgVKfbDVIFno/XEJ1EdsfP3ye8gPwjsIAOVZ2fQdsuJ5PZyzmPolbZEsMIHF86FDbcFgVdN1nebes0VoxtgLqCyw8WqKC9vfDT3cqCn7Qv0xhQLHrqa4oIzCrJeEz0wkB/10oIWpj Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 05 Feb 2018 22:17:11 -0000 Date: 5 Feb 2018 17:17:10 -0500 Message-ID: From: "John R. Levine" To: "Scott Kitterman" Cc: dcrup@ietf.org In-Reply-To: <6226133.OdZD3a3Jb0@kitterma-e6430> References: <20180205215001.541A21A52946@ary.qy> <6226133.OdZD3a3Jb0@kitterma-e6430> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 22:17:15 -0000 > I said use the test vectors for the crypto type I implemented. I confess to > being confused about ed25519 versus ed25519ph. In the python bindings I was > using, I had one choice, so I used it. If they're the test vectors in section 7.1, that's definitely the regular not prehashed flavor. > Given the only reason we picked ed25519 pre-hash, was presumably superior > library availability, I think we ought to change the draft. Clearly "people" > were wrong. OK with me. Oh, Mr. WG Chair ... ? Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Mon Feb 5 14:25:17 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A86126B6D for ; Mon, 5 Feb 2018 14:25:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42GLzGwW-34U for ; Mon, 5 Feb 2018 14:25:14 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA3AA120724 for ; Mon, 5 Feb 2018 14:25:14 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 9ABBAC40144 for ; Mon, 5 Feb 2018 16:25:13 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517869513; bh=W/f7MBvUk/YmiZOisoCZEXxECv/6hXsSPqnq8aKQ/uM=; h=From:To:Subject:Date:In-Reply-To:References:From; b=WvoFegAXe+hQ+LcMD1YidvDXPKVef4WlgO3yzov+BCwylhTuwJH5FQ5bgMMknefM7 DT8+L0O99M2+kH9wp0Q+isti/Z28039Kv6ALI0KRfSDKsUfA2skidT0HJVcTJtwiUb 33HRuYT85CW/Yi87Hb2z/0Kptj2eEy2uHLyEAQc0= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 17:25:12 -0500 Message-ID: <2775195.3IYjPX4lpQ@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <20180205215001.541A21A52946@ary.qy> <6226133.OdZD3a3Jb0@kitterma-e6430> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 22:25:16 -0000 On Monday, February 05, 2018 05:17:10 PM John R. Levine wrote: > > I said use the test vectors for the crypto type I implemented. I confess > > to being confused about ed25519 versus ed25519ph. In the python bindings > > I was using, I had one choice, so I used it. > > If they're the test vectors in section 7.1, that's definitely the regular > not prehashed flavor. I retrospect, that's perfectly clear. I made the mistake of believing that since "everyone" was saying only the prehash was going to be implemented, that must be the one I had. Sorry for the confusion. Scott K From nobody Mon Feb 5 14:30:06 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5FAF126B6D for ; Mon, 5 Feb 2018 14:30:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7YABXArpejn for ; Mon, 5 Feb 2018 14:30:03 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CA5A120724 for ; Mon, 5 Feb 2018 14:30:03 -0800 (PST) Received: (qmail 83067 invoked from network); 5 Feb 2018 22:30:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=14479.5a78daea.k1802; bh=JJSTUehpfS8NcNotVSOR3FSaPlnNYyJXMrJqSMiOQCw=; b=VnMZcjx0xhd4wTfWX0Tspw3HLqLzOJKBWbwvmZrHUpaXTxoFZwIVnqVLYND2gEIQmKHegV279tqQsbh7i4acINpTA107kk400OG1sNok9p4UsN1iVQDRWZYSSXOgR9TAn7EZldLnmprjabw+YQ0sYtC6wztaps85TkOMzSP1i8yKHxqqgT8jOunOcRz7OLnt18BGCo79d4cq2loHHKPMHGo1LYlDgpe8cIvid+/Iu97uYTXm5o1Ds0Yt0FhN+bRP Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 05 Feb 2018 22:30:02 -0000 Date: 5 Feb 2018 17:30:01 -0500 Message-ID: From: "John R. Levine" To: "denis bider (Bitvise)" Cc: "Scott Kitterman" , dcrup@ietf.org In-Reply-To: <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 22:30:05 -0000 > I believe this has already been discussed and agreed on (to use Ed25519, and not Ed25519-prehash). The reasons were along the lines you mention. I went back and looked at the list archives and I see that Rich said OpenSSL has "no plans to do prehash", which I somehow misread as "only plans to do prehash." I think we're all in agreement so I'll take out the extra hash. Since there's some other stuff I really should be doing, I might even hack ed25519 into the perl code instead. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Mon Feb 5 15:52:13 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B7FD127869 for ; Mon, 5 Feb 2018 15:52:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GR5iiXhz--G2 for ; Mon, 5 Feb 2018 15:52:09 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76FFA12711A for ; Mon, 5 Feb 2018 15:52:09 -0800 (PST) Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w15Nq4vd008125; Mon, 5 Feb 2018 23:52:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=FlLDQVeBPm6iuhFF6rRdqfKO/DuJUDgRVQXmDaaL0J0=; b=auq/Fu0ezMd+DPShR0m3FmSTY5uMqcq/D6E12Fcbb6I89iq5YAj/Vtbd5HehQmHr/3ik NtsVNz9RZRjQRqoGPbDPGOJHlxk5u0blEAb92lfGk1UcBvBP2rlVPiKnobuUHPG5B//w 0z91+u0TedHaSW5J+idr7ZGf88Ye7RnYeWuvxv+0qtZh5uU4Ejr1ZAjo9bTttpxVvNI7 0yF+4At52AjnI+YJPNk5cgO3jYgf59vdUphj7zjUsuEqxSF44Z5CiWamlibCEXFO+IWc VCltrQdNjc1sZNkiE2Di6ZdVQlx87iLiPPgHmTbeHVNnsyTet6GcQa2xHJNhdHKCLqmQ Ig== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by mx0b-00190b01.pphosted.com with ESMTP id 2fw2tv7gea-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 05 Feb 2018 23:52:04 +0000 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w15NkMSh004624; Mon, 5 Feb 2018 18:52:03 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint1.akamai.com with ESMTP id 2fw99yyjqw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 05 Feb 2018 18:52:03 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 5 Feb 2018 18:52:02 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 5 Feb 2018 18:52:03 -0500 From: "Salz, Rich" To: "John R. Levine" , Scott Kitterman CC: "dcrup@ietf.org" Thread-Topic: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTnstIzzCoqjJsEkmQr4y0d5OepaOWsb4AgAACngCAABqBAA== Date: Mon, 5 Feb 2018 23:52:02 +0000 Message-ID: References: <20180205215001.541A21A52946@ary.qy> <6226133.OdZD3a3Jb0@kitterma-e6430> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.109] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-05_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=700 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802050288 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-05_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=640 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802050289 Archived-At: Subject: Re: [Dcrup] what crypto are we using? WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 23:52:11 -0000 DQogICAgPiBHaXZlbiB0aGUgb25seSByZWFzb24gd2UgcGlja2VkIGVkMjU1MTkgcHJlLWhhc2gs IHdhcyBwcmVzdW1hYmx5IHN1cGVyaW9yDQogICAgPiBsaWJyYXJ5IGF2YWlsYWJpbGl0eSwgSSB0 aGluayB3ZSBvdWdodCB0byBjaGFuZ2UgdGhlIGRyYWZ0LiAgQ2xlYXJseSAicGVvcGxlIg0KICAg ID4gd2VyZSB3cm9uZy4NCiAgICANCuKeoiAgICAgT0sgd2l0aCBtZS4gIE9oLCBNci4gV0cgQ2hh aXIgLi4uID8NCiAgICANCkFwcGFyZW50bHkgSSBhbSBwZW9wbGUuDQoNCkkgd2FzIHdyb25nLiAg U29ycnkgZm9yIHRoZSBtaXNkaXJlY3Rpb24uICBMZXTigJlzIGNoYW5nZSBpdC4NCg0K From nobody Mon Feb 5 16:17:03 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A244129C51 for ; Mon, 5 Feb 2018 16:17:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQVEbpEINyjP for ; Mon, 5 Feb 2018 16:16:59 -0800 (PST) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5105C124B18 for ; Mon, 5 Feb 2018 16:16:59 -0800 (PST) Received: from [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90.102) id 1eiqwT-0001KI-3K for dcrup@ietf.org (return-path ); Tue, 06 Feb 2018 00:16:57 +0000 To: dcrup@ietf.org References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> From: Jeremy Harris Message-ID: <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> Date: Tue, 6 Feb 2018 00:16:56 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Pcms-Received-Sender: [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 00:17:01 -0000 On 05/02/18 22:30, John R. Levine wrote: >> I believe this has already been discussed and agreed on (to use >> Ed25519, and not Ed25519-prehash). The reasons were along the lines >> you mention. > > I went back and looked at the list archives and I see that Rich said > OpenSSL has "no plans to do prehash", which I somehow misread as "only > plans to do prehash." > > I think we're all in agreement so I'll take out the extra hash.  Since > there's some other stuff I really should be doing, I might even hack > ed25519 into the perl code instead. I'm now re-confused. As far as I'm aware, my code (which interops with Scotts) is a) doing a sha256 b) feeding the result of (a) to a gnutls routine which does c.1) a sha512 c.2) an ed25519 signing, or verification That sounds like an "extra hash" to me. I'm unclear whether you're calling it "use Ed25519" or "use Ed25519-prehash". I'm unclear why you'll be taking out "the extra hash". I'm unclear whether the operation you're calling "ed25519ph()" is called that because it expects a pre-hashed lump of data (and is only doing a pure signing operation of a small amount of data) or whether it is called that because it first hashes a (probably large) amount of data and then signs it. -- Jeremy From nobody Mon Feb 5 16:27:37 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF60612DA14 for ; Mon, 5 Feb 2018 16:27:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZZojxOB5xDF for ; Mon, 5 Feb 2018 16:27:32 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92AA012D860 for ; Mon, 5 Feb 2018 16:27:32 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 50EBAC40245 for ; Mon, 5 Feb 2018 18:27:31 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517876851; bh=xD6Epx0QtN9b60cgVjNFqtfOtqBNFhs9vtnTLyg2fGg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=eNDxHx3jt+96sTmmJ56Fp8U2dLyJsUZRs5Dl9o6hnTX8yzQpH5euZ90Xgzpe6icFe juK3MM8k/WEFlb3s0r2p0bLhE0QZJtpJjUJVUCedw6Qpc16pTnXv73WpGznnrP8Okk cS7gGyTHG6yy+nHeLXjAjX+zstip+z7KiZw6xMZs= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 19:27:30 -0500 Message-ID: <14461331.jqVgvgHmyf@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> References: <20180205193410.7F1EA1A4EE99@ary.qy> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 00:27:36 -0000 On Tuesday, February 06, 2018 12:16:56 AM Jeremy Harris wrote: > On 05/02/18 22:30, John R. Levine wrote: > >> I believe this has already been discussed and agreed on (to use > >> Ed25519, and not Ed25519-prehash). The reasons were along the lines > >> you mention. > > > > I went back and looked at the list archives and I see that Rich said > > OpenSSL has "no plans to do prehash", which I somehow misread as "only > > plans to do prehash." > > > > I think we're all in agreement so I'll take out the extra hash. Since > > there's some other stuff I really should be doing, I might even hack > > ed25519 into the perl code instead. > > I'm now re-confused. > > As far as I'm aware, my code (which interops with Scotts) is > > a) doing a sha256 > b) feeding the result of (a) to a gnutls routine which does > c.1) a sha512 > c.2) an ed25519 signing, or verification > > That sounds like an "extra hash" to me. I'm unclear whether you're > calling it "use Ed25519" or "use Ed25519-prehash". I'm unclear why > you'll be taking out "the extra hash". I'm unclear whether the > operation you're calling "ed25519ph()" is called that because it > expects a pre-hashed lump of data (and is only doing a pure signing > operation of a small amount of data) or whether it is called that > because it first hashes a (probably large) amount of data and then > signs it. I think we got caught up in terminology. I believe you and I have implemented what we want in the draft, so we just need to wait for the draft. Scott K From nobody Mon Feb 5 17:38:02 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6958F12D877 for ; Mon, 5 Feb 2018 17:38:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rupn5VPvnCtB for ; Mon, 5 Feb 2018 17:37:59 -0800 (PST) Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7D3F127342 for ; Mon, 5 Feb 2018 17:37:58 -0800 (PST) Received: by mail-qt0-x22c.google.com with SMTP id l20so358973qtj.11 for ; Mon, 05 Feb 2018 17:37:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mbo/wbEEFd6/Sbyrw0i6su4KsUZpDTijX5wQaACnR3s=; b=AfbWtaaTRSjA7m4wXI0Fl72MsJ6nG+22+cM0U4IZ3k+/rVu9qxG/ANBaNyPnxktBhE 2tXNUS/P119fQor7fYWpTBSShrQbBtf9wOCBeiJlJ6vDeQ3+GJus0tyTPvJ4uAEXnk11 +g8gljpU275NNZFU+oaBLhzqG3EbcEVNdfLVmDUPq7EEkfkelnCfZpNByGxD3GKPuQs+ u4p9tkscG2LI3cIPeLbtNpTkAklfnU1xM8CiQZ/8O8/wccbySV21gdE1VL9nQBQu14Ds 2iLU/2W6JRQghwv28rqrXDOpJsVVCw8Ml+FgC0XL6+kUJPbXq5pYyFTRPGd65bkFm2eg 3n2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mbo/wbEEFd6/Sbyrw0i6su4KsUZpDTijX5wQaACnR3s=; b=h7v7aVQmUD69ousqYyoKplrlJQtQxl86uDTj0UkwyiZxDk6vBe9xKVIAyA+5LSNyOB 6aaoeGOB1+ckOhUaZNoS+0k9UKwRS3ieUnYtTTgiDkf/DI5a7bOzbxxP0TuMykHrWGsG 2Gsz0PZMTOH7+TDjDRR8prnRDJMA4a+BV+65CtiaE7vTJbk73NjKgBmQNwz1LFJ6C6II YzmeABaokwG1Alw/xrffvUP59TF49uggLLXN98IJ4CZVNYHLETqapn/zjP6XeSyVJIat y0RTWgaybw69XVLS4V8SHSL9IBHZsmuGjyDavBbU0XWO+weIuSIcGen/28hSfke8O4lp aQUg== X-Gm-Message-State: APf1xPCp8CRJ69r85saeDR2peD1RduF25Nl/ZPb6imxPdxmAegAmKw52 LrLDOsFqBGvFjG/6nbwC9l4vsxvsfLIu9df5s1A= X-Google-Smtp-Source: AH8x224VERCQkCi1BKg+AAwICmqVvwLAfUG6bYJAI+pgjUkfDXbtKuNp2xU0DubtzdaZ7Fx855DW8wtXN+hB9RVdSw4= X-Received: by 10.237.44.167 with SMTP id g36mr1175462qtd.110.1517881077900; Mon, 05 Feb 2018 17:37:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.145.238 with HTTP; Mon, 5 Feb 2018 17:37:57 -0800 (PST) In-Reply-To: <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> From: denis bider Date: Mon, 5 Feb 2018 19:37:57 -0600 Message-ID: To: Jeremy Harris Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="94eb2c1256ac75abb90564813a24" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 01:38:01 -0000 --94eb2c1256ac75abb90564813a24 Content-Type: text/plain; charset="UTF-8" I believe a confusion of terminology has occurred in the draft. My understanding is same as Jeremy's: Ed25519 performs the extra hash, Ed25519ph is different in that it doesn't (it doesn't DO a pre-hash; it EXPECTS pre-hashed input). My understanding of implementation availability is that Ed25519 (with the extra hash) is available universally, Ed25519ph isn't. My understanding of the agreement reached on the list is that we do what's universally available (Ed25519), and we do not do what isn't (Ed25519ph). It looks like the concepts were accidentally reversed when writing the draft, which is understandable since it's confusing what the "ph" in "Ed25519ph" stands for. denis On Mon, Feb 5, 2018 at 6:16 PM, Jeremy Harris wrote: > On 05/02/18 22:30, John R. Levine wrote: > >> I believe this has already been discussed and agreed on (to use > >> Ed25519, and not Ed25519-prehash). The reasons were along the lines > >> you mention. > > > > I went back and looked at the list archives and I see that Rich said > > OpenSSL has "no plans to do prehash", which I somehow misread as "only > > plans to do prehash." > > > > I think we're all in agreement so I'll take out the extra hash. Since > > there's some other stuff I really should be doing, I might even hack > > ed25519 into the perl code instead. > > I'm now re-confused. > > As far as I'm aware, my code (which interops with Scotts) is > > a) doing a sha256 > b) feeding the result of (a) to a gnutls routine which does > c.1) a sha512 > c.2) an ed25519 signing, or verification > > That sounds like an "extra hash" to me. I'm unclear whether you're > calling it "use Ed25519" or "use Ed25519-prehash". I'm unclear why > you'll be taking out "the extra hash". I'm unclear whether the > operation you're calling "ed25519ph()" is called that because it > expects a pre-hashed lump of data (and is only doing a pure signing > operation of a small amount of data) or whether it is called that > because it first hashes a (probably large) amount of data and then > signs it. > > -- > Jeremy > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > --94eb2c1256ac75abb90564813a24 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I believe a confusion of terminology has occurred in the d= raft.

My understanding is same as Jeremy's: Ed25519 = performs the extra hash, Ed25519ph is different in that it doesn't (it = doesn't DO a pre-hash; it EXPECTS pre-hashed input).

My understanding of implementation availability is that Ed25519 (wit= h the extra hash) is available universally, Ed25519ph isn't.
=
My understanding of the agreement reached on the list is tha= t we do what's universally available (Ed25519), and we do not do what i= sn't (Ed25519ph).

It looks like the concepts w= ere accidentally reversed when writing the draft, which is understandable s= ince it's confusing what the "ph" in "Ed25519ph" st= ands for.

denis


On Mon, Feb 5, 2018 at 6:= 16 PM, Jeremy Harris <jgh@wizmail.org> wrote:
On 05/02/18 22:30, John R. Levine wrote:=
>> I believe this has already been discussed and agreed on (to use >> Ed25519, and not Ed25519-prehash). The reasons were along the line= s
>> you mention.
>
> I went back and looked at the list archives and I see that Rich said > OpenSSL has "no plans to do prehash", which I somehow misrea= d as "only
> plans to do prehash."
>
> I think we're all in agreement so I'll take out the extra hash= .=C2=A0 Since
> there's some other stuff I really should be doing, I might even ha= ck
> ed25519 into the perl code instead.

I'm now re-confused.

As far as I'm aware, my code (which interops with Scotts) is

a) doing a sha256
b) feeding the result of (a) to a gnutls routine which does
=C2=A0 =C2=A0c.1) a sha512
=C2=A0 =C2=A0c.2) an ed25519 signing, or verification

That sounds like an "extra hash" to me.=C2=A0 I'm unclear whe= ther you're
calling it "use Ed25519" or "use Ed25519-prehash".=C2= =A0 I'm unclear why
you'll be taking out "the extra hash".=C2=A0 I'm unclear = whether the
operation you're calling "ed25519ph()" is called that because= it
expects a pre-hashed lump of data (and is only doing a pure signing
operation of a small amount of data) or whether it is called that
because it first hashes a (probably large) amount of data and then
signs it.

--
Jeremy

_______________________________________________
Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup

--94eb2c1256ac75abb90564813a24-- From nobody Mon Feb 5 18:04:00 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578DF120725 for ; Mon, 5 Feb 2018 18:03:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FuNWQky8S9hp for ; Mon, 5 Feb 2018 18:03:56 -0800 (PST) Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC88512D877 for ; Mon, 5 Feb 2018 18:03:55 -0800 (PST) Received: by mail-qt0-x235.google.com with SMTP id a27so444907qtd.1 for ; Mon, 05 Feb 2018 18:03:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8wh/3WcOWhlZSgVCV8YOQF2q6F1NFrPOmi4o7ntUqws=; b=ZZ1oPW0qZxfSPn/LEXyFU1ByAT42JMyRQNL23+gek4m9QhuND4vQ05Naq4Z3FnfLIv Voc/m8cH7WNP/USsgr/O03XqEdEbUT8+Gfx8BmnIim7X1PDm2heRM5Yph2DHkhiKT7gr xvAAZolmOFGysl99S0XTtOgLKWAT7rIZy5l82lCq26GqPMfjjxJthP2fY7IcOwL/DdTi pQIBEe/jwQSvGJjvCgr+/ld+mFUg/2eigcM/GYOeIv7GX/ibPxxTIthbQRPrJvQFfiDP QaOnYYK7iZKL6dPz+5Evvop/3gpF7oVWqRuZQ/XLf+53IsXU83TTqXxhBZcd/H7bMAsC eHGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8wh/3WcOWhlZSgVCV8YOQF2q6F1NFrPOmi4o7ntUqws=; b=S6YqwlfkTg/myEvQq1DIhjhp2+rGp3Fqa4BTTNMtCKFGqXQMzyRPSmdyEo+P4yyb91 uy20kOFch6OVhut8R1Y5a1jgevnwgZRQShlpirYFPT+Cua9J9uV9HsM+ZkFooN6DSNpH 7rXvrOLq/v+6o7DTlrQ0/GHONFiI1LANYvp0dzQ41H22NKHvSkEH+MVLOI1H3ItCSaZN K9RFmeEiwu0x1yWw/T5/8ZYAngNWLhH1UWUuC5UxrgXNVI/yhIDaCMgo5WFd6iJlMP7a YG7KJ5yj+KV1T3P8ex9HjfLiUzhwUT4llFswIkCdFusXhGLlUjbyamudGOktzK7K5laU YrTA== X-Gm-Message-State: APf1xPChpBab1w/Rj8m2VwCzKCcrm8my9Pqz6kO7ORy5jO84I+82aBtE NScBPlxQWm/+X3odaWdfn7akVzEKLrbC5cX2vQ0= X-Google-Smtp-Source: AH8x227g4aA0DAgl0P6Ib0bCmTkViISc/fQnK1v4tRw7EZHiW9qrYADpxOSmaTrPG9yeRFTMP6WUpSnOKaTl+uIWT9E= X-Received: by 10.200.53.175 with SMTP id k44mr1329558qtb.37.1517882634984; Mon, 05 Feb 2018 18:03:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.145.238 with HTTP; Mon, 5 Feb 2018 18:03:54 -0800 (PST) In-Reply-To: References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> From: denis bider Date: Mon, 5 Feb 2018 20:03:54 -0600 Message-ID: To: Jeremy Harris Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a1142e37c44dfa80564819720" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 02:03:58 -0000 --001a1142e37c44dfa80564819720 Content-Type: text/plain; charset="UTF-8" Bah, it's actually the opposite: https://tools.ietf.org/html/rfc8032#section-4 Ed25519 is PureEdDSA, and uses SHA-512 internally. Ed25519ph is HashEdDSA, and is identical to Ed25519(prehash(M)). It uses two hashes, both the prehash and the SHA-512 hash internal to Ed25519. What we actually want to do is this: Ed25519(sha256(M)) - this involves two hashes of the message, one DKIM SHA-256 hash because that's how hashes are done in DKIM, then sign that using Ed25519, which applies another SHA-512 hash that's internal to Ed25519. The confusion comes from that this is equivalent to: Ed25519ph-sha256(M) What the draft currently specifies is: Ed25519ph-sha256(sha256(M)) As specified, this inadvertently involves a triple hash. So yeah, the draft needs to say we're hashing first using sha256 as usual in DKIM, and then we're signing the result using PureEdDSA. Which just happens to be equivalent to Ed25519ph-sha256 when viewing both steps together. On Mon, Feb 5, 2018 at 7:37 PM, denis bider wrote: > I believe a confusion of terminology has occurred in the draft. > > My understanding is same as Jeremy's: Ed25519 performs the extra hash, > Ed25519ph is different in that it doesn't (it doesn't DO a pre-hash; it > EXPECTS pre-hashed input). > > My understanding of implementation availability is that Ed25519 (with the > extra hash) is available universally, Ed25519ph isn't. > > My understanding of the agreement reached on the list is that we do what's > universally available (Ed25519), and we do not do what isn't (Ed25519ph). > > It looks like the concepts were accidentally reversed when writing the > draft, which is understandable since it's confusing what the "ph" in > "Ed25519ph" stands for. > > denis > > > On Mon, Feb 5, 2018 at 6:16 PM, Jeremy Harris wrote: > >> On 05/02/18 22:30, John R. Levine wrote: >> >> I believe this has already been discussed and agreed on (to use >> >> Ed25519, and not Ed25519-prehash). The reasons were along the lines >> >> you mention. >> > >> > I went back and looked at the list archives and I see that Rich said >> > OpenSSL has "no plans to do prehash", which I somehow misread as "only >> > plans to do prehash." >> > >> > I think we're all in agreement so I'll take out the extra hash. Since >> > there's some other stuff I really should be doing, I might even hack >> > ed25519 into the perl code instead. >> >> I'm now re-confused. >> >> As far as I'm aware, my code (which interops with Scotts) is >> >> a) doing a sha256 >> b) feeding the result of (a) to a gnutls routine which does >> c.1) a sha512 >> c.2) an ed25519 signing, or verification >> >> That sounds like an "extra hash" to me. I'm unclear whether you're >> calling it "use Ed25519" or "use Ed25519-prehash". I'm unclear why >> you'll be taking out "the extra hash". I'm unclear whether the >> operation you're calling "ed25519ph()" is called that because it >> expects a pre-hashed lump of data (and is only doing a pure signing >> operation of a small amount of data) or whether it is called that >> because it first hashes a (probably large) amount of data and then >> signs it. >> >> -- >> Jeremy >> >> _______________________________________________ >> Dcrup mailing list >> Dcrup@ietf.org >> https://www.ietf.org/mailman/listinfo/dcrup >> > > --001a1142e37c44dfa80564819720 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Bah, it's actually the opposite:

https://tools.ietf.= org/html/rfc8032#section-4

Ed25519 is Pure= EdDSA, and uses SHA-512 internally.

Ed25519ph is H= ashEdDSA, and is identical to Ed25519(prehash(M)). It uses two hashes, both= the prehash and the SHA-512 hash internal to Ed25519.

=
What we actually want to do is this:

Ed25519(= sha256(M)) - this involves two hashes of the message, one DKIM SHA-256 hash= because that's how hashes are done in DKIM, then sign that using Ed255= 19, which applies another SHA-512 hash that's internal to Ed25519.

The confusion comes from that this is equivalent to:

Ed25519ph-sha256(M)

What t= he draft currently specifies is:

Ed25519ph-sha256(= sha256(M))

As specified, this inadvertently involv= es a triple hash.

So yeah, the draft needs to say = we're hashing first using sha256 as usual in DKIM, and then we're s= igning the result using PureEdDSA. Which just happens to be equivalent to E= d25519ph-sha256 when viewing both steps together.


On Mon, Feb 5, 2= 018 at 7:37 PM, denis bider <denisbider.ietf@gmail.com> wrote:
I believe a c= onfusion of terminology has occurred in the draft.

My un= derstanding is same as Jeremy's: Ed25519 performs the extra hash, Ed255= 19ph is different in that it doesn't (it doesn't DO a pre-hash; it = EXPECTS pre-hashed input).

My understanding of imp= lementation availability is that Ed25519 (with the extra hash) is available= universally, Ed25519ph isn't.

My understandin= g of the agreement reached on the list is that we do what's universally= available (Ed25519), and we do not do what isn't (Ed25519ph).

It looks like the concepts were accidentally reversed when= writing the draft, which is understandable since it's confusing what t= he "ph" in "Ed25519ph" stands for.

denis


On Mon, Feb 5, 2018 at 6:16= PM, Jeremy Harris <jgh@wizmail.org> wrote:
On 05/02/18 22:30, John R. Levine wrote:
>> I believe this has already been discussed and agreed on (to use >> Ed25519, and not Ed25519-prehash). The reasons were along the line= s
>> you mention.
>
> I went back and looked at the list archives and I see that Rich said > OpenSSL has "no plans to do prehash", which I somehow misrea= d as "only
> plans to do prehash."
>
> I think we're all in agreement so I'll take out the extra hash= .=C2=A0 Since
> there's some other stuff I really should be doing, I might even ha= ck
> ed25519 into the perl code instead.

I'm now re-confused.

As far as I'm aware, my code (which interops with Scotts) is

a) doing a sha256
b) feeding the result of (a) to a gnutls routine which does
=C2=A0 =C2=A0c.1) a sha512
=C2=A0 =C2=A0c.2) an ed25519 signing, or verification

That sounds like an "extra hash" to me.=C2=A0 I'm unclear whe= ther you're
calling it "use Ed25519" or "use Ed25519-prehash".=C2= =A0 I'm unclear why
you'll be taking out "the extra hash".=C2=A0 I'm unclear = whether the
operation you're calling "ed25519ph()" is called that because= it
expects a pre-hashed lump of data (and is only doing a pure signing
operation of a small amount of data) or whether it is called that
because it first hashes a (probably large) amount of data and then
signs it.

--
Jeremy

_______________________________________________
Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup


--001a1142e37c44dfa80564819720-- From nobody Mon Feb 5 20:06:11 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 837C8124235 for ; Mon, 5 Feb 2018 20:06:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cJLvgkWQrD5 for ; Mon, 5 Feb 2018 20:06:08 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CE20124234 for ; Mon, 5 Feb 2018 20:06:08 -0800 (PST) Received: (qmail 48384 invoked by uid 100); 6 Feb 2018 04:06:06 -0000 Date: 6 Feb 2018 04:06:06 -0000 Message-ID: From: "John Levine" To: dcrup@ietf.org Organization: Taughannock Networks References: <20180205193410.7F1EA1A4EE99@ary.qy> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> Cleverness: some X-Newsreader: trn 4.0-test77 (Sep 1, 2010) Originator: johnl@iecc.com (John Levine) Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 04:06:10 -0000 In article <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org>, Jeremy Harris wrote: >I'm now re-confused. Me too. >As far as I'm aware, my code (which interops with Scotts) is > >a) doing a sha256 So far so good. >b) feeding the result of (a) to a gnutls routine which does > c.1) a sha512 > c.2) an ed25519 signing, or verification That would be a rather odd thing for it to do. The ed25519ph algorithm is *not* the same as hash and then sign with ed25519. How about pulling out your signing code and feeding it the test vectors in RFC 8032 section 7.1 and see what result you get. If you get the same answers they do, you're not doing the sha512. If you don't get the same answers they do, I am at a loss to guess how you could interoperate witn Scott. R's, John -- Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Mon Feb 5 20:35:50 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01306126B6E for ; Mon, 5 Feb 2018 20:35:48 -0800 (PST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BANNED, message contains text/x-python,.exe,typetest.py X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYaoAO54AbEe for ; Mon, 5 Feb 2018 20:35:45 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D54B1205F0 for ; Mon, 5 Feb 2018 20:35:45 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 4098EC40245 for ; Mon, 5 Feb 2018 22:35:42 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517891742; bh=qhfwp7hN6/nHheKiJKyG0YyNdQmidg/rfaN4qsE1Ruk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=0wPiBp9Ehs8nekNZZ+CzWnSXNoqbgsAp9/WdVNxlCVLvDmz4O/5RotkIjs43CFp/R pG2HH6dwdKsijQ+/Jk0N+cajaeifRLpwhoQ45eK8pkxvhFmH72LMexLlG75uP0nFVD q2H1f1gG7GmW7GmY6NAQ8IQkhhJmGc/VcNciPzX4= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 23:35:40 -0500 Message-ID: <3486764.U0UkhtRSvi@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <20180205193410.7F1EA1A4EE99@ary.qy> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart2045538.31iXi66Yfz" Content-Transfer-Encoding: 7Bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 04:35:48 -0000 This is a multi-part message in MIME format. --nextPart2045538.31iXi66Yfz Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Tuesday, February 06, 2018 04:06:06 AM John Levine wrote: > In article <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org>, > > Jeremy Harris wrote: > >I'm now re-confused. > > Me too. > > >As far as I'm aware, my code (which interops with Scotts) is > > > >a) doing a sha256 > > So far so good. > > >b) feeding the result of (a) to a gnutls routine which does > > > > c.1) a sha512 > > c.2) an ed25519 signing, or verification > > That would be a rather odd thing for it to do. The ed25519ph algorithm > is *not* the same as hash and then sign with ed25519. > > How about pulling out your signing code and feeding it the test > vectors in RFC 8032 section 7.1 and see what result you get. If you > get the same answers they do, you're not doing the sha512. If you > don't get the same answers they do, I am at a loss to guess how you > could interoperate witn Scott. I'm definitely doing ed25519 (not ed25519ph) based on the RFC examples. Running the attached script yields: $ python3 typetest.py 7.1-1 signatures match 7.1-1 nacl pubkey and RFC match 7.1-2 signatures match 7.1-2 nacl pubkey and RFC match 7.3 signatures don't match b'\xc9Dl\x82\xf4#P\x87a3d\xb1\xe2\xc3\x1a\xed\n\xe9\xf1\x1ai\x82\x85\x99\x14\xbd\xd8V^\x11\x9d&\xcdGB<&\xc2\xa4\x9d_`\xd8G\xf7Q \xf4\xba\xda\x1a\x01\x06:\xaf\xef\x8f\xec\xb9\xa0~2\xe7\x07' 7.3 nacl pubkey and RFC match That means PyNaCl is producing signatures that match ed25519's and not ed25519ph, which is what I thought I was doing to start with. Scott K --nextPart2045538.31iXi66Yfz Content-Disposition: attachment; filename="typetest.py" Content-Transfer-Encoding: 7Bit Content-Type: text/x-python; charset="UTF-8"; name="typetest.py" #! /usr/bin/python3 # Signer import nacl.encoding import nacl.signing import binascii """ -----TEST 1 ALGORITHM: Ed25519 SECRET KEY: 9d61b19deffd5a60ba844af492ec2cc4 4449c5697b326919703bac031cae7f60 PUBLIC KEY: d75a980182b10ab7d54bfed3c964073a 0ee172f3daa62325af021a68f707511a MESSAGE (length 0 bytes): SIGNATURE: e5564300c360ac729086e2cc806e828a 84877f1eb8e5d974d873e06522490155 5fb8821590a33bacc61e39701cf9b46b d25bf5f0595bbe24655141438e7a100b """ # Modification of https://pynacl.readthedocs.io/en/latest/signing/ example # Secret Key (in hex) from RFC 8032 7.1 test 1 secrethex = b"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60" # Public Key (in hex) from RFC 8032 7.1 test 1 pubhex = b"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a" # Signature (in hex) of empty message from RFC 8032 7.1 test 1 msghex = b"e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b" signing_key = nacl.signing.SigningKey(secrethex, encoder=nacl.encoding.HexEncoder) # Sign empty message with the signing key signed = signing_key.sign(b"") # Signature should match RFC 8032 7.1 test 1 if msghex == binascii.hexlify(signed.signature): print("7.1-1 signatures match") else: print("7.1-1 signatures don't match") print(signed.signature) # Obtain the verify key for a given signing key verify_key = signing_key.verify_key # Serialize the verify key to send it to a third party verify_key_hex = verify_key.encode(encoder=nacl.encoding.HexEncoder) # Should be the same as the RFC public key: if pubhex == verify_key_hex: print("7.1-1 nacl pubkey and RFC match") else: print("7.1-1 nacl pubkey and RFC don't match") """ -----TEST 2 ALGORITHM: Ed25519 SECRET KEY: 4ccd089b28ff96da9db6c346ec114e0f 5b8a319f35aba624da8cf6ed4fb8a6fb PUBLIC KEY: 3d4017c3e843895a92b70aa74d1b7ebc 9c982ccf2ec4968cc0cd55f12af4660c MESSAGE (length 1 byte): 72 SIGNATURE: 92a009a9f0d4cab8720e820b5f642540 a2b27b5416503f8fb3762223ebdb69da 085ac1e43e15996e458f3613d0f11d8c 387b2eaeb4302aeeb00d291612bb0c00 """ # Modification of https://pynacl.readthedocs.io/en/latest/signing/ example # Secret Key (in hex) from RFC 8032 7.1 test 2 secrethex = b"4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb" # Public Key (in hex) from RFC 8032 7.1 test 2 pubhex = b"3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c" # Signature (in hex) of message from RFC 8032 7.1 test 2 msghex = b"92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00" signing_key = nacl.signing.SigningKey(secrethex, encoder=nacl.encoding.HexEncoder) # Sign empty message with the signing key signed = signing_key.sign(b'\x72') # Signature should match RFC 8032 7.1 test 2 if msghex == binascii.hexlify(signed.signature): print("7.1-2 signatures match") else: print("7.1-2 signatures don't match") print(signed.signature) # Obtain the verify key for a given signing key verify_key = signing_key.verify_key # Serialize the verify key to send it to a third party verify_key_hex = verify_key.encode(encoder=nacl.encoding.HexEncoder) # Should be the same as the RFC public key: if pubhex == verify_key_hex: print("7.1-2 nacl pubkey and RFC match") else: print("7.1-2 nacl pubkey and RFC don't match") """ -----TEST abc ALGORITHM: Ed25519ph SECRET KEY: 833fe62409237b9d62ec77587520911e 9a759cec1d19755b7da901b96dca3d42 PUBLIC KEY: ec172b93ad5e563bf4932c70e1245034 c35467ef2efd4d64ebf819683467e2bf MESSAGE (length 3 bytes): 616263 SIGNATURE: 98a70222f0b8121aa9d30f813d683f80 9e462b469c7ff87639499bb94e6dae41 31f85042463c2a355a2003d062adf5aa a10b8c61e636062aaad11c2a26083406 ----- """ # Secret Key (in hex) from RFC 8032 7.3 secrethex = b"833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42" # Public Key (in hex) from RFC 8032 7.3 pubhex = b"ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf" # Signature (in hex) of empty message from RFC 8032 7.3 msghex = b"98a70222f0b8121aa9d30f813d683f809e462b469c7ff87639499bb94e6dae4131f85042463c2a355a2003d062adf5aaa10b8c61e636062aaad11c2a26083406" signing_key = nacl.signing.SigningKey(secrethex, encoder=nacl.encoding.HexEncoder) # Sign empty message with the signing key signed = signing_key.sign(b"\x61\x62\x63") # Signature should match RFC 8032 7.3 if msghex == binascii.hexlify(signed.signature): print ("7.3 signatures match") else: print("7.3 signatures don't match") print(signed.signature) # Obtain the verify key for a given signing key verify_key = signing_key.verify_key # Serialize the verify key to send it to a third party verify_key_hex = verify_key.encode(encoder=nacl.encoding.HexEncoder) # Should be the same as the RFC public key: if pubhex == verify_key_hex: print("7.3 nacl pubkey and RFC match") else: print("7.1 nacl pubkey and RFC don't match") --nextPart2045538.31iXi66Yfz-- From nobody Mon Feb 5 20:58:33 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2CD126BFD for ; Mon, 5 Feb 2018 20:58:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kppH25Fm2cBk for ; Mon, 5 Feb 2018 20:58:30 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAED21200C1 for ; Mon, 5 Feb 2018 20:58:29 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id C82F5C40245 for ; Mon, 5 Feb 2018 22:58:28 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517893108; bh=Wwg2cMsty7cWYXzFlBkz/4TsKK/Efsjo4YLIM5e8dVQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=w1KpGGjSKvp/31oRlGfQfdob+0uwMFOq0MGRJ/BP6JTVPO8tGkUvd9em+z/WpIaCm dkqTU6OhwWyTF+INak/3FzfdbpckPyXtalsfCA14IaU877XjJjRu2UFPTkq1efrQx/ e1knnatYJwMGmXG+qizc5vuGPurK784WhX3zeqHA= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 05 Feb 2018 23:58:27 -0500 Message-ID: <2552161.vR27snHKBu@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <2046656.8I2TqWBbc6@kitterma-e6430> References: <2005843.OrHkAfkQ5T@kitterma-e6430> <2046656.8I2TqWBbc6@kitterma-e6430> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Working Group Last Call for draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 04:58:32 -0000 In addition to my remaining last call comments (particularly #1 below), I have an additional change to suggest. Currently the draft has: > 3. Ed25519-SHA256 Signing Algorithm > > The ed25519-sha256 signing algorithm computes a message hash as > defined in section 3 of [RFC6376], and signs it with the Hash variant > of Ed25519, as defined in in RFC 8032 section 5.1 [RFC8032]. The > signing algorithm is HashEdDSA. I think this needs to be reworded for clarity (based on our current confusion). I would suggest this (combining my previous LC comment and trying to clarify the current issue): > The Ed25519-SHA256 Signing Algorithm computes a message hash as described > in Section 3.7 of [RFC6376] using SHA-256 [FIPS-180-3-2008] as the > hash-alg and signs it with Ed25519, as defined in in RFC 8032 section 5.1 > [RFC8032]. Example keys and signatures below are based on RFC 8032 > section 7.1. It's unfortunate that the term Ed25519 is overloaded in RFC 8032, so it's not easy to specify. By specifying when example set we used for our example keys, it'll make it clear which the draft means. Scott K On Monday, January 22, 2018 11:38:38 PM Scott Kitterman wrote: > I know the last call was a long time ago and so it'd be easy to have > forgotten, but I think points 1 and 2 are still germane. It would also > still be nice to see a sample signature included. > > Scott K > > On Friday, December 01, 2017 06:57:31 PM Scott Kitterman wrote: > > On Friday, December 01, 2017 11:45:50 AM Murray S. Kucherawy wrote: > > > Colleagues, > > > > > > We hereby begin Working Group Last Call for > > > draft-ietf-dcrup-dkim-crypto, > > > to end December 15th. Please review the document and post the > > > (preferably > > > at least somewhat detailed) results of your reviews to the list or to > > > the > > > chairs and author by end of that day. Assuming no major revisions or > > > discussion are needed, we hope to have this shipped to Alexey by the > > > beginning of the December holidays. > > > > I've reviewed the document (and started working on implementation). I > > think it is generally ready to go, but I have four comments: > > > > 1. The existing RFC 6376 signature algorithms specify what to use for > > hash- alg. That's missing from the Ed25519-SHA256 definition in section > > 3. As implied by the name (and discussed on the list), the hash-alg > > should be SHA256. Recommend replacing the leading sentence phrase in > > section 3 with: > > > > The Ed25519-SHA256 Signing Algorithm computes a message hash as described > > in Section 3.7 of [RFC6376] using SHA-256 [FIPS-180-3-2008] as the > > hash-alg, ... > > > > This matches the way other signing algorithms are described in RFC 6376. > > > > 2. For clarity, per some of the IETF LC feedback on > > draft-ietf-dcrup-dkim- > > usage, recommend adding after the main body of section 3 and before the > > note: > > > > This is an additional DKIM signature algorithm added to Section 3.3 of > > [RFC6376] as envisioned in Section 3.3.4 of [RFC6376]. > > > > 3. Private key storage format > > > > Unlike RSA, Ed25519 does not appear to have a standardized textual format. > > I think it might make sense to specify that for DKIM Ed25519 purposes the > > private key is stored as the base64 encoded output of the RFC 8032 Section > > 5.1.5 private key generation processes. This would provide a (slightly) > > human readable private key representation that could be used by different > > implementations so that operators can safely switch implementations > > without > > regenerating keys and that are more understandable for trouble shooting > > purposes. > > > > 4. Examples > > > > It would be nice to have at least one signing example for implementers to > > use to verify correctness. I currently have either a signing bug or a > > verification bug in my work and I'm not sure which. If I had a known > > correct example to bounce my signing results against, that would help a > > lot. > > > > Scott K > > > > _______________________________________________ > > Dcrup mailing list > > Dcrup@ietf.org > > https://www.ietf.org/mailman/listinfo/dcrup > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup From nobody Tue Feb 6 01:46:59 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FEA3126CE8 for ; Tue, 6 Feb 2018 01:46:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9IyWCoI-1NZY for ; Tue, 6 Feb 2018 01:46:57 -0800 (PST) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6A8F124D6C for ; Tue, 6 Feb 2018 01:46:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1517910415; bh=YaBCIzg7tY6/+e2hwxi2BWtSa763ZLG9C71+zrI8BjY=; l=1427; h=To:References:From:Date:In-Reply-To; b=g9jdQPGDho48e9WzH9758xF9TFD7BrLar9ZpUNnrsRskNumrsPY5z9AmrQ4F94EyX pWMq98z/hZkSpGKzwOyfhlGgnZfOL7LGWjSaq5a3VgKYkC3UNT8KjPVuoRGgetB7+8 NCI1aoHTJoLJE8k4qZPa3g/XdupaGRuls7XOmHQ0= Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Tue, 06 Feb 2018 10:46:55 +0100 id 00000000005DC0CC.000000005A79798F.0000741A To: dcrup@ietf.org References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> From: Alessandro Vesely Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00 Message-ID: Date: Tue, 6 Feb 2018 10:46:55 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 09:46:59 -0000 On Tue 06/Feb/2018 01:16:56 +0100 Jeremy Harris wrote: >>> I believe this has already been discussed and agreed on (to use >>> Ed25519, and not Ed25519-prehash). The reasons were along the lines >>> you mention. >> >> I went back and looked at the list archives and I see that Rich said >> OpenSSL has "no plans to do prehash", which I somehow misread as "only >> plans to do prehash." >> >> I think we're all in agreement so I'll take out the extra hash.  Since >> there's some other stuff I really should be doing, I might even hack >> ed25519 into the perl code instead. > > I'm now re-confused. > > As far as I'm aware, my code (which interops with Scotts) is > > a) doing a sha256 I proposed that for messages shorter than, say, 4k, (a) be skipped. But doing that extra hash seems to require less code changes. With respect to Section 4 of rfc8032, I recommend that the draft say we opt for "(2) a single-pass interface for creating signatures." Draft readers ought not to be so confused as we are... > b) feeding the result of (a) to a gnutls routine which does > c.1) a sha512 > c.2) an ed25519 signing, or verification > > That sounds like an "extra hash" to me. The disadvantage is that (b) would have provided a collision-safe signature even if sha512 had collisions. We lower that to sha256's health. I don't think this is going to be a problem, but we have to state it. Ale From nobody Tue Feb 6 05:35:11 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C54B12DB70 for ; Tue, 6 Feb 2018 05:35:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWrVq3A8QFGL for ; Tue, 6 Feb 2018 05:35:08 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5470B12D77C for ; Tue, 6 Feb 2018 05:35:08 -0800 (PST) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w16DWk8T013984; Tue, 6 Feb 2018 13:35:07 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=g5vyDGSyZaSJWhgm1CKiwkWBOrsPGOf9rxat2VYfhUk=; b=bFkDM6VvRGh8lL+yjZUshNun5zh++7fCb+ZuK10BeyIXy21NaPWyd3XNy0owWOZXADUC Qp0KkrT4b4iNqHqIND++XaGNqX0mWzsPE9iiw3IxscDGGvDNr9xbpzPdV6/Ca/fcxpRi bTIBNsSajA6cP+8yegbiclWouymjLw5I8z+6Ai4TLvEbmwdBl0cf5vn8JiPOir52qsSM VJCvEaSYiBKeQk03F6B2uVUpNQreRb7Poh1apBnI4EM9sT9qeIm52f1kQm5jZKRMZjgP Nhwr9HXvNkAiaWQz6oQFpcIclQndDy6xqNr9lwuXxBJk80C8FqwD0pMambnI/3tIWuzO Pg== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2fw5g6b3hh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Feb 2018 13:35:07 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w16DUt70030469; Tue, 6 Feb 2018 08:35:06 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint2.akamai.com with ESMTP id 2fw9ae9m2k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 06 Feb 2018 08:35:05 -0500 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb2.msg.corp.akamai.com (172.27.123.59) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 6 Feb 2018 08:35:05 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 6 Feb 2018 08:35:04 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Tue, 6 Feb 2018 08:35:05 -0500 From: "Salz, Rich" To: Alessandro Vesely , "dcrup@ietf.org" Thread-Topic: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto Thread-Index: AQHTmqKfjG6+cXRWMEypzMoeK481UKOQg6CAgAAhk4CAAANtAIAAAYQAgACCQICAAuOMgIAABIMAgAHI2YCAALHWgIAABkKAgAANcICAAB1wgIAAHeAAgACfQICAAD+4AA== Date: Tue, 6 Feb 2018 13:35:04 +0000 Message-ID: References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.20] Content-Type: text/plain; charset="utf-8" Content-ID: <7B9F9B8D9F494246A1F070B1260522AB@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-06_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=929 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802060170 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-06_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=869 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802060171 Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 13:35:10 -0000 4p6iIEkgcHJvcG9zZWQgdGhhdCBmb3IgbWVzc2FnZXMgc2hvcnRlciB0aGFuLCBzYXksIDRrLCAo YSkgYmUgc2tpcHBlZC4gIEJ1dCBkb2luZw0KICAgIHRoYXQgZXh0cmEgaGFzaCBzZWVtcyB0byBy ZXF1aXJlIGxlc3MgY29kZSBjaGFuZ2VzLg0KICAgIA0KSSB0aGluayB0aGF0IHdvdWxkIGJlIGEg dmVyeSB2ZXJ5IGJhZCBpZGVhLiAgSXQgbWFrZXMgdGhlIGNvZGUgbW9yZSBjb21wbGV4IC0tIGl0 IGRvdWJsZXMgdGhlIG51bWJlciBvZiBhbGdvcml0aG1zIHRoYXQgbXVzdCBiZSBpbXBsZW1lbnRl ZC4gIE9wdGltaXppbmcgdG8gcmVtb3ZlIGFuIOKAnGV4dHJh4oCdIGhhc2ggaXMgbm90IHdvcnRo IGl0LiBNb3N0IG9mIHRoZSB0aW1lIHRoaXMgd2lsbCBiZSBydW5uaW5nIG9uIHNlcnZlcnMgd2l0 aCBoYXJkd2FyZSBhc3Npc3QgYW5kL29yIG9wdGltaXplZCBoYW5kLXR1bmVkIGFzc2VtYmxlcg0K DQo= From nobody Tue Feb 6 09:09:53 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3005126CF6 for ; Tue, 6 Feb 2018 09:09:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.009 X-Spam-Level: X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=gItM5Aas; dkim=pass (1536-bit key) header.d=taugh.com header.b=fi2BoqW8 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A5n6J7Gd55sT for ; Tue, 6 Feb 2018 09:09:42 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F033112D855 for ; Tue, 6 Feb 2018 09:09:40 -0800 (PST) Received: (qmail 79279 invoked from network); 6 Feb 2018 17:09:39 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=135ad.5a79e153.k1802; bh=PMc4tFqsDSgvMvNFOx0YY8bZOXKGnJYdpC9CkYYEHGs=; b=gItM5AasYalT7LEXqw5p3IVfUGovQifW1lKNFgf7rrUBpOuh0icqLFuLFKMQXZVy9PsXWjQRvIUQBDbAdiXGuytzk9NT5LuOpD+pV2ZRANmdxNlQFUHhhjJ54ZNNdUxYx8UM3l7GLtJ+Bd0xXmsiWMtCEGTV7QLGqJhEPOxQ7OC/VAHoQrRhJF5kGYPaBA+O+LJousAEx6BC4LqjgpNgIFAJiU6VmnsX4kb4AQ4LY8AFfoPqXhtwkRm0NVDZU2mp DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=135ad.5a79e153.k1802; bh=PMc4tFqsDSgvMvNFOx0YY8bZOXKGnJYdpC9CkYYEHGs=; b=fi2BoqW8mXjU6zrDY8zvzusSQ8kgGb/KVQLlabtm7c3V/3APSdZsD4/DoNjae5Ph8umBoNw3i6lKBZsUBascEATiFL3IKybQsmu2f6bI4Laeg0wxU3UThxMZYrBTrvMo97XcvQTn8cIgniTdbGGTbb2X23QLCd9QkdZg62sHBYaGAbKuINIH+2up1ns1ND4bYaVnWTWWLGCVP0x2mzfRQfetTvcfdXMRyr4ULHUgKtO/QZ+7gIHB3hWBNH/Tr7lG Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 06 Feb 2018 17:09:39 -0000 Received: by ary.qy (Postfix, from userid 501) id 370211A5756C; Tue, 6 Feb 2018 12:09:38 -0500 (EST) Date: 6 Feb 2018 12:09:38 -0500 Message-Id: <20180206170939.370211A5756C@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: denisbider.ietf@gmail.com In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2018 17:09:44 -0000 In article you write: >https://tools.ietf.org/html/rfc8032#section-4 > >Ed25519 is PureEdDSA, and uses SHA-512 internally. Yup. >Ed25519ph is HashEdDSA, and is identical to Ed25519(prehash(M)). Nope. Look for the the definition of dom2() on page 5 and for the context at the top of page 10 in RFC 8032, and also note that the last test in section 7.1. which does ed25519(SHA("abc")) has a different answer from the test in section 7.3 which does ed26619ph("abc") >The confusion comes from that this is equivalent to: > >Ed25519ph-sha256(M) Again, nope. >What the draft currently specifies is: > >Ed25519ph-sha256(sha256(M)) That's fixed in the next version. R's, John From nobody Tue Feb 6 21:07:05 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F3F1200E5 for ; Tue, 6 Feb 2018 21:07:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXchweQxUqWf for ; Tue, 6 Feb 2018 21:07:02 -0800 (PST) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F320C1243F6 for ; Tue, 6 Feb 2018 21:07:01 -0800 (PST) Received: by mail-qk0-x231.google.com with SMTP id d125so5363526qkg.13 for ; Tue, 06 Feb 2018 21:07:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DSblTRE3t2YKHs6rgGO8LPfH5/yRxSxRUYHRc/bAcYY=; b=uO73bQmOyTgoFRIQOZ7MwprHQWLZN1EMVCJ7wIm1dpe5yInPrmcxwyE1Cml+Ze4fTL yjWtUgB/tmXSZcl4j5H9VZOYYjI3N9vLUgkSwzHvD6f/olqxv82X+wYdoHEzOsGG9mI2 8NQKqryF0biRmhWEQpkbQ90RowBCTbt9r0sDxM9DbUpnv92XHergzpQwXM6WWxx6GsgR JSRd1qLM6EMcRHhX0htlpmvgIgmXhyZBdJZBPGRCK4GjbCLhX3g6gZz2oAZlZxIHh+iu hCFv1sRAokqcKs2Wc3Ymmsnxp2k63eCjiifne/evYQfnebpqgS9EN1Gg9rKiddkDAvny O8rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DSblTRE3t2YKHs6rgGO8LPfH5/yRxSxRUYHRc/bAcYY=; b=YGEl9cz5eLyOxl9Th8lOyZhY/X7epoGfgpCpVV70Z1kM8B8o1aZvxMdSooq2ycYlTX XvXefcPUVy+fDqilDY9w7c9Up012cPtX8ORN/hLySOURZ5+mD8bQEVCOiP/gEh66mm7R snrGkpE3JtwByonqoXHS5/z1mw1c4E8ZI3waxcw2Kk1nFbMGvhRq5WmneeAD3lUV9dkE tEAv84Hw+5+pmVZRX5Dan2MfdZ75i+VMTpf5AhiRPL3nvEV85rY/G+DJkliZb0Mqjndq SWqZ0fvDfquuo0rb1ORtk7S0rKSt/67QFb6r4gmP8e0yb+E7KZKhQfqRGM6bByKyvcu/ aRRg== X-Gm-Message-State: APf1xPAdihJA9EF6CKnYb0EfcraxdwZDkn5S5rSxykZwQFnUueu/NweC ONHa6bMGse04pv1mI98QwUZ4YwiIJ9D8puVjOQ4= X-Google-Smtp-Source: AH8x224/DEpGgi0iw+uUeAhOZtAQG7XyWF9Hcj41aGlyPxGn5GaKhZsDBjg8u2/Aj04EwyizeJGPR05E+9ERTg23kvw= X-Received: by 10.55.86.195 with SMTP id k186mr6807925qkb.338.1517980021012; Tue, 06 Feb 2018 21:07:01 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.145.238 with HTTP; Tue, 6 Feb 2018 21:07:00 -0800 (PST) In-Reply-To: <20180206170939.370211A5756C@ary.qy> References: <20180206170939.370211A5756C@ary.qy> From: denis bider Date: Tue, 6 Feb 2018 23:07:00 -0600 Message-ID: To: John Levine Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a114e89c0edc18a05649843e0" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 05:07:04 -0000 --001a114e89c0edc18a05649843e0 Content-Type: text/plain; charset="UTF-8" Aye - I missed the dom2 stratagem in the Ed25519ph construction. Sigh. I understand the reasoning, but on the other hand, I think I can see why no one supports this. :) Thanks for the correction! On Tue, Feb 6, 2018 at 11:09 AM, John Levine wrote: > In article gmail.com> you write: > >https://tools.ietf.org/html/rfc8032#section-4 > > > >Ed25519 is PureEdDSA, and uses SHA-512 internally. > > Yup. > > >Ed25519ph is HashEdDSA, and is identical to Ed25519(prehash(M)). > > Nope. > > Look for the the definition of dom2() on page 5 and for the context at > the top of page 10 in RFC 8032, and also note that the last test in > section 7.1. which does ed25519(SHA("abc")) has a different answer > from the test in section 7.3 which does ed26619ph("abc") > > >The confusion comes from that this is equivalent to: > > > >Ed25519ph-sha256(M) > > Again, nope. > > >What the draft currently specifies is: > > > >Ed25519ph-sha256(sha256(M)) > > That's fixed in the next version. > > R's, > John > --001a114e89c0edc18a05649843e0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Aye - I missed the dom2 stratagem in the Ed25519ph constru= ction. Sigh. I understand the reasoning, but on the other hand, I think I c= an see why no one supports this. :)

Thanks for the corre= ction!

On Tue, Feb 6, 2018 at 11:09 AM, John Levine <johnl@taugh.com> wrote:
In article <= CADPMZDAsLEy0kbsh9rs0Bi=3DWWdkQdhY-XW_75Ynm4nY+2szwRA@mail.gmail.com>= you write:
>https://tools.ietf.org/html/rfc8032#section-4<= /a>
>
>Ed25519 is PureEdDSA, and uses SHA-512 internally.

Yup.

>Ed25519ph is HashEdDSA, and is identical to Ed25519(prehash(M)).

Nope.

Look for the the definition of dom2() on page 5 and for the context at
the top of page 10 in RFC 8032, and also note that the last test in
section 7.1. which does ed25519(SHA("abc")) has a different answe= r
from the test in section 7.3 which does ed26619ph("abc")

>The confusion comes from that this is equivalent to:
>
>Ed25519ph-sha256(M)

Again, nope.

>What the draft currently specifies is:
>
>Ed25519ph-sha256(sha256(M))

That's fixed in the next version.

R's,
John

--001a114e89c0edc18a05649843e0-- From nobody Tue Feb 6 22:50:59 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54790120726 for ; Tue, 6 Feb 2018 22:50:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N16DiNn1ladQ for ; Tue, 6 Feb 2018 22:50:54 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBA6E1204DA for ; Tue, 6 Feb 2018 22:50:53 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 90C17C402A6 for ; Wed, 7 Feb 2018 00:50:50 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1517986250; bh=DF0UKW38LT6rVmtubx88oq0gEc8nGVSLiKNJk3Q0iRE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=1ArMGjoHOLOtkhqw33pTWx0ePv/w7tvwbfmEp142HE+OANcSEF3NfjE0ZBdvBWiJ8 1rF4t3ymlKLveNGYJIr4IHhEwSQxGqM45ifnzHpJYDha8/nMH+ief4g7ZvFBKHwIt7 1wbN+OQwJ7wZFnmM/2Qje8cO6vFhzG6/leqyEEVs= From: Scott Kitterman To: dcrup@ietf.org Date: Wed, 07 Feb 2018 01:50:49 -0500 Message-ID: <2384649.9gWQ8Hzrfm@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <20180206170939.370211A5756C@ary.qy> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 06:50:57 -0000 On Tuesday, February 06, 2018 11:07:00 PM denis bider wrote: > Aye - I missed the dom2 stratagem in the Ed25519ph construction. Sigh. I > understand the reasoning, but on the other hand, I think I can see why no > one supports this. :) > > Thanks for the correction! > > On Tue, Feb 6, 2018 at 11:09 AM, John Levine wrote: > > In article > > > gmail.com> you write: > > >https://tools.ietf.org/html/rfc8032#section-4 > > > > > >Ed25519 is PureEdDSA, and uses SHA-512 internally. > > > > Yup. > > > > >Ed25519ph is HashEdDSA, and is identical to Ed25519(prehash(M)). > > > > Nope. > > > > Look for the the definition of dom2() on page 5 and for the context at > > the top of page 10 in RFC 8032, and also note that the last test in > > section 7.1. which does ed25519(SHA("abc")) has a different answer > > from the test in section 7.3 which does ed26619ph("abc") > > > > >The confusion comes from that this is equivalent to: > > > > > >Ed25519ph-sha256(M) > > > > Again, nope. > > > > >What the draft currently specifies is: > > > > > >Ed25519ph-sha256(sha256(M)) > > > > That's fixed in the next version. > > > > R's, > > John Thanks. I went ahead and released dkimpy 0.7.0 based on this assumption. As far as I know it does everything this draft intends to solve. Hopefully that will get more people to notice and maybe there will be additional feedback. If I'm wrong, version numbers are cheap. In the mean time, I believe we are closing in on it. Scott K From nobody Wed Feb 7 00:39:30 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16591200C1 for ; Wed, 7 Feb 2018 00:39:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pA_Jl1C3_Gnd for ; Wed, 7 Feb 2018 00:39:26 -0800 (PST) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D328126B6E for ; Wed, 7 Feb 2018 00:39:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1517992763; bh=yGbFF2HohlUL+2PD6OXwp0x603uEFuQ/XncCqUkQ3/c=; l=780; h=To:References:From:Date:In-Reply-To; b=xNyhTxYk1o+m5TQKBEv2VWPRA6Y6nafJEb2y7mk+W2L22YvPgOppbprwvPkUYoiaQ rEsO2MZ8DaX/hTEVSIDt5ClAZrdiy6ZMurkacziKF8X8Xo/OwHbOyq1SabPEDJOH+8 FulT0Ve6FxSAOma5+M7lDJz7Ujnxqbpsnm5f2STs= Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Wed, 07 Feb 2018 09:39:22 +0100 id 00000000005DC0C8.000000005A7ABB3A.000039F3 To: dcrup@ietf.org References: <20180205193410.7F1EA1A4EE99@ary.qy> <3167570.jLmRcgZrqZ@kitterma-e6430> <6F4EB833E2894C00B68F46FB9C7F29DF@Khan> <0f52d8da-3389-bda3-89ce-1cd45094813e@wizmail.org> From: Alessandro Vesely Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00 Message-ID: <4cb6e834-8226-5cf2-d26f-8b54e6b1cdcc@tana.it> Date: Wed, 7 Feb 2018 09:39:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 08:39:28 -0000 On Tue 06/Feb/2018 14:35:04 +0100 Salz, Rich wrote: >> I proposed that for messages shorter than, say, 4k, (a) be skipped. But doing >> that extra hash seems to require less code changes. > > I think that would be a very very bad idea. It makes the code more complex That's ok, I didn't mean to re-discuss it. However, mentioning that possibility, for example when introducing the Ed25519-SHA256 Signing Algorithm in Section 3, could clarify to casual readers what is being done. For example: Since we use Ed25519, we could have opted to pass the cleartext to be signed directly. Instead, we opted to pass a sha256 digest, which provides for a single-pass interface, more easily attainable stemming from legacy RSA-only implementations of DKIM. jm2c Ale From nobody Wed Feb 7 09:12:11 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1143C127076 for ; Wed, 7 Feb 2018 09:12:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=ezP0J0wI; dkim=pass (1536-bit key) header.d=taugh.com header.b=ICxnZtkw Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-FHCaYxDj08 for ; Wed, 7 Feb 2018 09:12:06 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78E71242F7 for ; Wed, 7 Feb 2018 09:12:06 -0800 (PST) Received: (qmail 34462 invoked from network); 7 Feb 2018 17:12:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=869c.5a7b3365.k1802; bh=TXAIoLP9Ilg4iY/hCWc7CMgqvY6xDvdqkSMcSSWE6p8=; b=ezP0J0wIwqghN4ED9/yFpqXBwQMlIHnzci82OsRJj2ANFEuxpMfQ1VvX9UelW644gdRD1esNkplYObZLcv0+UuH6Ykdehc7eYCX3b6RL7HM4hA17wioXBeMiVddrmZv87PKu/r0KJoKW7hzE5zfujhQo+ktAzEmmvUCcihi526l2wI7+0zQLV5HdvB6r6zEbhCz/CClH4X6dwMxfyyu7xU7LJ25Bd0Hkq//obaFXN159aFS0XVgiuqSfdnBB5+lU DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=869c.5a7b3365.k1802; bh=TXAIoLP9Ilg4iY/hCWc7CMgqvY6xDvdqkSMcSSWE6p8=; b=ICxnZtkwjV/RaaPV0NgsQv6oYlmevBiiOJbNo7Sq5Hno5F1Sgy661UC2IeoJQSp93J/li1jwmy87LfcnGC1dtQxOfstKJFTbbZ/npRBX0daldDdMSelki9nyDhFBSfhw6hlf+MYu3Lw3qCcJfeS1GrQoRyoGjTrxZ1VT/ULKphJtIwqxO0jTveSHhF9Ggd0wGEfNZCBAVsqlHswHZoeCgFhW6MHZajoQDPp+Kv4CUOu5vf4jUoo0mKCvnWfhAk87 Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 07 Feb 2018 17:12:05 -0000 Received: by ary.qy (Postfix, from userid 501) id F0F0C1A5E207; Wed, 7 Feb 2018 12:12:04 -0500 (EST) Date: 7 Feb 2018 12:12:04 -0500 Message-Id: <20180207171204.F0F0C1A5E207@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: vesely@tana.it In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 17:12:09 -0000 >I proposed that for messages shorter than, say, 4k, (a) be skipped. But doing >that extra hash seems to require less code changes. > >With respect to Section 4 of rfc8032, I recommend that the draft say we opt for >"(2) a single-pass interface for creating signatures." Draft readers ought not >to be so confused as we are... > >> b) feeding the result of (a) to a gnutls routine which does >> c.1) a sha512 >> c.2) an ed25519 signing, or verification >> >> That sounds like an "extra hash" to me. >The disadvantage is that (b) would have provided a collision-safe signature >even if sha512 had collisions. We lower that to sha256's health. I don't >think this is going to be a problem, but we have to state it. Definitely not. This adds more overall complexity for no practical benefit. We have running code, two implementations that interoperate. So I really really hope as soon as we get the examples to splice into the draft, we're done. R's, John From nobody Wed Feb 7 20:43:51 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C3E712D777 for ; Wed, 7 Feb 2018 20:43:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WapXgt2UIVAd for ; Wed, 7 Feb 2018 20:43:47 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4728B1241F3 for ; Wed, 7 Feb 2018 20:43:47 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 8FE63C4015B for ; Wed, 7 Feb 2018 22:43:43 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518065023; bh=Xh2MizX6aQWrA+aeu50eimuDiOV988lVuxA1exuR5/o=; h=From:To:Subject:Date:In-Reply-To:References:From; b=xAxlCqRjgehz/IKPD9jaMho881ElNw5OcHJ7eFs0g6GR4fZXxYRGIMUiA4MFRmZbn QqUzmzXQsJPfGOepWRxk4RCBzzJWMgY3Olr6EQlDjsMw3crxoB1cBoLDDbRygqTS29 J4G4OBrYTVSr7RIA2VvwTUSRlXOJghgCSiNYg+Gw= From: Scott Kitterman To: dcrup@ietf.org Date: Wed, 07 Feb 2018 23:43:42 -0500 Message-ID: <4405549.Ah4LRhlE6C@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <20180207171204.F0F0C1A5E207@ary.qy> References: <20180207171204.F0F0C1A5E207@ary.qy> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart2636322.nHkH2anq0k" Content-Transfer-Encoding: 7Bit Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 04:43:49 -0000 This is a multi-part message in MIME format. --nextPart2636322.nHkH2anq0k Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Wednesday, February 07, 2018 12:12:04 PM John Levine wrote: > >I proposed that for messages shorter than, say, 4k, (a) be skipped. But > >doing that extra hash seems to require less code changes. > > > >With respect to Section 4 of rfc8032, I recommend that the draft say we opt > >for "(2) a single-pass interface for creating signatures." Draft readers > >ought not to be so confused as we are... > > > >> b) feeding the result of (a) to a gnutls routine which does > >> > >> c.1) a sha512 > >> c.2) an ed25519 signing, or verification > >> > >> That sounds like an "extra hash" to me. > > > >The disadvantage is that (b) would have provided a collision-safe signature > >even if sha512 had collisions. We lower that to sha256's health. I don't > >think this is going to be a problem, but we have to state it. > > Definitely not. This adds more overall complexity for no practical benefit. > > We have running code, two implementations that interoperate. So I > really really hope as soon as we get the examples to splice into the > draft, we're done. Here are four signatures (different canonicalizations) of the attached message (take from the RFC 6376 examples) using the RFC 8032 section 7.1 keys. DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; d=example.com; i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : to : subject : date : message-id : from : subject : date; bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; b=Mj7y77UZsr6byb6fk1BIMpiyHZxcowFkqvJ6F4eY4njHotFIOjTFdgHr XLDMt0jmh825Cz9vB6D5qOY1dUuECw== DKIM-Signature: v=1; a=ed25519-sha256; c=simple/relaxed; d=example.com; i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : to : subject : date : message-id : from : subject : date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=M1Vb4fEK0ArpknLL7NDIuTxDk2lHaSo1IBAzvcQLQJRcWHTNalHYIRU1 pCDDil/QPUE43jbbxpsSYFRpimciCQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=example.com; i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : to : subject : date : message-id : from : subject : date; bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; b=IBZHsUwdU/NsqUAJ2mdNGbf/YIkDWc77wIMBXxRa+JJCfvTUW9eLylxq HqYi8SKwZ3u5JDnalh1YhJ8xbNVfAg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=example.com; i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : to : subject : date : message-id : from : subject : date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=y+8dPwTZtEcxLGqb/3uVXEwp7Kd2ndscOKEkr5uowppsP5T5ptKdkFuM 0iI0gU9TtGI8oO8JzbF91tR2w0kCDQ== If someone can double check that one or more of those verify, then I think that'll work for examples. Scott K --nextPart2636322.nHkH2anq0k From: Joe SixPack To: Suzie Q Subject: Is dinner ready? Date: Fri, 11 Jul 2003 21:00:37 -0700 Message-ID: <20030712040037.46341.5F8J@football.example.com> Hi. We lost the game. Are you hungry yet? Joe. --nextPart2636322.nHkH2anq0k-- From nobody Sun Feb 11 16:29:18 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9266126D3F for ; Sun, 11 Feb 2018 16:29:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyYqI2F--ACP for ; Sun, 11 Feb 2018 16:29:13 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 819451270AE for ; Sun, 11 Feb 2018 16:29:12 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 524DCC401E9 for ; Sun, 11 Feb 2018 18:29:11 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518395351; bh=+vy1F0szz4iKLGe2GWLXIBbP4pKJmxjP0nocJjYIhjE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=gUsCwaLRFl9GBA50ntlaZO8jEt+cAGN/MbexlL6MvgiJ42BfXN5dwHng4KMjvXmtA sZAFQ68XOiHYGinTWn7bJ4N7RmWU6SjiHuFtV/bC8wS9Q1ycdO0STJjTXKd0UgxCmo GBq2QU4iyS9cZ458Y66/BxpXXjwXXEdA8dw8jyyc= From: Scott Kitterman To: dcrup@ietf.org Date: Sun, 11 Feb 2018 19:29:10 -0500 Message-ID: <4294613.lObMg4lSD7@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <4405549.Ah4LRhlE6C@kitterma-e6430> References: <20180207171204.F0F0C1A5E207@ary.qy> <4405549.Ah4LRhlE6C@kitterma-e6430> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 00:29:17 -0000 On Wednesday, February 07, 2018 11:43:42 PM Scott Kitterman wrote: > On Wednesday, February 07, 2018 12:12:04 PM John Levine wrote: > > >I proposed that for messages shorter than, say, 4k, (a) be skipped. But > > >doing that extra hash seems to require less code changes. > > > > > >With respect to Section 4 of rfc8032, I recommend that the draft say we > > >opt > > >for "(2) a single-pass interface for creating signatures." Draft readers > > >ought not to be so confused as we are... > > > > > >> b) feeding the result of (a) to a gnutls routine which does > > >> > > >> c.1) a sha512 > > >> c.2) an ed25519 signing, or verification > > >> > > >> That sounds like an "extra hash" to me. > > > > > >The disadvantage is that (b) would have provided a collision-safe > > >signature > > >even if sha512 had collisions. We lower that to sha256's health. I > > >don't > > >think this is going to be a problem, but we have to state it. > > > > Definitely not. This adds more overall complexity for no practical > > benefit. > > > > We have running code, two implementations that interoperate. So I > > really really hope as soon as we get the examples to splice into the > > draft, we're done. > > Here are four signatures (different canonicalizations) of the attached > message (take from the RFC 6376 examples) using the RFC 8032 section 7.1 > keys. > ... > > If someone can double check that one or more of those verify, then I think > that'll work for examples. > > Scott K FYI, you can ignore these. I generated them with the wrong key. I'll send a correction once Jeremy can verify I didn't mess it up this time. Scott K From nobody Tue Feb 13 22:15:19 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B783120724 for ; Tue, 13 Feb 2018 22:15:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OlLJKJn9KTp for ; Tue, 13 Feb 2018 22:15:15 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86F971200E5 for ; Tue, 13 Feb 2018 22:15:13 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id AC638C401B8 for ; Wed, 14 Feb 2018 00:15:12 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518588912; bh=kFuJx+Dlog4nJwRHOM7iEBQE78h7OgZOx0fYAJCaXJw=; h=From:To:Subject:Date:From; b=0NCHLwK8GvbXfot8Xlc9AwfrUxu/CjYAh2RZSZjmXk+YuM9CHbNF6OhjEEyxz4Gw+ RZn1+gre0KfM6YXmv+p3kvzPOJ+o9h9ptKVaQ2OQJHLN91azauaDEedNayqR1JeL69 Lb+A0Ow9ePYfOnJ0zCgqsFX8FuzsQokoduu/GjTo= From: Scott Kitterman To: dcrup@ietf.org Date: Wed, 14 Feb 2018 01:15:13 -0500 Message-ID: <1758927.omyoBIiuhu@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 06:15:17 -0000 As I'm working on an application level implementation of DKIM signing/verification with Ed25519 added, I find myself wishing we could put the algorithm in the AR header field. I think we should because I can imagine downstream consumers wanting to treat rsa-sha1, rsa-sha256, and ed25519-sha256 differently. It would also be useful to testing and architecture level debugging. Can we add something like this to the IANA considerations section: 8.2. Authentication Results Registration IANA is requested to register the following in the "Email Authentication Methods" registry: Method: dkim Specifying Document: [this document] ptype: header Property: a Value: DKIM signing algorithm Status: active Version: 1 I think this is much better than stuffing it in a comment. Scott K From nobody Wed Feb 14 07:29:36 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E13BA124C27 for ; Wed, 14 Feb 2018 07:29:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=rLfsOXXP; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=lMpJGfRo Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAKw8cjOdxB3 for ; Wed, 14 Feb 2018 07:29:33 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 609FC12946D for ; Wed, 14 Feb 2018 07:29:33 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A87B820A54 for ; Wed, 14 Feb 2018 10:29:32 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 14 Feb 2018 10:29:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=iPwG3W+xMUrJjSbTzgPnW/LnXTtqf FSvowGlaf4X6Vo=; b=rLfsOXXPBVcb90rjTKAYNTDjP1XhPPRrIYSphDyIEPs3Y oD+eo52BUpxe6BrWjvhAPgiQe9mYf/dkLW0FWkWjKo2UNQyn0n5AhKs7L7HtjePg YZRJtyxdX7dMtSeOU7LvVF2LCNGEDOXNk3Ytk1o6niJ5JQu4oMjz5rKFhqGK5DQg ciVqeza/DrJgQi9E+yZ8jjLWV1TQn41phjVdU5dfD5MEBattc/kt73FKRZsg+M4k DNtP2bkSCau5w8ONQbjQCyKrOKTJOJasKVFo+Ot0EiMNMMfFkAcLRLb+y+jSyf5Z /kctkFW9g8Q3Y/PH23wG0jCb7hqeERrP+WwhXrUaQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=iPwG3W +xMUrJjSbTzgPnW/LnXTtqfFSvowGlaf4X6Vo=; b=lMpJGfRoxULWieNeK07aIr hNbI0lx2lxhFzRXvg4ovYrFsCon8FXogjXlTqgbtW1clEPvU4BSpYLeOTtZ3OSwD aM8BpKUEKhwme/yRbp++HFf3vw1pNuU7qh2NrMxN1paZLMrw28+Y8PVfVYPvg560 xtZvIkRFrVlV0VL+BCwZknpWQzk8ow18O2w438pPwy1Fo+eiOVmDYxeyuoWXbxBM w3ZEY0/pXOwwS0o8i1xUw1TlIyS8u+/6lip/DIDhxGW0zB/lacVySavgLkvaMeo7 PZ69MkprYnTNlBJiY8iHOC4liWO2hEXNGCUXTF+BfneKcDfI8N337tHhKgHKPRvg == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 60F677E446 for ; Wed, 14 Feb 2018 10:29:32 -0500 (EST) References: <1758927.omyoBIiuhu@kitterma-e6430> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <1758927.omyoBIiuhu@kitterma-e6430> Message-Id: <6E063324-3FD1-4B14-A0FE-51236FBE5413@glyphein.mailforce.net> Date: Wed, 14 Feb 2018 10:29:31 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 15:29:35 -0000 > On Feb 14, 2018, at 1:15 AM, Scott Kitterman wrote:= >=20 > As I'm working on an application level implementation of DKIM=20 > signing/verification with Ed25519 added, I find myself wishing we could pu= t=20 > the algorithm in the AR header field. >=20 > I think we should because I can imagine downstream consumers wanting to tr= eat=20 > rsa-sha1, rsa-sha256, and ed25519-sha256 differently. Thank you for bringing this up, because I encountered this issue last week w= ith a server I don't administer. It wasn't the end of the world, but an extr= a field would have been nice. Thanks, Stan= From nobody Wed Feb 14 08:17:47 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0370A129C6E for ; Wed, 14 Feb 2018 08:17:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bMqgUPL4MM3 for ; Wed, 14 Feb 2018 08:17:43 -0800 (PST) Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B80B6127873 for ; Wed, 14 Feb 2018 08:17:42 -0800 (PST) Received: by mail-lf0-x232.google.com with SMTP id w10so17402106lfc.9 for ; Wed, 14 Feb 2018 08:17:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ALedTpasZjKIAbAAS/m21lvEizCp88679UX7AWUp6SU=; b=KRCtn1125hni0LCSgRiuzxwbDfCZe30yzjFMp4tQjLrr3ggCa7vQYGy8Rt73nFCcPU HbRQ/Wvz6DZVBWumMTexbT2RNxYCOeG9PxdFslANPKH45qDx8S+lbU5Ppp3Ew7EtGqOR 15ZBA+UEYX94y1ZAPv0o9IHaICebdt4pEqThI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ALedTpasZjKIAbAAS/m21lvEizCp88679UX7AWUp6SU=; b=TDX6QcPx8hW+MgIIBB3y9U6oFTHuiaX/BjG01ivCW0JvkntNJ0eJUgbZPHc4XirPAo GBPlewuL+xnoELcbOQ8aVkzWN6JmtJScH2gGUNxutMY1KVb/AGfhAOvuRHl/fQ/hl7TP OM3w085zXbDKceabNbbolgs7hoDxATG2gimSKWT8WG19UvD6YqtzbyRD0+622nHyFsRK mRbo6AaBkzULf6CTrEJUZ6j26nrOy/UaZsSaJr1S+i1LKvJERevy2sOgQCD8AtzOsCZV 8ae4WP1MVGMlgO4oHLgWhOb0zAB0gppeySRMWHyKPpLg+83mfqxw13LERBoXKjyHMyIf uoqQ== X-Gm-Message-State: APf1xPB0IDfkt8vqpAQw4uIfbQVx4cyzsLINpSh3dtvKNOT8+PEOMDxH 1eAs6K5rlU+H4ygQGIWUVc4AFFvkxD86x9I+rUfO8Er5 X-Google-Smtp-Source: AH8x225VuCqcSWuE27T/azI+8oPYKcxMAS4SWrxf3dr4pY7vTg9c9SlIIk7NA+v71xszJ1cAF48iAjCPswRaM74xCAY= X-Received: by 10.25.227.1 with SMTP id a1mr3694141lfh.54.1518625059795; Wed, 14 Feb 2018 08:17:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.81.206 with HTTP; Wed, 14 Feb 2018 08:17:38 -0800 (PST) In-Reply-To: <6E063324-3FD1-4B14-A0FE-51236FBE5413@glyphein.mailforce.net> References: <1758927.omyoBIiuhu@kitterma-e6430> <6E063324-3FD1-4B14-A0FE-51236FBE5413@glyphein.mailforce.net> From: Kurt Andersen Date: Wed, 14 Feb 2018 08:17:38 -0800 Message-ID: To: Stan Kalisch Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="94eb2c1cb64a3c8d4305652e737c" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 16:17:45 -0000 --94eb2c1cb64a3c8d4305652e737c Content-Type: text/plain; charset="UTF-8" On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch wrote: > > > On Feb 14, 2018, at 1:15 AM, Scott Kitterman > wrote: > > > > As I'm working on an application level implementation of DKIM > > signing/verification with Ed25519 added, I find myself wishing we could > put > > the algorithm in the AR header field. > > > > I think we should because I can imagine downstream consumers wanting to > treat > > rsa-sha1, rsa-sha256, and ed25519-sha256 differently. > I'm happy to include that amongst the other fields that we are adding in the ARC protocol doc or it can go into the DCRUP doc. --Kurt --94eb2c1cb64a3c8d4305652e737c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On W= ed, Feb 14, 2018 at 7:29 AM, Stan Kalisch <stan@glyphein.mailfor= ce.net> wrote:

> On Feb 14, 2018, at 1:15 AM, Scott Kitterman <sklist@kitterman.com> wrote:
>
> As I'm working on an application level implementation of DKIM
> signing/verification with Ed25519 added, I find myself wishing we coul= d put
> the algorithm in the AR header field.
>
> I think we should because I can imagine downstream consumers wanting t= o treat
> rsa-sha1, rsa-sha256, and ed25519-sha256 differently.

I'm happy to include that amongst the other = fields that we are adding in the ARC protocol doc or it can go into the DCR= UP doc.

--Kurt=C2=A0
--94eb2c1cb64a3c8d4305652e737c-- From nobody Wed Feb 14 08:33:09 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 697361270FC for ; Wed, 14 Feb 2018 08:33:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=ixRF7luZ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=iA6YJwde Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8xYBMvbuf3F for ; Wed, 14 Feb 2018 08:33:05 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB380126C2F for ; Wed, 14 Feb 2018 08:33:05 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id CF9E320B5A; Wed, 14 Feb 2018 11:33:04 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 14 Feb 2018 11:33:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=930mZKjM6yvbVCGVx lERtdSxvYuDnQBIW5/1GnnwgQQ=; b=ixRF7luZ3UnyuICXCF5aQAkx16rU7qB4d LXYzKNAL5XAl3SiMr4TEnddc8F6tItNJUuiVUGNe8oEn+Q/5l5MwcELW2bEJnJN4 kb/ZKRt5VgiKycERtybtNgSFhoR/rdpKmW1bKd/SkyUmj7r6b8LDbo1qeZsR9QQ6 n30YTP/VQSWqzj1Fbs3n//cA1M3xLV7PBlmvA9PKPFU1jjMaYakWVIuaP90AAJ2P Vyr+VaXLSJ/2IAX+2omsXUxPWAx8F5cZyCCI6shwz34QIjCRhhMnWeWSP/v6iehG 4gNN3TTMaC4FPGTsVyecCr+Mctxr3ZX5rNp0qLYZ7aV3BKA/YqHpw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=930mZK jM6yvbVCGVxlERtdSxvYuDnQBIW5/1GnnwgQQ=; b=iA6YJwdeezmg5z2F5CDS7m bdRYrWMYlBSb+dEDkkAFDZp6Z5Y0CThWjREDXKUr70AfYxxf7FKqmpV+7fgFOyBE WAoqk+E0tFPaOChY824QhDxq8V515Q1FhA1TtpD4l4NW1+1A8TAvw79q/YO3m8r8 yCZPquy2+wv8gSBlGL57u+P3plqj2RkH9PKXlRjAJg9181T3tDiY3YfMpbgHnwrd geczHHIMFO8S7mtI3N73uVn3bLkKfW3f6HSrAsqmO8ygqGEwuozrHXR+4Gj9FEkw c+XbaMBFK8Dvubg1GHNHBS9rh6mHlgfAs/UOacz9zAlB10oL2hO3e31hp8vls8TA == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 6BC277E4A8; Wed, 14 Feb 2018 11:33:04 -0500 (EST) References: <1758927.omyoBIiuhu@kitterma-e6430> <6E063324-3FD1-4B14-A0FE-51236FBE5413@glyphein.mailforce.net> In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-2925A61B-A725-4DFC-A377-DCD5ACF8CC29 Message-Id: Cc: dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Wed, 14 Feb 2018 11:33:02 -0500 To: Kurt Andersen Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 16:33:08 -0000 --Apple-Mail-2925A61B-A725-4DFC-A377-DCD5ACF8CC29 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > On Feb 14, 2018, at 11:17 AM, Kurt Andersen wrote: >=20 >> On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch wrote: >>=20 >> > On Feb 14, 2018, at 1:15 AM, Scott Kitterman wro= te: >> > >> > As I'm working on an application level implementation of DKIM >> > signing/verification with Ed25519 added, I find myself wishing we could= put >> > the algorithm in the AR header field. >> > >> > I think we should because I can imagine downstream consumers wanting to= treat >> > rsa-sha1, rsa-sha256, and ed25519-sha256 differently. >=20 > I'm happy to include that amongst the other fields that we are adding in t= he ARC protocol doc or it can go into the DCRUP doc. I'm not against it going into the ARC protocol document, but it seems simple= enough that it would be nice for it to go into something intended for the S= tandards Track. Thanks, Stan= --Apple-Mail-2925A61B-A725-4DFC-A377-DCD5ACF8CC29 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

On Feb 14, 2018, at 11:17 AM, Kurt Andersen <kurta@drkurt.com> wrote:

On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch <stan@glyphein.mailforce.net> wrote:

> On Feb 14, 2018, at 1:15 AM, Scott Kitterman <sklist@kitterman.com> wrote:
>
> As I'm working on an application level implementation of DKIM
> signing/verification with Ed25519 added, I find myself wishing we could put
> the algorithm in the AR header field.
>
> I think we should because I can imagine downstream consumers wanting to treat
> rsa-sha1, rsa-sha256, and ed25519-sha256 differently.

I'm happy to include that amongst the other fields that we are adding in the ARC protocol doc or it can go into the DCRUP doc.

I'm not against it going into the ARC protocol document, but it seems simple enough that it would be nice for it to go into something intended for the Standards Track.


Thanks,
Stan
--Apple-Mail-2925A61B-A725-4DFC-A377-DCD5ACF8CC29-- From nobody Wed Feb 14 08:52:04 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2DD12D778 for ; Wed, 14 Feb 2018 08:52:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.99 X-Spam-Level: X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgnhBf9kqUkh for ; Wed, 14 Feb 2018 08:52:00 -0800 (PST) Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D6F912D72F for ; Wed, 14 Feb 2018 08:52:00 -0800 (PST) Received: by mail-qt0-x232.google.com with SMTP id g14so8506415qti.2 for ; Wed, 14 Feb 2018 08:52:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ViGHqKabYIMGBpNUygy7ktYKU9L1AY8sRmP/m2ugTgw=; b=MZfp7/qEmwObZdOPAL9Cn6poE/2R3GNi27z4hpeDkr91s4Zp291vp795sblEdU4v3Q +mSHX2PDvIXXmf960m2bqd/bcejngPr5JfFvxuRz4cMe0ORGqDQnGZV/Q9sJKfSn82bn ChrthjLy7pCmJctJ2eKcTYWmqTWLkOD8tjyReEOPJ6qKv7LX/YVD8EGm6p88EAU8w2fZ liC1B2HyfaBj/XN+RxdZ1ocpWOy0fr+EGKysbyUGldHcSrA4egs6lGHnQ/du+ku6362G VaYq8l15wMP8w9OZIwoa0x2+29LY/6erFPTBQnX7TpoaERZB7oOxFI2j7C0sFbwURB/7 wwTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ViGHqKabYIMGBpNUygy7ktYKU9L1AY8sRmP/m2ugTgw=; b=mac11kMsUBVrbvNFTUBbt4P1Km+08pAPpweekSRwR0zifQUH4lwzFoD0MYrg9IC20K ypbF+z1PtdWBgX3Kz/19xm+bTi6hBIbUzh+fu89iG+BiUiX+p25LUe4jPSQHaiD4LpM3 /ef4apZ3f5gadRx9nswBGcnzNIhcmxYVZoYq2JE87JjbbZ11qh/Oga4xZ0YqyEidrptY zQSLe1uPoBffSYEqte+cBfGy0I26RBmSmsLxxgJmJLcI7tEHV3zhmklLOEm5cZxWL2lE Chr3xJuZEQuhmddPNjGvg9K73Gxpv/SsGs3hsaNw3GJ0t+N3QzmBClarJ0EyAfTaCoPo ZZMg== X-Gm-Message-State: APf1xPCBmKPcIsp0QcxUiY5GWrE+SDzikRwXidQN5ionJOonAelHIjdR OsGVT2T36eb95Py39SHo1uoqeA/jULdEBOjaqxH/qWVz X-Google-Smtp-Source: AH8x2267wbwqGHGxgwY5rHDhMTwl1b4tWJ7AwKmsbwh66CFHr8y3X1zT2L0iLM/Wi40TcfqzMtiXJ05ach7DRbR2qMA= X-Received: by 10.200.15.33 with SMTP id e30mr8475287qtk.261.1518627119158; Wed, 14 Feb 2018 08:51:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.27.220 with HTTP; Wed, 14 Feb 2018 08:51:38 -0800 (PST) In-Reply-To: References: <1758927.omyoBIiuhu@kitterma-e6430> <6E063324-3FD1-4B14-A0FE-51236FBE5413@glyphein.mailforce.net> From: Seth Blank Date: Wed, 14 Feb 2018 08:51:38 -0800 Message-ID: To: dcrup@ietf.org Content-Type: multipart/alternative; boundary="94eb2c046fbefbefb805652eed38" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 16:52:03 -0000 --94eb2c046fbefbefb805652eed38 Content-Type: text/plain; charset="UTF-8" We were planning on defining header.s in ARC now that 7601bis is moving forward. But the standards track comment is well received. Might it be worthwhile to just create a separate document, as Scott suggested, that defines header.s and header.a together? That would further simplify the ARC document, let these dkim property stamps be standards track, and address the items from this thread. Seth On Wed, Feb 14, 2018 at 8:33 AM, Stan Kalisch wrote: > > On Feb 14, 2018, at 11:17 AM, Kurt Andersen wrote: > > On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch > wrote: > >> >> > On Feb 14, 2018, at 1:15 AM, Scott Kitterman >> wrote: >> > >> > As I'm working on an application level implementation of DKIM >> > signing/verification with Ed25519 added, I find myself wishing we could >> put >> > the algorithm in the AR header field. >> > >> > I think we should because I can imagine downstream consumers wanting to >> treat >> > rsa-sha1, rsa-sha256, and ed25519-sha256 differently. >> > > I'm happy to include that amongst the other fields that we are adding in > the ARC protocol doc or it can go into the DCRUP doc. > > > I'm not against it going into the ARC protocol document, but it seems > simple enough that it would be nice for it to go into something intended > for the Standards Track. > > > Thanks, > Stan > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > > -- Seth Blank | Director of Industry Initiatives E: seth@valimail.com | P: 415.894.2724 --94eb2c046fbefbefb805652eed38 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
We were planning on defining header.s in ARC now that 7601= bis is moving forward.

But the standards track comment i= s well received.

Might it be worthwhile to just cr= eate a separate document, as Scott suggested, that defines header.s and hea= der.a together?

That would further simplify the AR= C document, let these dkim property stamps be standards track, and address = the items from this thread.

Seth

On Wed, Feb 14, 2018 at= 8:33 AM, Stan Kalisch <stan@glyphein.mailforce.net> wrote:

On Feb 14, 2018, at 11= :17 AM, Kurt Andersen <kurta@drkurt.com> wrote:

On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch <stan@glyphein.m= ailforce.net> wrote:
=
> On Feb 14, 2018, at 1:15 AM, Scott Kitterman <sklist@kitterman.com> wrote: >
> As I'm working on an application level implementation of DKIM
> signing/verification with Ed25519 added, I find myself wishing we coul= d put
> the algorithm in the AR header field.
>
> I think we should because I can imagine downstream consumers wanting t= o treat
> rsa-sha1, rsa-sha256, and ed25519-sha256 differently.

I'm happy to include that amongst the other = fields that we are adding in the ARC protocol doc or it can go into the DCR= UP doc.

I&#= 39;m not against it going into the ARC protocol document, but it seems simp= le enough that it would be nice for it to go into something intended for th= e Standards Track.


Thanks,
Stan=

_______________________________________________<= br> Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup




--
=
Seth Blank | Director of Industry Initiatives

E:<= /span> seth@valim= ail.com | P: 415.894.2724

--94eb2c046fbefbefb805652eed38-- From nobody Wed Feb 14 21:43:29 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8C1912D7FB for ; Wed, 14 Feb 2018 21:43:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-Sxg-D1RPqn for ; Wed, 14 Feb 2018 21:43:25 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB25C12025C for ; Wed, 14 Feb 2018 21:43:23 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 3ABA5C40212 for ; Wed, 14 Feb 2018 23:43:22 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518673402; bh=6l7Z5raazbZg95mg/hFIZeMt3GuTRFAFCAEMjHqQpPo=; h=From:To:Subject:Date:In-Reply-To:References:From; b=gElLKvUGM8kA5Y2FHSd1Vainjfwt31N9q6siYnItaS9GSsK5zFUH9ydPmVZ8EROfy 7b3uNu/Rck2tbEg+eHVOXUkCE67K3JpJWor0pYmfiDkkOODhQ+LA7UuVGZTCuOyAll IosZqBO9fw3/8KKV5kynryEWu/egRjM17GTMbOag= From: Scott Kitterman To: dcrup@ietf.org Date: Thu, 15 Feb 2018 00:43:23 -0500 Message-ID: <4936118.HT585htFV3@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <1758927.omyoBIiuhu@kitterma-e6430> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 05:43:28 -0000 I think header.a could either be trivially added to the pending DCRUP document or handled by 7601bis, but I think it's out of scope for the ARC working group, which is where I understand 7601bis is being discussed currently. It could also be a separate document, but I don't think it really warrants that. If it is decided that's the best path, I don't mind writing it. Someone (I'd guess msk, but I'm not picky) decide which path is best. I'll be glad to help however. Scott K On Wednesday, February 14, 2018 08:51:38 AM Seth Blank wrote: > We were planning on defining header.s in ARC now that 7601bis is moving > forward. > > But the standards track comment is well received. > > Might it be worthwhile to just create a separate document, as Scott > suggested, that defines header.s and header.a together? > > That would further simplify the ARC document, let these dkim property > stamps be standards track, and address the items from this thread. > > Seth > > On Wed, Feb 14, 2018 at 8:33 AM, Stan Kalisch > > wrote: > > On Feb 14, 2018, at 11:17 AM, Kurt Andersen wrote: > > > > On Wed, Feb 14, 2018 at 7:29 AM, Stan Kalisch > > > > wrote: > >> > On Feb 14, 2018, at 1:15 AM, Scott Kitterman > >> > >> wrote: > >> > As I'm working on an application level implementation of DKIM > >> > signing/verification with Ed25519 added, I find myself wishing we could > >> > >> put > >> > >> > the algorithm in the AR header field. > >> > > >> > I think we should because I can imagine downstream consumers wanting to > >> > >> treat > >> > >> > rsa-sha1, rsa-sha256, and ed25519-sha256 differently. > > > > I'm happy to include that amongst the other fields that we are adding in > > the ARC protocol doc or it can go into the DCRUP doc. > > > > > > I'm not against it going into the ARC protocol document, but it seems > > simple enough that it would be nice for it to go into something intended > > for the Standards Track. > > > > > > Thanks, > > Stan > > > > _______________________________________________ > > Dcrup mailing list > > Dcrup@ietf.org > > https://www.ietf.org/mailman/listinfo/dcrup From nobody Thu Feb 15 03:24:56 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F8E127275 for ; Thu, 15 Feb 2018 03:24:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPgAk2ojvIEv for ; Thu, 15 Feb 2018 03:24:53 -0800 (PST) Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CBDC124BE8 for ; Thu, 15 Feb 2018 03:24:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1518693891; bh=pk8YQdSSRHOFIe2n7njeeD0y6gz+lYPiYLTPYV5nGLc=; l=655; h=To:References:From:Date:In-Reply-To; b=cPnBvuH2tX8FrHGQN5X8E7GF8kvZey+092fBJlvTP0HDYP9xAfE0nhDalT4b2WpsW Wwq5dBRgl17JsVf0vMB7URVBNPH36i8MD2hwnf6IR/SjfaKPvfSF9sA+3R3Ktb9yEA J2RSswPjqQ6vNnFQtCEsOVSsW3g3IS52P8vXbjIs= Authentication-Results: tana.it; auth=pass (details omitted) Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 15 Feb 2018 12:24:51 +0100 id 00000000005DC0CC.000000005A856E03.0000589B To: dcrup@ietf.org References: <1758927.omyoBIiuhu@kitterma-e6430> <4936118.HT585htFV3@kitterma-e6430> From: Alessandro Vesely Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00 Message-ID: <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> Date: Thu, 15 Feb 2018 12:24:51 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <4936118.HT585htFV3@kitterma-e6430> Content-Type: text/plain; charset=us-ascii Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 11:24:55 -0000 On Thu 15/Feb/2018 06:43:23 +0100 Scott Kitterman wrote: > I think header.a could either be trivially added to the pending DCRUP document > or handled by 7601bis, but I think it's out of scope for the ARC working > group, which is where I understand 7601bis is being discussed currently. The algorithm could be deduced from the selector if one takes the bother to retrieve and parse that record. If it is a useful addition to A-R header fields, by the same token it would be useful to read the algorithm in aggregate feedback records. As it introduces the new algorithm, dcrup-dkim-crypto can meaningfully make both additions. jm2c Ale -- From nobody Thu Feb 15 04:43:44 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F7212D961 for ; Thu, 15 Feb 2018 04:43:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiO3KhxmHsHc for ; Thu, 15 Feb 2018 04:43:41 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E183E12D964 for ; Thu, 15 Feb 2018 04:43:40 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id B160FC401F9 for ; Thu, 15 Feb 2018 06:43:37 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518698617; bh=4G0cHJhf3AFePAYVJILolGQlE74B+lyd/u+WBN4+u2s=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ZovkOOmc2542jzX/iEEysIyfKkWwpmR60YpLv3JaYZ0QhZ03hPkR9oPboD6qOmv0Y XLhFGS6HWy/V3kfIwGll7nP+r0dDISgp0q2oWIqVA1xqu3SkpRYyK32ng0dxETk/fR U/4DVbOGiHeQgJ0PjwzTxOorgYs7yoNRB+ZWH9No= From: Scott Kitterman To: dcrup@ietf.org Date: Thu, 15 Feb 2018 07:43:39 -0500 Message-ID: <15662047.3tNXzNzPZ2@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> References: <1758927.omyoBIiuhu@kitterma-e6430> <4936118.HT585htFV3@kitterma-e6430> <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 12:43:43 -0000 On Thursday, February 15, 2018 12:24:51 PM Alessandro Vesely wrote: > On Thu 15/Feb/2018 06:43:23 +0100 Scott Kitterman wrote: > > I think header.a could either be trivially added to the pending DCRUP > > document or handled by 7601bis, but I think it's out of scope for the ARC > > working group, which is where I understand 7601bis is being discussed > > currently. > The algorithm could be deduced from the selector if one takes the bother to > retrieve and parse that record. If it is a useful addition to A-R header > fields, by the same token it would be useful to read the algorithm in > aggregate feedback records. As it introduces the new algorithm, > dcrup-dkim-crypto can meaningfully make both additions. Only in part. You can distinguish rsa and ed25519 from the DNS record, but not rsa-sha1 versus rsa-sha256. I agree it would be useful in DMARC FBR, but I think that should be dealt with separately. Scott K From nobody Thu Feb 15 09:54:34 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5421E126CE8 for ; Thu, 15 Feb 2018 09:54:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=EQgqvLy8; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Cq5C9ITj Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHaReMTvxp86 for ; Thu, 15 Feb 2018 09:54:30 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4419612422F for ; Thu, 15 Feb 2018 09:54:30 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 1D9B320A9C for ; Thu, 15 Feb 2018 12:54:29 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Thu, 15 Feb 2018 12:54:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=KaHl+dVTuN1X6pZzqTqe6414iCxYN A2jEwrZ2JD+PW8=; b=EQgqvLy8c2s+AwjdYlnQh8rfuIGevTgZ04e7UQpbWn0Qm ZVkmUId1EivlUImLmvJ+9WtEcGVUkaJXm15V2bwxJlQxexV2O/2haFgVfYQUR1Hy PMeyMVSahqItNRXqICOhzXhyIleEkVqTXRZhoJDoE2w9j9uri7zz4KbfPj89dNA7 nKb5hvnR0vnySnX1aIvSkLMWPxoDm3oz9+LCMhAO8XNRm8V9v1lkh7v40dwcR3le rmp68VzoXKN9xMZB8iwuDrOiP30UrcxtzyRNdXDSSGjTfjb6xBoT4tO57T3Xp6D+ Dd+L3fwvGhd0K3OuwwqBR4w05qjHoOQe/ulMT3fHQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=KaHl+d VTuN1X6pZzqTqe6414iCxYNA2jEwrZ2JD+PW8=; b=Cq5C9ITjidjGL//IEXy/pU n7jfn75TfiNz9oCGOvOnHfaXywC7UQDPF7XWqQLDPYfi3+R1/K8wdO8XwJ3l0y0w GysrRV3CNru78rUHkcTUxuJbD2qAwk6jliHpxttk4pwg59InSLZGeW89pzPCWEFV 6Zx+TzRtyr8Fle8vFC31ZP2PrDqoRIOhL5f4GWBS1PtlpZJ0heAUYkl76iI9ptY4 07oZtUyRYXNd3llYzq+15Ibg8vFOagTdPvHFag3Z2VDu3iKkN2kbBB7Ss1U8soZt +0oKsCjrZWJjeYlJStH2gfe4Ulogb5oMk87cWAcB0gvTEk8WZwTqhGE+pTNnG8kw == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 947E97E5F1 for ; Thu, 15 Feb 2018 12:54:28 -0500 (EST) References: <1758927.omyoBIiuhu@kitterma-e6430> <4936118.HT585htFV3@kitterma-e6430> <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> <15662047.3tNXzNzPZ2@kitterma-e6430> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <15662047.3tNXzNzPZ2@kitterma-e6430> Message-Id: <0EB99133-0CA9-41BB-8810-20568B5DC436@glyphein.mailforce.net> Date: Thu, 15 Feb 2018 12:54:25 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 17:54:32 -0000 > On Feb 15, 2018, at 7:43 AM, Scott Kitterman wrote:= >=20 >> On Thursday, February 15, 2018 12:24:51 PM Alessandro Vesely wrote: >>> On Thu 15/Feb/2018 06:43:23 +0100 Scott Kitterman wrote: >>> I think header.a could either be trivially added to the pending DCRUP >>> document or handled by 7601bis, but I think it's out of scope for the AR= C >>> working group, which is where I understand 7601bis is being discussed >>> currently. >> The algorithm could be deduced from the selector if one takes the bother t= o >> retrieve and parse that record. If it is a useful addition to A-R header= >> fields, by the same token it would be useful to read the algorithm in >> aggregate feedback records. As it introduces the new algorithm, >> dcrup-dkim-crypto can meaningfully make both additions. >=20 > Only in part. You can distinguish rsa and ed25519 from the DNS record, bu= t=20 > not rsa-sha1 versus rsa-sha256. And, not surprisingly at all, it was the distinction between the latter two I= was most interested in. Thanks, Stan > I agree it would be useful in DMARC FBR, but I think that should be dealt w= ith=20 > separately. >=20 > Scott K >=20 > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup From nobody Thu Feb 15 12:01:42 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56F6212D7E8 for ; Thu, 15 Feb 2018 12:01:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=MtDoy39L; dkim=pass (1536-bit key) header.d=taugh.com header.b=kMMIQ+bo Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ktZXkIpjMC0 for ; Thu, 15 Feb 2018 12:01:39 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EA5712D80E for ; Thu, 15 Feb 2018 12:01:36 -0800 (PST) Received: (qmail 22959 invoked from network); 15 Feb 2018 20:01:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=59ac.5a85e71e.k1802; bh=scA2JtZaR8Y2nbu8+x+YybtIdu/NjvCUGPEJisSvPA0=; b=MtDoy39LXYWvttvS4tzyc8oPqvQg89mdb3ErmHibIwYkoSdWjorVq5LweOX/lK7Nq+diTrP3PH5yg8s20icRa1y0ckK0AWYyr6TPXCGxYs6IVzxfvRvmzMMrvamD4yIssvke07y1HcjFSfstqkD04k11Hh4xHjewgjdA3MVjVbNYBO3TVlhBRi8Wb6ioeWBaGot3vF2PxnNlwt0iwJrNoEltlEpjwe05KdLqtV2WrtJcoOKsmSpOWwDtCqw8MNqv DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=59ac.5a85e71e.k1802; bh=scA2JtZaR8Y2nbu8+x+YybtIdu/NjvCUGPEJisSvPA0=; b=kMMIQ+boLySsKsjDKl9hr5UmiWcO9KlhMcOe8o5bRh+2yV2nFkpavJz1uIW1/MEXlgY+bwcIuRN2CAR/7pYSsPV186DzB+ucis3seLA8Fwo3noBqFOJGxoi+SKahdfS3xM1RMPK5dR5fRKNXvSvke6RND8hcet1Gm/KIfpeQ7pwu86WrSgmcVeU72f+ydMTyLUbGDPsZrY7dXErb5Skc/fI0K/UFqDvz/KA4utTsls3f53+W+qEKR08oJ716RDuc Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 15 Feb 2018 20:01:34 -0000 Received: by ary.qy (Postfix, from userid 501) id 43D021B4FDCA; Thu, 15 Feb 2018 15:01:33 -0500 (EST) Date: 15 Feb 2018 15:01:33 -0500 Message-Id: <20180215200134.43D021B4FDCA@ary.qy> From: "John Levine" To: dcrup@ietf.org Cc: sklist@kitterman.com In-Reply-To: <4936118.HT585htFV3@kitterma-e6430> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 20:01:41 -0000 In article <4936118.HT585htFV3@kitterma-e6430> you write: >I think header.a could either be trivially added to the pending DCRUP document >or handled by 7601bis, but I think it's out of scope for the ARC working >group, which is where I understand 7601bis is being discussed currently. Maybe, maybe not. ARC is deliberately adapting as much of DKIM as it can, so if there's a .a item for DKIM there's likely to be one for ARC, too. From nobody Thu Feb 15 12:34:45 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78EEB126BF7 for ; Thu, 15 Feb 2018 12:34:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.989 X-Spam-Level: X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cVIvTmahW9s for ; Thu, 15 Feb 2018 12:34:42 -0800 (PST) Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B00124207 for ; Thu, 15 Feb 2018 12:34:42 -0800 (PST) Received: by mail-qt0-x232.google.com with SMTP id c19so1290832qtm.7 for ; Thu, 15 Feb 2018 12:34:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=XdIB9sOkHMnIXgEbTBaDZ2TzH7gJEDGB0DdVLq2g1VM=; b=U7gjn1ZrwmMq2w+dOTy+BrnXL/vAsonxTae8ua8JRSwZkpJpk1a/65GATi3UH+uKPE dvRRG/nH/KW3xbaFh9xU5Ow+oGr8/LtE3DewXgL9NJTKBbZDeaZPDOXzje25eOanCL6I nzXqN3zrefHO8r5IR1suiUWGGM3aWHXN4e5WFooFjBfUMpi0ls8xcB4GEFMrXTOtd5Ij aVxU7h10p0oZwnyy/k2rFtIZo1EsnlT8LDwoAUnXPLE5GGuqMDNi3V9vFa33lwvIy+lX oPrsbCTzUDNT2CVa1PMrp/pbIcpmAlGasHMeMpQBZWHAleVTwKD0xgcDF9D1Y50pWqaK Vz+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=XdIB9sOkHMnIXgEbTBaDZ2TzH7gJEDGB0DdVLq2g1VM=; b=AyVNLjY2TZ6nGIUpx/xsktOILt1qlOpR2F6ly77BqDwWDnrKPAlq2LLDdszUbyxYSH gaqXFzk+rAS0sJVdas8akV3Axo16lUAwlXMN+hBUCtFy+1xtIFQk4lCs8HYpXl3+sKpI ZLYU32eTxYuWv8W1X1k9tfQKIUWgxICe/M8NXJKH0Kp6rJzhVI59Kp5YrIV2hFnpSmkJ K3HieM7CKgX0lYn5C18rS72oyxqGrrBg1Vb1Y4Y4PdQp6tT04FturDS73rhdi0gW7nPo Ud3HoaEM7C5Fw5+ZH+dyGkWtI96IjdfY4di290hNXavmyEqk0jKn4gg0Its0SLCMvTqK YUEg== X-Gm-Message-State: APf1xPBe12C81pDEdpvWS80UiXwXplOklUbaFKKC0ur7k+FWRJY7yPFO GlUcbMjNJOIsN29iI5pnskK8w/wGP6GBsFIIhV8R8GQP X-Google-Smtp-Source: AH8x226U1SitLaZkDiO1tOXGd5LxyynG0BBb7U7uQ9IVqeTA60Ye9BVK8/XdUcloTlD7v0XdR1g0r/C8BakkZxLgT1g= X-Received: by 10.200.15.33 with SMTP id e30mr6123426qtk.261.1518726880927; Thu, 15 Feb 2018 12:34:40 -0800 (PST) MIME-Version: 1.0 References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> In-Reply-To: <20180215200134.43D021B4FDCA@ary.qy> From: Seth Blank Date: Thu, 15 Feb 2018 20:34:30 +0000 Message-ID: To: "dcrup@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c046fbe3fbaa3056546281b" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 20:34:44 -0000 --94eb2c046fbe3fbaa3056546281b Content-Type: text/plain; charset="UTF-8" On Thu, Feb 15, 2018 at 12:01 John Levine wrote: > Maybe, maybe not. ARC is deliberately adapting as much of DKIM as it can, > so if there's a .a item for DKIM there's likely to be one for ARC, too. I concur. Knowing what algorithm was used will also be beneficial for ARC-MULTI. I have no problem adding header.a to the IANA considerations in ARC- but we probably need to take this discussion to the DMARC working group list for consideration before I make that change. The only item to note is that would make these registrations experimental as opposed to standards track. Any objections to moving to DMARC WG for consideration in the ARC spec? Seth > -- Seth Blank | Director of Industry Initiatives E: seth@valimail.com | P: 415.894.2724 --94eb2c046fbe3fbaa3056546281b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Feb 15, 2018 at 12:01 John Levine <johnl@taugh.com> wrote:
Maybe, maybe not.=C2=A0 ARC is deliberately adapting as much of DKIM as it = can,
so if there's a .a item for DKIM there's likely to be one for ARC, = too.

I concur. Kn= owing what algorithm was used will also be beneficial for ARC-MULTI.
<= div dir=3D"auto">
I have no problem adding heade= r.a to the IANA considerations in ARC- but we probably need to take this di= scussion to the DMARC working group list for consideration before I make th= at change.

The only item= to note is that would make these registrations experimental as opposed to = standards track.

Any obj= ections to moving to DMARC WG for consideration in the ARC spec?

Seth
--

Seth Bla= nk | Director of Industry Initiatives

E: <= a href=3D"mailto:seth@valimail.com" target=3D"_blank">seth@valimail.com= | P: 415.894.2724

--94eb2c046fbe3fbaa3056546281b-- From nobody Thu Feb 15 13:11:09 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AF6212D7F6 for ; Thu, 15 Feb 2018 13:11:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=mZ2p4QO4; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WYs6dz94 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UBPFg-5Wuh98 for ; Thu, 15 Feb 2018 13:11:05 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA9A12D831 for ; Thu, 15 Feb 2018 13:11:01 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id D587A20C8D for ; Thu, 15 Feb 2018 16:11:00 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Thu, 15 Feb 2018 16:11:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=MNC91dC+c7hzi/8gFQiztn5v2Sp9Q GpxpyCHgSd0OUI=; b=mZ2p4QO4dj4yPi12QHNF0P+movYBzC1nj9PduJLD87Iuy WY+www/lNqXTwcxF4/kCTV6vP2nVGnmKAvzvsRd2/66vTE5zDQi7GMcIQkZsrix7 JHIMkh5S96P01/mG9oq9JrAgEwypYdK78GcjDlWKn/fZav0y8uqy7SU8RfGAZfl5 C6N1rfJbB12fN5D4MhDC5ufO0Rp7kHJYDdxFd5TvQRr6dDI4PiIKN/fMpFv9tNmc h0WFdNWpnupMWkesrjs/xNregm/GrR+p8rNN8k7+ScN9EweRHermcPtOCDSk6yC9 rxrJyU/2wbkDlAgEGVH0dXTnrqUO2eRx/9Grl4vWQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=MNC91d C+c7hzi/8gFQiztn5v2Sp9QGpxpyCHgSd0OUI=; b=WYs6dz94oDSPfpAV6dNuJv 3KRa5aDBBNxA2NSKqGwqEc8dpONRv6W0VXR8TTEgFh2O7nXBWLGx9bTkaVVFvd1P wHTHfqBWNBtX2M8nkprgQu2PHsYtLCdcI/Qvc8W1WXURvl505NL4oT9oSW+4qreU EQnnP9um/rQRt3CF1Xlzy2uziStUMlphFDSZb6ZBvBifVrUerQrFNsyj5cSEJf8I xU7rS2Ui9ODrhtVwxqw+daqD14aW+/iL+gAMN0eamlxEZAklyWOEIWce9LAslfqb 2RDuxhYKMMPhMQombFvj7QMZJULauKSD8s0P3r1tkQMev4+nFu9PGjRchlSnqyXw == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 853ED7E585 for ; Thu, 15 Feb 2018 16:11:00 -0500 (EST) References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> From: Stan Kalisch Content-Type: multipart/alternative; boundary=Apple-Mail-1CCE6740-1C91-42F0-B23D-BB25343E51C0 X-Mailer: iPhone Mail (13G36) In-Reply-To: Message-Id: Date: Thu, 15 Feb 2018 16:10:57 -0500 To: "dcrup@ietf.org" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 21:11:08 -0000 --Apple-Mail-1CCE6740-1C91-42F0-B23D-BB25343E51C0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > On Feb 15, 2018, at 3:34 PM, Seth Blank wrote: >=20 >> On Thu, Feb 15, 2018 at 12:01 John Levine wrote: >> Maybe, maybe not. ARC is deliberately adapting as much of DKIM as it can= , >> so if there's a .a item for DKIM there's likely to be one for ARC, too. >=20 > I concur. Knowing what algorithm was used will also be beneficial for ARC-= MULTI. >=20 > I have no problem adding header.a to the IANA considerations in ARC- but w= e probably need to take this discussion to the DMARC working group list for c= onsideration before I make that change. >=20 > The only item to note is that would make these registrations experimental a= s opposed to standards track. >=20 > Any objections to moving to DMARC WG for consideration in the ARC spec? Unless the WG (or WGs) thinks it's onerous, I would personally prefer the re= gistrations be tied to the standards track, available to incorporate into th= e experimental ARC spec. Thanks, Stan= --Apple-Mail-1CCE6740-1C91-42F0-B23D-BB25343E51C0 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

On Feb 15, 2018, at 3:3= 4 PM, Seth Blank <seth@valimail.com<= /a>> wrote:

On Thu, Feb 15, 2= 018 at 12:01 John Levine <johnl@taugh.= com> wrote:
Maybe, maybe not.  ARC is deliberately adapting as much of DKIM as it c= an,
so if there's a .a item for DKIM there's likely to be one for ARC, too.

I concur. Knowing what= algorithm was used will also be beneficial for ARC-MULTI.

I have no problem adding header.a to the I= ANA considerations in ARC- but we probably need to take this discussion to t= he DMARC working group list for consideration before I make that change.

The only item to note is tha= t would make these registrations experimental as opposed to standards track.=

Any objections to moving= to DMARC WG for consideration in the ARC spec?

Unless the WG (or WGs) thinks it's onerous, I would persona= lly prefer the registrations be tied to the standards track, available to in= corporate into the experimental ARC spec.


= Thanks,
Stan
= --Apple-Mail-1CCE6740-1C91-42F0-B23D-BB25343E51C0-- From nobody Thu Feb 15 14:36:49 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D5F12DB6D for ; Thu, 15 Feb 2018 14:36:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RavRNN3GlZtX for ; Thu, 15 Feb 2018 14:36:46 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 821A812DB6B for ; Thu, 15 Feb 2018 14:36:46 -0800 (PST) Received: from [10.103.122.197] (mobile-166-170-30-68.mycingular.net [166.170.30.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 23B75C401AD; Thu, 15 Feb 2018 16:36:43 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518734203; bh=uBtXb0kAYCCg5n8RGFUSrJOWiVHsn0+jZ3gvTYmfvXY=; h=Date:In-Reply-To:References:Subject:To:From:From; b=YSDadczPrB+7x8csw/HttTA8VnLDwN9oesyAfs3A43mwaf/li+nBuDvgQQNwjyruu 7CLi/FrWKB6el8DgYkdFQxdSSJpSUyOA4irLUKMM0CoHEh9zAvyKPYZ60le3a05EcX jSIqcxytyJrDeuPr0140UMgxdftuoL3OzITNIt7Q= Date: Thu, 15 Feb 2018 22:36:38 +0000 In-Reply-To: References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org From: Scott Kitterman Message-ID: <4B71DA67-84AA-4A6C-B207-977F08FB99C1@kitterman.com> Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 22:36:48 -0000 On February 15, 2018 9:10:57 PM UTC, Stan Kalisch wrote: > >> On Feb 15, 2018, at 3:34 PM, Seth Blank wrote: >>=20 >>> On Thu, Feb 15, 2018 at 12:01 John Levine wrote: >>> Maybe, maybe not=2E ARC is deliberately adapting as much of DKIM as >it can, >>> so if there's a =2Ea item for DKIM there's likely to be one for ARC, >too=2E >>=20 >> I concur=2E Knowing what algorithm was used will also be beneficial for >ARC-MULTI=2E >>=20 >> I have no problem adding header=2Ea to the IANA considerations in ARC- >but we probably need to take this discussion to the DMARC working group >list for consideration before I make that change=2E >>=20 >> The only item to note is that would make these registrations >experimental as opposed to standards track=2E >>=20 >> Any objections to moving to DMARC WG for consideration in the ARC >spec? > >Unless the WG (or WGs) thinks it's onerous, I would personally prefer >the registrations be tied to the standards track, available to >incorporate into the experimental ARC spec=2E +1=2E There's nothing experimental about this=2E Scott K From nobody Thu Feb 15 17:51:30 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4E1126FDC for ; Thu, 15 Feb 2018 17:51:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDt1R_rP6mmg for ; Thu, 15 Feb 2018 17:51:24 -0800 (PST) Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42514124235 for ; Thu, 15 Feb 2018 17:51:24 -0800 (PST) Received: by mail-lf0-x244.google.com with SMTP id x196so2101633lfd.12 for ; Thu, 15 Feb 2018 17:51:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OQyAvmK6ztl75eBCv8oPe4gI+5kgQvzvyMHq7YWNWJk=; b=FbNXcmXqosumSbvj8wekrMoaVlQ9Ym1AP5MibCELtIT3smG6a9++kAk3ku1Hfwc/r6 eUrVsqBtXOnf9kmowWIVSjcPxLkjsX5sy6IWCpvPyF+mZCUOWsvRYBsnhJOuuwCUNquW HHufXjdY8dJ34qPhi3SNp77mcX108ytvV0hNQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OQyAvmK6ztl75eBCv8oPe4gI+5kgQvzvyMHq7YWNWJk=; b=OYIBdcyDkRv6jhQ/9f2X/PGsTzo3y6Pev7ToEK31kaIIfKaHZuii3mQ074n7FrzPZo ZGvTYSTvnWU4KdPfrUDS8mNC453GScREuZdBiyHO5VLdQvR1DfIgjVmNNA+liQTFxDhn k4y7mn49fnAFw47+9SgwSFIkWKoQsJQiz0qNqVtMSqQKFBENkXP4RLqRIuCkro5qFFAk kKWrRIIgJdApb5UcnnYnyu4WAsIyEfrCm5Ckdyke/Binizr0holRnGCIpMa9Y095SrRb 7Mwe3RRs/kMiZxo3m3DArcwAZbiK3PWiIKwdR/xpJdyNW5NBlJcdX2vcAuE9Bxjbvl3E +y+Q== X-Gm-Message-State: APf1xPC/XY5P35THcYZ4G7eK+pNz+sRLMXERwAgYngZ0GLXvQvV7txUG jfHHaG7jUhg7PjBAImL0cBhPDcO0IHg6xRcH1MSG23HW X-Google-Smtp-Source: AH8x226nvyDx9guzZedEhdl4iMy+z+iNpBoG83m+BUuJQe2xYdMn8cN+u1kHbfgwSkZ0emMnDaqONV7o7aQisnTEPIY= X-Received: by 10.25.32.203 with SMTP id g194mr2891002lfg.101.1518745882374; Thu, 15 Feb 2018 17:51:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.81.206 with HTTP; Thu, 15 Feb 2018 17:51:21 -0800 (PST) In-Reply-To: <4B71DA67-84AA-4A6C-B207-977F08FB99C1@kitterman.com> References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> <4B71DA67-84AA-4A6C-B207-977F08FB99C1@kitterman.com> From: Kurt Andersen Date: Thu, 15 Feb 2018 17:51:21 -0800 Message-ID: To: Scott Kitterman Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a1146d456d2cecb05654a945e" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 01:51:27 -0000 --001a1146d456d2cecb05654a945e Content-Type: text/plain; charset="UTF-8" On Thu, Feb 15, 2018 at 2:36 PM, Scott Kitterman wrote: > > > On February 15, 2018 9:10:57 PM UTC, Stan Kalisch < > stan@glyphein.mailforce.net> wrote: > > > >Unless the WG (or WGs) thinks it's onerous, I would personally prefer > >the registrations be tied to the standards track, available to > >incorporate into the experimental ARC spec. > > +1. There's nothing experimental about this. > I agree - and there seems to be a bit of a weirdness about what IANA actions would be related to experiments anyway. Somewhat like the failure to register all of the DKIM ptypes in the first place :-) I know that lots of folks will happily report unregistered ones without concern for the lack of IANA registration. --Kurt --001a1146d456d2cecb05654a945e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On T= hu, Feb 15, 2018 at 2:36 PM, Scott Kitterman <sklist@kitterman.com= > wrote:

On February 15, 2018 9:10:57 PM UTC, Stan Kalisch <stan@glyphein.mailforce.net> wrote:
>
>Unless the WG (or WGs) thinks it's onerous, I would personally pref= er
>the registrations be tied to the standards track, available to
>incorporate into the experimental ARC spec.

+1.=C2=A0 There's nothing experimental about this.

I agree - and there seems to be a bit of a weirdness= about what IANA actions would be related to experiments anyway. Somewhat l= ike the failure to register all of the DKIM ptypes in the first place :-) I= know that lots of folks will happily report unregistered ones without conc= ern for the lack of IANA registration.

--Kurt=C2= =A0

--001a1146d456d2cecb05654a945e-- From nobody Fri Feb 16 00:01:16 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8331F120721 for ; Fri, 16 Feb 2018 00:01:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7PF2_9Sr8ul for ; Fri, 16 Feb 2018 00:01:13 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6F181200E5 for ; Fri, 16 Feb 2018 00:01:12 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 0C116C40109 for ; Fri, 16 Feb 2018 02:01:10 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518768070; bh=EMQmARjVb+P9h2s9+xn9EmCpWTF3KCUoQLEUa+M5dJg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ZQmyBvkOeVuTJ6igtgqpXb+NKRk0M+hy+NyrZd8ZzhxZfBmJ5+W4BJE7TbzMOGwjL Okh+IsKkEdKyr5Y3kWGt6MLVzOrCP7nxxFCutE2APEXAOCJvTPi9rDolXaz0mQnwtb kUGvCBgxaW1puHwolYY0Rghxnthh3gwlkoAvTknU= From: Scott Kitterman To: dcrup@ietf.org Date: Fri, 16 Feb 2018 03:01:11 -0500 Message-ID: <3229921.0GCJLFsULQ@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 08:01:15 -0000 On Thursday, February 15, 2018 08:34:30 PM Seth Blank wrote: > On Thu, Feb 15, 2018 at 12:01 John Levine wrote: > > Maybe, maybe not. ARC is deliberately adapting as much of DKIM as it can, > > so if there's a .a item for DKIM there's likely to be one for ARC, too. > > I concur. Knowing what algorithm was used will also be beneficial for > ARC-MULTI. > > I have no problem adding header.a to the IANA considerations in ARC- but we > probably need to take this discussion to the DMARC working group list for > consideration before I make that change. > > The only item to note is that would make these registrations experimental > as opposed to standards track. > > Any objections to moving to DMARC WG for consideration in the ARC spec? I did it slightly differently. I proposed 7601bis changes there. Scott K From nobody Fri Feb 16 07:22:07 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E08E120454 for ; Fri, 16 Feb 2018 07:22:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=nnwmJQQC; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=n0a9cEQY Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTGymLz5c2V6 for ; Fri, 16 Feb 2018 07:22:04 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70708124BFA for ; Fri, 16 Feb 2018 07:22:04 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id B91F720C6F for ; Fri, 16 Feb 2018 10:22:03 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Fri, 16 Feb 2018 10:22:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=9ApPsO2oHWgz+pz3Vf9xEdg+j3pMs hETKxhAL7Tw6e0=; b=nnwmJQQCN/HOfMuq/kiW4VvSAY1NKOb4fI0zS/OPXGIuh ZSA0MAToqcid+D8RhmbBFZqKUBOvjG20s6fTQ9HJX3UX63uok9NNq1A+SzoDdFdB wH2aERcx46f1oP2MF+ZlUQXNXZlNAsJgmL0EgrI212Est599pgFGoLby+3FAcNkh JZ5Ya083Dvdb3EO6FJ//C3FsNCYLp/whGQVE0Rcl+gNIyzOTQosmpdRRkk4y2ePS xwvAqWesJYHiC/h0p48BK7jEYhZcKb/w5tEeBdBE0nH2vxlgNNeBuF40hwoSo78f G7Oc3qq0MOV0yPu4K+yv5Ldf1WEXi/aFWSDHHgO8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=9ApPsO 2oHWgz+pz3Vf9xEdg+j3pMshETKxhAL7Tw6e0=; b=n0a9cEQY6SIe4mQSbyeTDc LM5VfFM8wM7wkWYdJlXlYdPAVquT7aPLqtY0ILeJPwYckXzASOKIPPwz4CxuM4A+ 3M/cCWgZzMJkJlV28aM41nqXfSWjFN/UCQFUBVsJ+jsy/JCtNfRsEqnE72RtE90s ETC3OldSDq8fdlp8qqKHHth+/PNMjQqnfEY5CKt3LIwviZa/uQMdLZPVf4aN6bB3 MfG93EabEdTSnofVXEqF801sUrPqMCR4se6nPJo5n1VkR7BAJVTNRmJbk8L7JKg8 X7LgJJSN2Lc4eyJ0P1iMNPz4Q8ZyDQrjWj1RLYmgi4SqEQMhdeorgEQ3h0KGSo/w == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 74A427E537 for ; Fri, 16 Feb 2018 10:22:03 -0500 (EST) References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> <3229921.0GCJLFsULQ@kitterma-e6430> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <3229921.0GCJLFsULQ@kitterma-e6430> Message-Id: Date: Fri, 16 Feb 2018 10:22:00 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 15:22:06 -0000 On Feb 16, 2018, at 3:01 AM, Scott Kitterman wrote: >> Any objections to moving to DMARC WG for consideration in the ARC spec? >=20 > I did it slightly differently. I proposed 7601bis changes there. This was my own feeling on where it seems to best fit, since the point of 76= 01bis is to basically lend ARC a helping hand from the standards track. Tha= nks for this. Stan= From nobody Fri Feb 16 07:28:16 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98FE4120454 for ; Fri, 16 Feb 2018 07:28:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=jPR7N43Q; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=v0EsiE6N Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrlIfdm67PnP for ; Fri, 16 Feb 2018 07:28:12 -0800 (PST) Received: from ftp.catinthebox.net (pop3.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 695E312D88D for ; Fri, 16 Feb 2018 07:28:05 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2309; t=1518794876; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=HeE27xbs/w0b5Oj69vGaF19Gbmg=; b=jPR7N43Q7mQ9pGIvzEoKjcd0H+qWKTFdAyKZXQpoZagArwS6hut9af1TvajJM8 Ptto4rvdpijXFNOJxd/IH6iey9wcpjOl8ygZZyvjbVAWt1BBAItHnAEuGzkPyw6K gleEnO/K8ZMJlkHju/gCXbTjgsiajHNB/RUKkLxhXcwT8= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 10:27:56 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 73587782.1.2988; Fri, 16 Feb 2018 10:27:54 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2309; t=1518794566; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=IqghH9z 9EVpf3agkMdxXc2TD8ZHpT4WG0qclMHc2prs=; b=v0EsiE6NbqyyAtsMlxSAYMC 9hpRpp5KbMD2MsmJ7PTtrgYi9TfmIbM8aBVgLcFuNjaRFxjw2DE7qKUhLGL7hhJx jDAAdvuMshG38a2fCgMnMsWMCd7q7r0DcnqMKUh3clz9diifi0c/y9imCGa11usL fURbXM+bgIN5icYJ2S40= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 10:22:46 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 73472627.9.196484; Fri, 16 Feb 2018 10:22:45 -0500 Message-ID: <5A86F87D.4040009@isdg.net> Date: Fri, 16 Feb 2018 10:27:57 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: Kurt Andersen , Scott Kitterman CC: dcrup@ietf.org References: <4936118.HT585htFV3@kitterma-e6430> <20180215200134.43D021B4FDCA@ary.qy> <4B71DA67-84AA-4A6C-B207-977F08FB99C1@kitterman.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 15:28:14 -0000 On 2/15/2018 8:51 PM, Kurt Andersen wrote: > On Thu, Feb 15, 2018 at 2:36 PM, Scott Kitterman > wrote: > > > On February 15, 2018 9:10:57 PM UTC, Stan Kalisch > > > wrote: > > > >Unless the WG (or WGs) thinks it's onerous, I would personally prefer > >the registrations be tied to the standards track, available to > >incorporate into the experimental ARC spec. > > +1. There's nothing experimental about this. > > > I agree - and there seems to be a bit of a weirdness about what IANA > actions would be related to experiments anyway. Somewhat like the > failure to register all of the DKIM ptypes in the first place :-) I > know that lots of folks will happily report unregistered ones without > concern for the lack of IANA registration. And that shouldn't be an issue as long as it matches the same "namespace" as the header, e.g. like for your DKIM header: Authentication-Result: dkim.winserver.com ... dkim=fail (DKIM_BODY_HASH_MISMATCH) header.d=drkurt.com header.s=20130612 header.i=drkurt.com header.a=rsa-sha256; Adding "header.a=rsa-sha256" to the DKIM= section should not be a technical conflict. The technical implementation issue may occur when a failure is assumed due to an unexpected, unwanted, newly restricted hash. For example, key has k=ed25519 and the signature has a=rsa-sha256. The fact that we are doing this hashing update will probably mean we may see more non-matching hashing algorithms verification results. So maybe a "key.k=" field can also be added to the DKIM= namespace to help with evaluators or reporters why the verification failed: Authentication-Result: dkim.winserver.com ... dkim=fail (DKIM_KEY_HASH_MISMATCH) header.d=drkurt.com header.s=20130612 header.i=drkurt.com header.a=rsa-sha256 key.k=ed25519; My point is, you are right, whatever it takes for new implementations to experiment and explore this. For local evaluator consumption, local verifiers will add/pass whatever info as necessary. I did it with DKIM ADSP/ATPS work and it will probably continue as the experimentation continues with no solid protocol logic and background yet established. -- HLS From nobody Fri Feb 16 10:01:25 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E0612D945 for ; Fri, 16 Feb 2018 10:01:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nRd_k9aZts4U for ; Fri, 16 Feb 2018 10:01:15 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C81D9124C27 for ; Fri, 16 Feb 2018 10:01:13 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id D37E1C40109 for ; Fri, 16 Feb 2018 12:01:10 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518804070; bh=Ephen0A/Qu+/9uWSuosuqwl1uchYTaU62+2GPoejIo4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=OciwqyTTaL90DRIq16pAbfptqA1KjbhkvDpwf10MGWjBFjg0NPWoxYKxB/G/zmPCq fUsAEvtMMtS16i6knbqH9OBMJn3SCjDjiBw76lHVsSs83+KB7IcLYb1ZXoE3RB+EEg EBPozmyttkZ7JWFYfk3iVQRw7JV8nh8RTsoGwDvw= From: Scott Kitterman To: dcrup@ietf.org Date: Fri, 16 Feb 2018 13:01:12 -0500 Message-ID: <11779035.bDf09ezvqY@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <5A86F87D.4040009@isdg.net> References: <4936118.HT585htFV3@kitterma-e6430> <5A86F87D.4040009@isdg.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 18:01:20 -0000 On Friday, February 16, 2018 10:27:57 AM Hector Santos wrote: > On 2/15/2018 8:51 PM, Kurt Andersen wrote: > > On Thu, Feb 15, 2018 at 2:36 PM, Scott Kitterman > > > > wrote: > > On February 15, 2018 9:10:57 PM UTC, Stan Kalisch > > > > > > > wrote: > > >Unless the WG (or WGs) thinks it's onerous, I would personally prefer > > >the registrations be tied to the standards track, available to > > >incorporate into the experimental ARC spec. > > > > +1. There's nothing experimental about this. > > > > I agree - and there seems to be a bit of a weirdness about what IANA > > actions would be related to experiments anyway. Somewhat like the > > failure to register all of the DKIM ptypes in the first place :-) I > > know that lots of folks will happily report unregistered ones without > > concern for the lack of IANA registration. > > And that shouldn't be an issue as long as it matches the same > "namespace" as the header, e.g. like for your DKIM header: > > Authentication-Result: dkim.winserver.com > ... > dkim=fail (DKIM_BODY_HASH_MISMATCH) > header.d=drkurt.com > header.s=20130612 > header.i=drkurt.com > header.a=rsa-sha256; > > Adding "header.a=rsa-sha256" to the DKIM= section should not be a > technical conflict. That's what is proposed. > The technical implementation issue may occur when a failure is assumed > due to an unexpected, unwanted, newly restricted hash. For example, > key has k=ed25519 and the signature has a=rsa-sha256. The fact that > we are doing this hashing update will probably mean we may see more > non-matching hashing algorithms verification results. So maybe a > "key.k=" field can also be added to the DKIM= namespace to help with > evaluators or reporters why the verification failed: > > Authentication-Result: dkim.winserver.com > ... > dkim=fail (DKIM_KEY_HASH_MISMATCH) > header.d=drkurt.com > header.s=20130612 > header.i=drkurt.com > header.a=rsa-sha256 > key.k=ed25519; That would require a much more invasive change. Currently all the information in the A-R field is from the DKIM signature header field (thus the ptype header). Taking the 'k' tag from the DNS record would need a new ptype. Since the only software that would know to do this would have to be updated to account for multiple algorithms, it would be likely that they'd at least not make this kind of basic error. This kind of reporting really only has utility for legacy systems that are, by definition, unable to do it. In any case, from the very beginning, DKIM has warned to ignore new algorithms (this is RFC 6376, but it goes back to the start of DKIM): 3.3.4. Other Algorithms Other algorithms MAY be defined in the future. Verifiers MUST ignore any signatures using algorithms that they do not implement. Since this is the first time we added a new algorithm, there may be bugs, but modifying A-R isn't going to help us find them. > My point is, you are right, whatever it takes for new implementations > to experiment and explore this. For local evaluator consumption, local > verifiers will add/pass whatever info as necessary. I did it with > DKIM ADSP/ATPS work and it will probably continue as the > experimentation continues with no solid protocol logic and background > yet established. It's a pretty trivial addition. I updated the python authres module yesterday to accommodate this (version 1.0.2 for those that care) and it took longer to write a test than to write the code. Scott K From nobody Fri Feb 16 13:06:09 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006D7129C5D for ; Fri, 16 Feb 2018 13:06:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKhQR2p-v9z1 for ; Fri, 16 Feb 2018 13:06:05 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4702B126BF0 for ; Fri, 16 Feb 2018 13:06:05 -0800 (PST) Received: (qmail 99286 invoked from network); 16 Feb 2018 21:06:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=183d3.5a8747bc.k1802; bh=qATwQ8N+4iewOykEAEjeQZBq6HHB2xGS8gAgRK2r7hc=; b=Rv7806sWaucJ2JEnW/FryZeBn9kgtorc5vmLehQLxbkYSPBgq9XU6SRZsG6sLC4Wy53nVZdz3JqJ1v7hC1QDgNRamI9jSc7rM1OL5/tC2TTucG/djEqCCjhGPDRI2PZOKOfCv3M4hCwBBgYK+dh4LAKhPUAhJobJWmpStIzgI5MBLCuz4YpsfFfFYA1gMoXctrImTizIiPehgnwwuY+RqwWQoTDUawgUwCl7IWZJAxYUqKi6drpaMr09/F3sXQ5K Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 16 Feb 2018 21:06:04 -0000 Date: 16 Feb 2018 16:06:03 -0500 Message-ID: From: "John R. Levine" To: "Scott Kitterman" Cc: dcrup@ietf.org In-Reply-To: <11779035.bDf09ezvqY@kitterma-e6430> References: <4936118.HT585htFV3@kitterma-e6430> <5A86F87D.4040009@isdg.net> <11779035.bDf09ezvqY@kitterma-e6430> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 21:06:07 -0000 >> header.a=rsa-sha256; >> >> Adding "header.a=rsa-sha256" to the DKIM= section should not be a >> technical conflict. > > That's what is proposed. Yup. Already implemented it on my server. >> The technical implementation issue may occur when a failure is assumed >> due to an unexpected, unwanted, newly restricted hash. For example, >> key has k=ed25519 and the signature has a=rsa-sha256. ... I agree this is overkill. If you see verifications failing due to screwed up keys, it's easy enough to go back and look. No doubt some people won't RTFM and will try and put both RSA and ED25519 keys at the same selector, but as we all know there's an unlimited number of ways to do things wrong, and it's not very productive to try and guess what mistakes people will make. For example, wrong key type is one kind of error, but two keys at the same name is a different kind of error. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Fri Feb 16 18:41:37 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32421126CF6 for ; Fri, 16 Feb 2018 18:41:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=EEzStuJG; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=iQeKZmb2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjZnHlljDWlQ for ; Fri, 16 Feb 2018 18:41:34 -0800 (PST) Received: from news.winserver.com (secure.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id D2C2A12426E for ; Fri, 16 Feb 2018 18:41:33 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=979; t=1518835291; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=lDsLy7vk4Pw6aiYSKS2dDPBpdLM=; b=EEzStuJGFAL/Oz0SR7FsL245N/IdeIfBAMa4r29c1lUfuEaosYfdQYGWcW0UOO IZzlYRxig73EWXLtPl7otm++s5m5D4E0QYiClrDKD/LwqhRXp2+5gW597iPngNo2 OOHEVYx8uWDAvC25x4Ws35oFvfaq+8pDMRKn53wbjRk5U= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 21:41:31 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 114003554.1.7508; Fri, 16 Feb 2018 21:41:30 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=979; t=1518834982; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=kbdyoqf o7tVIr4UhbjJJA0dOFME5vsWhaE8bBcEU5Rs=; b=iQeKZmb2P4uK8rQyfpiOSUY 1S7oETbuXGR6NqgD6yWsM3UxyyDTg7zN8iarSoUrO5OQI13vwKavQrvhyU5NuSMk AH7PudrxWjdRXwedevPfu+QkwER2SY7LITm/wkYjVED/MnJVhRlhF2XyN6HI5BPk 6zaKkGAnoTLZ4hJoGFZ4= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 21:36:22 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 113889315.9.242840; Fri, 16 Feb 2018 21:36:22 -0500 Message-ID: <5A87965F.7010104@isdg.net> Date: Fri, 16 Feb 2018 21:41:35 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <4936118.HT585htFV3@kitterma-e6430> <5A86F87D.4040009@isdg.net> <11779035.bDf09ezvqY@kitterma-e6430> In-Reply-To: <11779035.bDf09ezvqY@kitterma-e6430> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2018 02:41:36 -0000 On 2/16/2018 1:01 PM, Scott Kitterman wrote: >> Authentication-Result: dkim.winserver.com >> ... >> dkim=fail (DKIM_KEY_HASH_MISMATCH) >> header.d=drkurt.com >> header.s=20130612 >> header.i=drkurt.com >> header.a=rsa-sha256 >> key.k=ed25519; > > That would require a much more invasive change. Currently all the information > in the A-R field is from the DKIM signature header field (thus the ptype > header). Taking the 'k' tag from the DNS record would need a new ptype. I'm talking about Protocol Consistency. The point is if the local verifier/evaluator requires a recording that is not registered, then its going to be done, just as it was done in the past when AUTH-RES was incomplete per implementation basis. It doesn't have to be about an "error." A domain has a key policy for SHA256 and/or ed25519 and a signature spoof has sha1, if it's even possible to do, then its an immediate trap with an low overhead evaluation. Thanks -- HLS From nobody Fri Feb 16 19:06:27 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A144126CF6 for ; Fri, 16 Feb 2018 19:06:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=hqF4Andk; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Qe05N/3b Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWs66DjBKU0m for ; Fri, 16 Feb 2018 19:06:23 -0800 (PST) Received: from news.winserver.com (mail.santronics.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 5B59F124235 for ; Fri, 16 Feb 2018 19:06:23 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1896; t=1518836781; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=bczK19AFqKPlWfDIgh0Pv0s14l4=; b=hqF4AndknrEmZoYjtARUOuybOUc/WuWTnFl1Diw3D+ChzFB5LcA+9bvvBq55F0 Zq4xO5MJW6TIh0VTev2bCUEUVokHUk7noKVxo3bYQOPJvHOCltAt3yJI4la+LxYq 4nbdowHZoiJummAsdJcLhVV3y1psw5gaFHIBcCgcNKf3o= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 22:06:21 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 115493441.1.1748; Fri, 16 Feb 2018 22:06:20 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1896; t=1518836472; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=CYJKRPI jifiCYP5rHilLAGKUi/LgsI2DonJE19UP7mg=; b=Qe05N/3bVr4DdwW8oeqq9yO phi2D7PqCMLC5I41rJ77I5EhSc8Qp7G9o4cx2XZ+G86/LsUbWmyVvC7hSmtce/GF RV27fuWFtjjQfhick8geWbSzdGSW3WcCc8Ziy1yG417pyUMlF+X7uEwa9UcIJfWi vuCVqATLkDjHswow+yuI= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Fri, 16 Feb 2018 22:01:12 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 115378549.9.245128; Fri, 16 Feb 2018 22:01:11 -0500 Message-ID: <5A879C30.5030300@isdg.net> Date: Fri, 16 Feb 2018 22:06:24 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <4936118.HT585htFV3@kitterma-e6430> <5A86F87D.4040009@isdg.net> <11779035.bDf09ezvqY@kitterma-e6430> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2018 03:06:25 -0000 On 2/16/2018 4:06 PM, John R. Levine wrote: >>> header.a=rsa-sha256; >>> >>> Adding "header.a=rsa-sha256" to the DKIM= section should not be a >>> technical conflict. >> >> That's what is proposed. > > Yup. Already implemented it on my server. > >>> The technical implementation issue may occur when a failure is assumed >>> due to an unexpected, unwanted, newly restricted hash. For example, >>> key has k=ed25519 and the signature has a=rsa-sha256. ... > > I agree this is overkill. If you see verifications failing due to > screwed up keys, it's easy enough to go back and look. Yes, "If you see" well, we all don't see the same thing, unless of course, we establish the boundary conditions for what the protocol rules will be. We have left too much fuzzy logic in our DKIM+POLICY protocol development over the years. Leave that to the true indeterminate conditions. We have hard rules that have very low to zero false positives. A new one will be HASH mismatches now that we have two new whelms of possible DKIM signatures; DKIM STD "v1.0" and DKIM STD "v1.1" that includes ed25519 and effectively eliminates sha1. All that protocol logic change to be discussed in the RFC guidelines. No need to leave it to ambiguity. A implementation MAY create an evaluator where it MAY need the key hash policy without requiring to do yet another DNS lookup for the DKIM Signer Domain key record. Policy info could be passed via AUTH-RES. (Side note, add up the DNS lookups a SMTP server per transaction today?) The actual DKIM verifier MAY not do the failure for the hash mismatch. The AUTH-RES evaluator could do this logic. Whether it does it not, it will be the local MSA/MDA/MUA implementators who will decide. > No doubt some people won't RTFM When the "FM" is half backed, it is why we are constantly debating and evolving. Thanks -- HLS From nobody Sat Feb 17 20:46:55 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B214712D7F6 for ; Sat, 17 Feb 2018 20:46:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.492 X-Spam-Level: * X-Spam-Status: No, score=1.492 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=CitK92hG; dkim=pass (1024-bit key) header.d=kitterman.com header.b=rnAglVrs Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWHBf9i4j6p3 for ; Sat, 17 Feb 2018 20:46:51 -0800 (PST) Received: from relay02.kitterman.com (unknown [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id CA4DD12426E for ; Sat, 17 Feb 2018 20:46:50 -0800 (PST) Received: from relay02.kitterman.com (localhost [127.0.0.1]) by relay02.kitterman.com (Postfix) with ESMTP id 1B60E80565 for ; Sat, 17 Feb 2018 23:46:46 -0500 (EST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802; t=1518929205; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=VzxQNrzM8dg2vqXZz0GRoAJNl0OB6+HLEJ0XLcerF3Q=; b=CitK92hGxmqRm1TL5qVxwVUecfKrPG4GKN3uQe8PaAMNnKrsm7U/Lzg6 8rGCFrrE/d7k+6yMp7fMatmiA72SCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802r1; t=1518929205; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=VzxQNrzM8dg2vqXZz0GRoAJNl0OB6+HLEJ0XLcerF3Q=; b=rnAglVrsNDLTLgNbPcpc1nq78f2mwDnqW8yo3ptPGQ2nmGCq8DgDV5g5 B0tG9ipvNMvSgksydMULumWYuiIvli+cDAC1nXFeGZcOUsL80qglmdbcC8 Mkr9e4wyYHhqR+kuNRBp0X66kDK0XB4g0fomxv0I6xdKkaTzguU2Pn//A= Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by relay02.kitterman.com (Postfix) with ESMTPS id D94F78055B for ; Sat, 17 Feb 2018 23:46:45 -0500 (EST) From: Scott Kitterman To: dcrup@ietf.org Date: Sat, 17 Feb 2018 23:46:45 -0500 Message-ID: <1594199.fQmGbeNpCI@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-AV-Checked: ClamAV using ClamSMTP Archived-At: Subject: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 04:46:54 -0000 I think we'll have an example header here shortly. In the meantime, I've got a DKIM milter running (experimentally) that signs/verifies Ed25519 (see the signatures that hopefully won't get stripped off this message). I am in need of a Sendmail user to help me out with this effort. What I have works in Postfix, but I've no way (or interest) in figuring out Sendmail. If you're interested in having a milter to support Ed25519 and aren't allergic to Python, please contact me off list. Scott K From nobody Sun Feb 18 03:42:48 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0205124B17 for ; Sun, 18 Feb 2018 03:42:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.011 X-Spam-Level: X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0FxqkDnDJ-n for ; Sun, 18 Feb 2018 03:42:44 -0800 (PST) Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 743BE120724 for ; Sun, 18 Feb 2018 03:42:44 -0800 (PST) Received: from [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90.107) id 1enNMg-0004RZ-7R for dcrup@ietf.org (return-path ); Sun, 18 Feb 2018 11:42:42 +0000 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> From: Jeremy Harris Message-ID: Date: Sun, 18 Feb 2018 11:42:35 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1594199.fQmGbeNpCI@kitterma-e6430> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Pcms-Received-Sender: [2a00:b900:109e:0:df75:dcf5:c97b:6fad] (helo=lap.dom.ain) with esmtpsa Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 11:42:46 -0000 On 18/02/18 04:46, Scott Kitterman wrote: > In the meantime, I've got > a DKIM milter running (experimentally) that signs/verifies Ed25519 (see the > signatures that hopefully won't get stripped off this message). On the parallel development stream, I have committed the Exim changes to the public git repo. Anyone a) running Exim b) able to build from source c) having GnuTLS 3.6.0 or later is welcome to try it. I have a public-facing MTA running, on Fedora Rawhide; anyone needing a test target or source for Ed25516 signatures please contact me offlist. -- Cheers, Jeremy From nobody Sun Feb 18 08:55:47 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F9CB1201F2 for ; Sun, 18 Feb 2018 08:55:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=LAAGd//x; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Sl9xUjma Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OrUp7EWVPuvC for ; Sun, 18 Feb 2018 08:55:43 -0800 (PST) Received: from ntbbs.santronics.com (pop3.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 642F91200B9 for ; Sun, 18 Feb 2018 08:55:43 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2147; t=1518972934; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=Q41qwwCDmS6K4t3EfgMsyEGYviU=; b=LAAGd//xpiiswL25pU8ZsF1HeLKWlr44obcdypmPREydC3OhZ0p5wjR3aZSlsb ZSLX3TChx3YfY5AtJHfUm0Q/bgWsOwuYvsm5/5m1eCiuUz3sxF0+h3+ZnaJrLqJB Dmea2shhqtoJfQkbbuTQxXIA1o6lqlZ9tCp1kLj7zk2zk= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 11:55:34 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 251645155.1.8516; Sun, 18 Feb 2018 11:55:33 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2147; t=1518972622; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=qpy6WsY f1UVc40zJIZSCovFHZO7H0O4KL5T5H4+7qS4=; b=Sl9xUjmaR06GHe9aErM6Wc/ 7lq0eqMSTQnI/sJJRsM/i95T06K+HQr4TDdUhqYni1W8qiwIRYY/WFtCxobwKodl UDry2ofvUoSnlVaFNtEhi4Ug/jCTxwC7Alzn8/kq9xnoygSXkTntAgY0lcYeJftL GKgbYRM1Az2EgV/kvepc= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 11:50:22 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 251528846.9.389684; Sun, 18 Feb 2018 11:50:21 -0500 Message-ID: <5A89B002.8020903@isdg.net> Date: Sun, 18 Feb 2018 11:55:30 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: Scott Kitterman , dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> In-Reply-To: <1594199.fQmGbeNpCI@kitterma-e6430> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 16:55:46 -0000 On 2/17/2018 11:46 PM, Scott Kitterman wrote: > I think we'll have an example header here shortly. In the meantime, I've got > a DKIM milter running (experimentally) that signs/verifies Ed25519 (see the > signatures that hopefully won't get stripped off this message). These is three signatures I see (top down): DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1518929216; ..... DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802; t=1518929205; ...... DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802r1; t=1518929205; ..... and the results, Authentication-Results: dkim.winserver.com; dkim=pass header.d=ietf.org header.s=ietf1 header.i=ietf.org; adsp=none author.d=kitterman.com signer.d=ietf.org; dkim=fail (DKIM_BAD_SYNTAX) header.d=none header.s=none header.i=none; adsp=none author.d=kitterman.com signer.d=; dkim=fail (DKIM_BODY_HASH_MISMATCH) header.d=kitterman.com header.s=201802r1 header.i=@kitterman.com; adsp=none author.d=kitterman.com signer.d=kitterman.com; Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=CitK92hG; dkim=pass (1024-bit key) header.d=kitterman.com header.b=rnAglVrs The list Auth-Res was specific with the unsupported method but with a (subjective) "dkim=neutral" or is it "dkim=pass?" result. The local Auth-RES failed the verification and it cleared the data as a bad-syntax. Nothing good about it. This is what is to be expected for many years to come. The good news, is that the original signatures always failed anyway at the list server, generally with a DKIM_BODY_HASH_MISMATCH. The bad news is that some unsuspected AVS heuristic could add more weight to the failure. Personally, I think we should update v=1 to v1.1. It is a different updated API DKIM now, and one that could also offer logic to invalidate SHA1 signatures. Thats definitely not a DKIM STD V=1 feature. -- HLS From nobody Sun Feb 18 10:55:45 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39677126B6D for ; Sun, 18 Feb 2018 10:55:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmRbEvN8hxj9 for ; Sun, 18 Feb 2018 10:55:42 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03B25120725 for ; Sun, 18 Feb 2018 10:55:41 -0800 (PST) Received: from [10.64.85.36] (mobile-166-170-31-131.mycingular.net [166.170.31.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 4C1E4C40109; Sun, 18 Feb 2018 12:55:37 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1518980137; bh=RXTAW9ue/fJlE+SyCKvrh7UzRSZPJquMUBFVc8e7FoY=; h=Date:In-Reply-To:References:Subject:To:From:From; b=zmvKTvzXqx7MBmbo5M4RvVai3alAO7YD6tS5EKBWoBlD7qy6tzP9PRQByhqVE4RO4 86KNGoKHqyuJ2OdUeV8njHOIGOCb9voHOzzTZcdVQJjuufXGdCNa9m38CtbQWujiz/ sskvptmG5iOZsRzobn+SZP+DbuGFZrk3yY+dnmyc= Date: Sun, 18 Feb 2018 18:55:33 +0000 In-Reply-To: <5A89B002.8020903@isdg.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org From: Scott Kitterman Message-ID: <7E253391-D224-438A-A903-D720555C78CB@kitterman.com> Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 18:55:44 -0000 On February 18, 2018 4:55:30 PM UTC, Hector Santos wr= ote: >On 2/17/2018 11:46 PM, Scott Kitterman wrote: >> I think we'll have an example header here shortly=2E In the meantime, >I've got >> a DKIM milter running (experimentally) that signs/verifies Ed25519 >(see the >> signatures that hopefully won't get stripped off this message)=2E > >These is three signatures I see (top down): > >DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/simple; d=3Dietf=2Eorg= ; > s=3Dietf1; t=3D1518929216; =2E=2E=2E=2E=2E > >DKIM-Signature: v=3D1; a=3Ded25519-sha256; c=3Drelaxed/simple; >d=3Dkitterman=2Ecom; > i=3D@kitterman=2Ecom; q=3Ddns/txt; s=3D201802; t=3D1518929205; =2E=2E= =2E=2E=2E=2E > >DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/simple; d=3Dkitterman= =2Ecom; > i=3D@kitterman=2Ecom; q=3Ddns/txt; s=3D201802r1; t=3D1518929205; =2E= =2E=2E=2E=2E > >and the results, > >Authentication-Results: dkim=2Ewinserver=2Ecom; > dkim=3Dpass header=2Ed=3Dietf=2Eorg header=2Es=3Dietf1 header=2Ei=3Diet= f=2Eorg; > adsp=3Dnone author=2Ed=3Dkitterman=2Ecom signer=2Ed=3Dietf=2Eorg; > dkim=3Dfail (DKIM_BAD_SYNTAX) header=2Ed=3Dnone header=2Es=3Dnone header= =2Ei=3Dnone; > adsp=3Dnone author=2Ed=3Dkitterman=2Ecom signer=2Ed=3D; > dkim=3Dfail (DKIM_BODY_HASH_MISMATCH) header=2Ed=3Dkitterman=2Ecom=20 >header=2Es=3D201802r1 > header=2Ei=3D@kitterman=2Ecom; > adsp=3Dnone author=2Ed=3Dkitterman=2Ecom signer=2Ed=3Dkitterman=2Ecom; > >Authentication-Results: ietfa=2Eamsl=2Ecom (amavisd-new); dkim=3Dneutral > reason=3D"invalid (unsupported algorithm ed25519-sha256)" > header=2Ed=3Dkitterman=2Ecom header=2Eb=3DCitK92hG; > dkim=3Dpass (1024-bit key) header=2Ed=3Dkitterman=2Ecom header=2Eb=3Drn= AglVrs > >The list Auth-Res was specific with the unsupported method but with a=20 >(subjective) "dkim=3Dneutral" or is it "dkim=3Dpass?" result=2E > >The local Auth-RES failed the verification and it cleared the data as=20 >a bad-syntax=2E Nothing good about it=2E > >This is what is to be expected for many years to come=2E The good=20 >news, is that the original signatures always failed anyway at the list=20 >server, generally with a DKIM_BODY_HASH_MISMATCH=2E The bad news is=20 >that some unsuspected AVS heuristic could add more weight to the=20 >failure=2E > >Personally, I think we should update v=3D1 to v1=2E1=2E It is a differe= nt=20 >updated API DKIM now, and one that could also offer logic to=20 >invalidate SHA1 signatures=2E Thats definitely not a DKIM STD V=3D1 >feature=2E Neutral is a valid result: https://www=2Eiana=2Eorg/assignments/email-auth/email-auth=2Exhtml Bumping the version doesn't help=2E There's no reason to believe a system= that treats unknown algorithms badly wouldn't do the same for unknown sign= ature versions=2E Scott K From nobody Sun Feb 18 11:31:17 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5241126B6D for ; Sun, 18 Feb 2018 11:31:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=eNfCXsfw; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=GwzCjSQ2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQuif0ZsQFV9 for ; Sun, 18 Feb 2018 11:31:13 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5F5F1205D3 for ; Sun, 18 Feb 2018 11:31:13 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id CC45C20C89; Sun, 18 Feb 2018 14:31:12 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sun, 18 Feb 2018 14:31:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ZOLW2VF4OdD7fPgCx Xj4JtUcXdfSeRfTYRtKiqVNlD4=; b=eNfCXsfwq11G+jUmJle5IMORg5BZCBABq TOIvRPnIaoFoMC5amBBmTuBr3+Nr9RikPhNb4VgFwDK2eh+2wEUQUta7vPPtWNGj FyFk90Cd8BZAzjCWZ2pAR9LPlG/cVKi9UO+I1Ie8KZb1VHY9HaaDMRnRefhvORbu LQeb8sv3/XUE9TD6mM1+QT0PapRmiIfq8iSkRoLy+uHgbDFCBCfQePEd3cyu7s/8 RIHC7l65WRtx3iINGfIhuABGHOMNYPAgrimnUbUsHOAs67M4zvkR834vxHHQr64G jimtm3ZtU+9ptbmpfgyr88PsDzSWYjporbvkBq1tNXONW2cQWqstg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ZOLW2V F4OdD7fPgCxXj4JtUcXdfSeRfTYRtKiqVNlD4=; b=GwzCjSQ2zyoPK2VoDmmPko /RbXGex4CvMlRuvrehdc/xMA3v8U6bWXL6z03WtW6LYd9sAlvmarJ5GCnU2zCsEk yAcSDz4w9pASQL+Vzt8RnFolGhJgfMRFsA7+2Noe2P85n3QINubHDSXdFJp4Kyxs aMW9TrhuZyBxSAPbwWvG63UDMljvG+nHP5mW9BSxQ4DoJT4ZwiCUnL9X4ARUDwRB LwOj5g9jkXSGg35Ud/85fQTnqCNlOAMeHeOw1jNk5lZ+afOtHV+4DF+mv0iiqKfD v8MlafpIiHfLzk4VOH9/IX+l9MCffsJhOCXcQS8BRGm0wRuDdbNY9eDt3aV+YZZg == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 8A6E17E137; Sun, 18 Feb 2018 14:31:12 -0500 (EST) References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> In-Reply-To: <5A89B002.8020903@isdg.net> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> Cc: dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Sun, 18 Feb 2018 14:31:10 -0500 To: Hector Santos Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 19:31:15 -0000 > On Feb 18, 2018, at 11:55 AM, Hector Santos wrote: >=20 > Personally, I think we should update v=3D1 to v1.1. It is a different up= dated API DKIM now, and one that could also offer logic to invalidate SHA1 s= ignatures. Thats definitely not a DKIM STD V=3D1 feature. One could argue that, if successful, you'll end up trading implementations t= hat mess up handling algorithms for implementations that mess up handling ve= rsion numbers. Thanks, Stan= From nobody Sun Feb 18 12:08:31 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBAC126BFD for ; Sun, 18 Feb 2018 12:08:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UB1em9f-Fzy for ; Sun, 18 Feb 2018 12:08:28 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9792212422F for ; Sun, 18 Feb 2018 12:08:28 -0800 (PST) Received: (qmail 35940 invoked from network); 18 Feb 2018 20:08:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=8c62.5a89dd3b.k1802; bh=G1TjbSSLYWFNwIAbhW3OWeaFCZZUYAEgD/oFk28F+kU=; b=GnmXc7bF1SE+wt0S9K6RK84zfswl3jvKzi1B5Gi6RwIpYB32UAdP8MqGKKX+8Aje7q1p5toJbRTCN+r4b0hxUD/KqMoiqQFYIxJQXGXdXVrh7V0bPIZKx41LTDyahOet5Gvqj1jZZLCcla8f9INVARQrsyAm9ocSSatJ4nEC4QdXLo/0a6GdUsUivCeION/3SXuQJwQD4f3/7EzeoYLaSUwlEO5VDNVeY55tLitCewKIVo/oxr97/FE/RdmxP7Nm Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 18 Feb 2018 20:08:26 -0000 Date: 18 Feb 2018 15:08:23 -0500 Message-ID: From: "John R. Levine" To: "Stan Kalisch" Cc: dcrup@ietf.org In-Reply-To: <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 20:08:30 -0000 On Sun, 18 Feb 2018, Stan Kalisch wrote: >> On Feb 18, 2018, at 11:55 AM, Hector Santos wrote: >> >> Personally, I think we should update v=1 to v1.1. It is a different updated API DKIM now, and one that could also offer logic to invalidate SHA1 signatures. Thats definitely not a DKIM STD V=1 feature. > > One could argue that, if successful, you'll end up trading implementations that mess up handling algorithms for implementations that mess up handling version numbers. There are scenarios where bumping the version number makes sense (see my flamefest with Dave Crocker) but this isn't one of them. Any existing DKIM verifier that doesn't ignore an ed25519 signature is already badly broken. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Sun Feb 18 15:24:28 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2964126BF7 for ; Sun, 18 Feb 2018 15:24:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=CSXN5Fad; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=skz3I93E Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0Oc_pI71CuN for ; Sun, 18 Feb 2018 15:24:23 -0800 (PST) Received: from listserv.winserver.com (ntbbs.santronics.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 0D433126E64 for ; Sun, 18 Feb 2018 15:24:17 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1886; t=1518996254; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=+rdGh7j2D1EF9DvJBghsI8aa6dM=; b=CSXN5Fad/qsvgKB2QbNUG04nNeyVdKb/18kx19n9df8lmyLFI0UfmCFeiKGOAt PqR0DiWroLSRhPlKPEUohBnxR/nFNL+oOHeYu5llcT9IKGfWd5+dsr9cp015E6Ae b26MghCZlEwkO3ygwxsxmyTEQiLs/6JSxtztV+iqBG/ps= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 18:24:14 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 274965432.1.8644; Sun, 18 Feb 2018 18:24:14 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1886; t=1518995941; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=/3Rv8cN og2qDbFi9QcZIUNou6oQdw+7ZqaIYEgIo8Z4=; b=skz3I93EIDArPQy1BE05DF/ K3EZgYy8CDafwKlLaDFylDe2Yt8Z8A0Oh6EnG6OVlyZaUpPWFdFDm2JXcqm2Av+8 reozO2j+azPdVD4Io9QubNIRo8NSldXB8PPEuBzDMq1yf30p/Z7r3cOlWyibGcWx NzbKEx4+9ZYOQaUaJKEs= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 18:19:01 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 274847908.9.1132; Sun, 18 Feb 2018 18:19:01 -0500 Message-ID: <5A8A0B1A.8010608@isdg.net> Date: Sun, 18 Feb 2018 18:24:10 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 23:24:27 -0000 On 2/18/2018 3:08 PM, John R. Levine wrote: > On Sun, 18 Feb 2018, Stan Kalisch wrote: >>> On Feb 18, 2018, at 11:55 AM, Hector Santos wrote: >>> >>> Personally, I think we should update v=1 to v1.1. It is a >>> different updated API DKIM now, and one that could also offer logic >>> to invalidate SHA1 signatures. Thats definitely not a DKIM STD V=1 >>> feature. >> >> One could argue that, if successful, you'll end up trading >> implementations that mess up handling algorithms for implementations >> that mess up handling version numbers. > > There are scenarios where bumping the version number makes sense (see > my flamefest with Dave Crocker) but this isn't one of them. Any > existing DKIM verifier that doesn't ignore an ed25519 signature is > already badly broken. Its already broken at this elevated point. The question has always been since day one, "How do you report/evaluate invalid signatures?" Since day one, as it is written in DKIM STD stone, the DKIM invalid signature concept was to viewed as an invalid result as if the signature never existed. No invalid data is passed. Many policy advocates felt otherwise, it should|could be included in heuristic/AI algorithms, the idea that invalid condition(s) may exist in a transport. Nonetheless, there is good logic when a verifier sees "v1.1" because it tells them there is a number of new DKIM STD considerations supported by the signer: 1) A new hash algorithm exist, 1.1) Pay more attention to POLICY "k=" tags, 2) SHA1-hashed signatures MAY be rejected (invalidated). 2.1) The original domain policy MAY expect it. At the end of the day, its about API code change. You can't do DRUP without changing DKIM code. This update is not DKIM STD v1=0 as it was written. It is v=1.1 The updated API should be able to handle both and more. -- HLS From nobody Sun Feb 18 15:55:25 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9009124207 for ; Sun, 18 Feb 2018 15:55:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=vK43x/4N; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SONPSGgE Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R69bFwFe8yp7 for ; Sun, 18 Feb 2018 15:55:23 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AB0412008A for ; Sun, 18 Feb 2018 15:55:23 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A3BD220B68; Sun, 18 Feb 2018 18:55:22 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sun, 18 Feb 2018 18:55:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=wggi/CgL7sQ0G/ctJ dmvYPlTceGbuwlnA5FVWy8eVog=; b=vK43x/4NkNh8AhFKrwHaXKHmWWBk0Inca BbUwne8SqKxUvPyMhGEz8XUscne9A+zQ/+n41u7Yb03RP66WZSu5eWAYJVxVr7nM x2AsWNadh3gpjQiZD0vjNhXwxTzuJ61kkF32DgFrU0Of23fm+BeS/Ne9YIaccArr KL+62dB/pn9PA0XGP0VHY74zRDKJgpxU3hPnQ4f6m8uV5ad2UGx/5e9UES0GDoRR IAcQwECzKoTczSDQY1PVjSzsDhe51ns5ie6pbmlGCucbqDQhwu1bQZOl1xphdFJv PfZnGde6Vkuhaeacm2QVjBELcKUvO7wlwitwGDgyhfuCH/830w5pA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=wggi/C gL7sQ0G/ctJdmvYPlTceGbuwlnA5FVWy8eVog=; b=SONPSGgE5y6+09yCGpwJ7A KLkDuKkLN1dwkQJrlc0m+qlHK+IrdVowSn5dV9ry3mmDJWHII/3W7Oqg7a0/mI8M QtXOlRfgM1TYuF4XoMFr6A2/9KGUxQx03udoxjHl6YAcf6eXn+uHXasMzvSmHG70 OtQjiYCsnH8yZxr9VQ+8BAsgEbL99ATQV7o1qKC4pf/BuQCgu27eWmxaEqpQB+sH 27zOO7nF3BtfAHUjZ3BLLsKgt8gdS65fvMoPAczzvKxT4GhEm602DygermREQCZj SxwG48Pe24CKtTceh/QfPF1crIdcwtflVKG9MI6G3xPlyCziuDyPmP1BVW32I0hA == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 59D787E1F3; Sun, 18 Feb 2018 18:55:22 -0500 (EST) References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Message-Id: <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> Cc: dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Sun, 18 Feb 2018 18:55:18 -0500 To: "John R. Levine" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 23:55:24 -0000 > On Feb 18, 2018, at 3:08 PM, John R. Levine wrote: >=20 > On Sun, 18 Feb 2018, Stan Kalisch wrote: >>> On Feb 18, 2018, at 11:55 AM, Hector Santos wrote: >>>=20 >>> Personally, I think we should update v=3D1 to v1.1. It is a different u= pdated API DKIM now, and one that could also offer logic to invalidate SHA1 s= ignatures. Thats definitely not a DKIM STD V=3D1 feature. >>=20 >> One could argue that, if successful, you'll end up trading implementation= s that mess up handling algorithms for implementations that mess up handling= version numbers. >=20 > There are scenarios where bumping the version number makes sense (see my f= lamefest with Dave Crocker) but this isn't one of them. I thought of that thread after I posted. 0:-) I should have been clear that I'm not espousing an opinion on version bumps i= n general=E2=80=94it just seems to me that with this with this particular tr= ade, there's a rather relatively high opportunity cost. It also wouldn't su= rprise me if a number of sites that mess up with signatures/algorithms also m= ess up with the version number, in which case you have a driver who interpre= ts the sign pointing to the new roadway as a sign that reads, "Don't drive."= > Any existing DKIM verifier that doesn't ignore an ed25519 signature is alr= eady badly broken. Yes. Thanks, Stan= From nobody Sun Feb 18 16:16:31 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5695B126CE8 for ; Sun, 18 Feb 2018 16:16:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=atp/GCgX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Gx5G2Gtj Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1IMd8dbD2NX for ; Sun, 18 Feb 2018 16:16:29 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71E2812008A for ; Sun, 18 Feb 2018 16:16:29 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id D992520B77; Sun, 18 Feb 2018 19:16:28 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sun, 18 Feb 2018 19:16:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bd1R+K2oPJpIymDm4 tpXWaZ1b4YxPwIcPJ094cXBwrA=; b=atp/GCgXEBNnzCh/OMHClPAP43jKZnaHd 5vKC8TPDFpSc3Fqnt3CfwfRa8PuLWnnFc5wJaFq9An3MOUF83JpVppBCjQ4N3GFx 7Pm8jpwN3a6co53mEBiJUo8j84zcJv9wFzHaCuvfGCdgj4zdFo0cQd8U+qxh8tbt GkV1d7ERhiPnrizzoK35vmI7wNPyCnz0VNHeajdLG3t14NaE89Vs1timJu+ISZyL 3ljRHQWkqBMBk/lvktIAxwiA7NPO8TdFVW9s2LI0AoSuEA9DOmVsUlDxjndvKKuB iZVx68Sqpv6EyuE12OJOiQhQYcJf/KxD4+NFiAsWYIlxjeDsWW4cQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bd1R+K 2oPJpIymDm4tpXWaZ1b4YxPwIcPJ094cXBwrA=; b=Gx5G2GtjIbkhGux/IsJUYL yFkvfBCW14vw9v+wu20H0Q7g9VgMu9Zjw28f5Yd5T3+PkRvdO4At4hDeo+6aLDiq Nd5X+O4Zkh4Xdk+h3h7JpHjJ7rvf8MlZykFRKGsnYt60SV/b78itudkR89MtQLRd DjCOQYSbGDa3wxBkC4tyXIU+5DCCPST9Qa1ogl93JVLb3Mfot++nd7V70LabGG2x aSZmcr/QDS0L8uifdewN8cv9+6iyCSNLKyRClEhhcEPvWVE2+KsuQTTEExVkagmY Ij5bI8mVRiKWruuU6UGejr2ON8t6UsL1GvP0yWrqVnRS2dpzS8SuCD+Lc+PBIJig == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 74F577E0DA; Sun, 18 Feb 2018 19:16:28 -0500 (EST) References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <5A8A0B1A.8010608@isdg.net> In-Reply-To: <5A8A0B1A.8010608@isdg.net> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <680DA2AD-B734-4C78-875A-6A7345AEA0E2@glyphein.mailforce.net> Cc: dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Sun, 18 Feb 2018 19:16:27 -0500 To: Hector Santos Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 00:16:30 -0000 > On Feb 18, 2018, at 6:24 PM, Hector Santos wrote: >=20 > Nonetheless, there is good logic when a verifier sees "v1.1" because it t= ells them there is a number of new DKIM STD considerations supported by the s= igner: Using just "1.1" isn't sufficient. If you want to use the version numbering= approach, you have to do something like what John Levine proposed in that t= hread on the ietf-dkim list or what TLS 1.3 does in masquerading as TLS 1.2.= Thanks, Stan= From nobody Sun Feb 18 16:20:30 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8528C124207 for ; Sun, 18 Feb 2018 16:20:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=kH/aXCB7; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=oPxm0s28 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zrFk7BSAoDt for ; Sun, 18 Feb 2018 16:20:27 -0800 (PST) Received: from listserv.winserver.com (listserv.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 630F412008A for ; Sun, 18 Feb 2018 16:20:27 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=588; t=1518999620; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=f0rS99B8Rd8+sQ+5DXANmQ9LMTo=; b=kH/aXCB7w5KdItjtXOQRngWBTQQ2MEYgndPPMBXw0TkLqec8LrzsDoluOrZQkI VtP4tJTAbjebWiQZo2d2GuttyuR6mzi2hqsiN08saj13iduJRGz/+OOXGT5HWG46 kt+Y4PdcTNEsddQoXIAQWpp3LdLHPgfRdS6ISl6WEu7yU= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 19:20:20 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 278330779.1.1096; Sun, 18 Feb 2018 19:20:19 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=588; t=1518999307; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=i8wm1k4 zHQmEv1rhQbpOuwH2XBaAmbPlCFy5U6cAgyo=; b=oPxm0s28I+TuwD3/I2+Ov1P iz8c40L8EBadx1NdrFYIvpYbJQ5shP7xG46QEvFU9Igrpcv9j0TTkPP5cvAePBko FHTcIIPeJWVoaVeLAlPoTeeWo2b6b1miIhWj7Q+f4pch8dd3zJrcq7xUvKX4uq7s e47Zh0poWPOkvcmhkPPw= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 19:15:07 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 278213627.9.6664; Sun, 18 Feb 2018 19:15:06 -0500 Message-ID: <5A8A1840.2000100@isdg.net> Date: Sun, 18 Feb 2018 19:20:16 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> In-Reply-To: <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 00:20:28 -0000 On 2/18/2018 6:55 PM, Stan Kalisch wrote: > >> Any existing DKIM verifier that doesn't ignore an ed25519 signature is already badly broken. > > Yes. Define broken. If it doesn't understand ed25519, then having v=1.1 would also preempt non-supporters. Keep in mind that one the basic tenets in DKIM STD verification is that an invalid signature MUST be viewed as if the signature never existed. So you need to define what "Broken" means. Breaking due to an unknown hash resulting in an invalid signature is perfectly valid -- No Signature Exist at that point. -- HLS From nobody Sun Feb 18 16:32:33 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDED2126BF3 for ; Sun, 18 Feb 2018 16:32:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=SBQVFaLx; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ZwIHLAJF Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xkdthNzeti_Z for ; Sun, 18 Feb 2018 16:32:30 -0800 (PST) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFB6212008A for ; Sun, 18 Feb 2018 16:32:29 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 2BB0720DC5 for ; Sun, 18 Feb 2018 19:32:29 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sun, 18 Feb 2018 19:32:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=6BW4zshO5Z5FBdtBE6OHTm8fD82zP tNQ9ogKKkAlces=; b=SBQVFaLxzid1u1U/ITnmbNlyuwC/nalK2TIcw3mO52YWh cgPeHGyNU+FrHktSzqVV3h2O0LGSBPieMcPAzmb/SDo8kVjXz5ckdsZiXn7Q55gX Aq3Z1cT41YFoSPcpdqU3x4Xcf88wvTUOwpB92pdd0x2Kjnhx7X1BWS8agkwYhMJr b37PsyYiPR90CRWzaCm0ouc3Zui4y27WOOmEjBPTkA7aW7eOJ1M5f3FkXBG18tUm cP31tLgiI0Y9+djJjLA3xWV2+LSZvB3AEqijozha7e1YUEhuyHvJhWuIzKGXk8Ww g7jES0hxvgWR8AaGLFblIhgovqO/1TsKJEwPQVwrg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=6BW4zs hO5Z5FBdtBE6OHTm8fD82zPtNQ9ogKKkAlces=; b=ZwIHLAJFpYbqm9nfRJrlLg hMT/DzTgoGg+Le9g39Is3FRkD5HTCD/+gBRt1oq1ga7R1u5lOh4MBwGi3YluANPf jXY2UsZfLoRgoLvn8HBqGtuhu6SrB5e7U80Hrgp+ZDnELY5GuIS78f0rhNLSrlog vEkREBS1nPgnHK7DY003nR3sxkT6CQ4yskdZPC8Y75BZK6aEPakQmITbsZog3mBV 9R2Xa58/pZqZcEbTqTY4lluyD2QgqC+8K63ozEkW94ZebzUAJNzIQ168uUpsKiKU Oh14VkFN85ovnChIY81Eie3GTm1wTzL4vydKzRFiGFtvyWuhl2rnADX3RTsGTalA == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id DFF877E1F3 for ; Sun, 18 Feb 2018 19:32:28 -0500 (EST) References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <5A8A0B1A.8010608@isdg.net> <680DA2AD-B734-4C78-875A-6A7345AEA0E2@glyphein.mailforce.net> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <680DA2AD-B734-4C78-875A-6A7345AEA0E2@glyphein.mailforce.net> Message-Id: Date: Sun, 18 Feb 2018 19:32:27 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 00:32:31 -0000 On Feb 18, 2018, at 7:16 PM, I wrote: >=20 > Using just "1.1" isn't sufficient. If you want to use the version numberi= ng approach, Well, really, to cover all the scenarios, perhaps it's better to say "versi= oning approach", although all the scenarios do involve version numbers. Stan= From nobody Sun Feb 18 16:50:10 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 339CA124207 for ; Sun, 18 Feb 2018 16:50:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=dwYYufmT; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=ofIBFjEo Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4HXVgt1U9Ia for ; Sun, 18 Feb 2018 16:50:07 -0800 (PST) Received: from winserver.com (catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 435EB12008A for ; Sun, 18 Feb 2018 16:50:07 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=527; t=1519001400; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=E0VsjVTYP3llbAMIvuAw3HYt+ys=; b=dwYYufmTHyQk7soLmtRPM5k+UEfh1xbeMg24VRVmQRdhFh2N7CwNv3uaUzDJoq 7DE0NfHQgEfKnam6f9mAIxYBlO9+ZIVqF4nhBfESYl6p1D7YlGP2aPjsvkS+VhbA m5XoR2/1X0dsZPiEsKWutHo0E8VmQ2XkY/XTXrj4IC4Bo= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 19:50:00 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 280110860.1.7756; Sun, 18 Feb 2018 19:49:59 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=527; t=1519001088; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=70gWbQh lBfMLIw0EyZORurABQOWKjYrERuDchEsSwlk=; b=ofIBFjEo6pq+5avTVnlD/M6 ENIMu+X1PpaTQqmoxtR/c+HTX6ksiaWALXRgao9Fq3HzHZbgB7yIoUhMA3BnjjVZ oAidNpBFDQ+gv54T8nEA6dUAkcPCnE57VxMadXbjW47ZwMrk1LfpU1IxxjL83cpi iad1+9xSMdoH1B1EwEbM= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 18 Feb 2018 19:44:48 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 279994299.9.8084; Sun, 18 Feb 2018 19:44:47 -0500 Message-ID: <5A8A1F34.9080205@isdg.net> Date: Sun, 18 Feb 2018 19:49:56 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> In-Reply-To: <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 00:50:09 -0000 On 2/18/2018 6:55 PM, Stan Kalisch wrote: >> Any existing DKIM verifier that doesn't ignore an ed25519 signature is already badly broken. > > Yes. If a signer uses a=ed25519-sha256, all non-supportive verifiers are purposely "broken" in which case, the signature MUST be deemed invalid, and by design, in DKIM STD methodology, the signature must be viewed as never to exist. Any verifier that continues to consider to evaluate a non-supportive hash could be viewed as "broken" and a "security risk." -- HLS From nobody Sun Feb 18 19:09:22 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1437612708C for ; Sun, 18 Feb 2018 19:09:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0mvpJp3AEzX for ; Sun, 18 Feb 2018 19:09:20 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2520126CB6 for ; Sun, 18 Feb 2018 19:09:18 -0800 (PST) Received: from [192.168.1.146] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 18583C402A7; Sun, 18 Feb 2018 21:09:17 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1519009757; bh=Qi29E+Hfqi0Jnb8scXdoWwr3D5hZNGQ5gy3hf7V10RI=; h=Date:In-Reply-To:References:Subject:To:From:From; b=Q0/nFc0qxQRAIxxF9Yx4mrjXR3g7SpjobDep6kJeRh0NImBqsZ/ziN1xOe83xCnGq lG24lGFpSzrQL1d79WnRG5asMu71zxq9cikU7HLwBxbZqZC/Q3GLlQgqu3tngMsbVG 2LS0UtvpTXKSclNU6Ck+nXTwih8gbD+KHAMA57J4= Date: Mon, 19 Feb 2018 03:09:14 +0000 In-Reply-To: <5A8A1F34.9080205@isdg.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> <5A8A1F34.9080205@isdg.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: dcrup@ietf.org From: Scott Kitterman Message-ID: <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 03:09:21 -0000 On February 19, 2018 12:49:56 AM UTC, Hector Santos w= rote: >On 2/18/2018 6:55 PM, Stan Kalisch wrote: > >>> Any existing DKIM verifier that doesn't ignore an ed25519 signature >is already badly broken=2E >> >> Yes=2E > >If a signer uses a=3Ded25519-sha256, all non-supportive verifiers are=20 >purposely "broken" in which case, the signature MUST be deemed=20 >invalid, and by design, in DKIM STD methodology, the signature must be=20 >viewed as never to exist=2E Any verifier that continues to consider to= =20 >evaluate a non-supportive hash could be viewed as "broken" and a=20 >"security risk=2E" It's really simple (RFC 6376 and predecessors): "3=2E3=2E4=2E Other Algorithms Other algorithms MAY be defined in the fut= ure=2E Verifiers MUST ignore any signatures using algorithms that they do n= ot implement=2E" Any verifier that does that is not "broken" and there's no problem=2E Any= verifier that does something else is "broken"=2E No version nonsense need= ed=2E Scott K From nobody Sun Feb 18 20:57:56 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2E5612711E for ; Sun, 18 Feb 2018 20:57:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wlHqFt4DiQso for ; Sun, 18 Feb 2018 20:57:52 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95E491201FA for ; Sun, 18 Feb 2018 20:57:52 -0800 (PST) Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1J4uexW031433; Mon, 19 Feb 2018 04:57:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=Gzl55j1oMLiWNe8JfjC6M4e4Z7GOVyjD8J3HCGZ9YOc=; b=An/2iyd4H+78laKEUZ414b3akM+aE9KPmcBHfKBC6Ahj3YT+VhRsqMtIYKviJzO9tK9Y eATgEncKAY/fsd7P3c5SVmMoZpwua8cGw3ZT8KNf6TC6KIOoNg1wj5eUqwpnxEB/dwuv LqFw9f0gnF/JTpco4vskRatYvu++HYHYrkdhwLgJeZWeIlmfXxfuDedEAhgIyLhPAw/y AuorfLWAWKzegpl1xTDN/AfxZPzY21v68mDX1Jbn5zFJZLs5JWsl+VGrB9XooTdEK6Eq P03oLH+PedU+db5JPZEyQTlTQZ8/t7qw7RHtnmPO6pBtcWq7HteI+tVXF9VlQGehPorI xg== Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050093.ppops.net-00190b01. with ESMTP id 2g6chqdfta-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 04:57:47 +0000 Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1J4tlWP020836; Sun, 18 Feb 2018 23:57:46 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.32]) by prod-mail-ppoint4.akamai.com with ESMTP id 2g6gm1bjq3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 18 Feb 2018 23:57:46 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sun, 18 Feb 2018 22:57:45 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Sun, 18 Feb 2018 22:57:45 -0600 From: "Salz, Rich" To: Stan Kalisch , Hector Santos CC: "dcrup@ietf.org" Thread-Topic: [Dcrup] Progress Evaluating DCRUP Thread-Index: AQHTqHODye7C2uaIYEG1yi09EX1uWaOqxj4AgAArfwCAAEp6AA== Date: Mon, 19 Feb 2018 04:57:44 +0000 Message-ID: References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> In-Reply-To: <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.40.92] Content-Type: text/plain; charset="utf-8" Content-ID: <85B184492AF02946A326FC4031794EF4@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-19_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802190062 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-19_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802190062 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 04:57:54 -0000 VGhlcmUgaXMgbm8gQVBJIGRlZmluZWQgaW4gdGhlIGRvY3VtZW50cywgc28gSSB0aGF0IGRvZXNu J3Qgc2VlbSBsaWtlIG1vdGl2YXRpb24gdG8gY2hhbmdlIHRoZSB2ZXJzaW9uIG51bWJlci4NCg0K 77u/T24gMi8xOC8xOCwgMjozMSBQTSwgIlN0YW4gS2FsaXNjaCIgPHN0YW5AZ2x5cGhlaW4ubWFp bGZvcmNlLm5ldD4gd3JvdGU6DQoNCiAgICA+IE9uIEZlYiAxOCwgMjAxOCwgYXQgMTE6NTUgQU0s IEhlY3RvciBTYW50b3MgPGhzYW50b3NAaXNkZy5uZXQ+IHdyb3RlOg0KICAgID4gDQogICAgPiBQ ZXJzb25hbGx5LCBJIHRoaW5rIHdlIHNob3VsZCB1cGRhdGUgdj0xICB0byB2MS4xLiAgSXQgaXMg YSBkaWZmZXJlbnQgdXBkYXRlZCBBUEkgREtJTSBub3csIGFuZCBvbmUgdGhhdCBjb3VsZCBhbHNv IG9mZmVyIGxvZ2ljIHRvIGludmFsaWRhdGUgU0hBMSBzaWduYXR1cmVzLiAgVGhhdHMgZGVmaW5p dGVseSBub3QgYSBES0lNIFNURCBWPTEgZmVhdHVyZS4NCiAgICANCiAgICBPbmUgY291bGQgYXJn dWUgdGhhdCwgaWYgc3VjY2Vzc2Z1bCwgeW91J2xsIGVuZCB1cCB0cmFkaW5nIGltcGxlbWVudGF0 aW9ucyB0aGF0IG1lc3MgdXAgaGFuZGxpbmcgYWxnb3JpdGhtcyBmb3IgaW1wbGVtZW50YXRpb25z IHRoYXQgbWVzcyB1cCBoYW5kbGluZyB2ZXJzaW9uIG51bWJlcnMuDQogICAgDQogICAgDQogICAg VGhhbmtzLA0KICAgIFN0YW4NCiAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KICAgIERjcnVwIG1haWxpbmcgbGlzdA0KICAgIERjcnVwQGlldGYub3Jn DQogICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9kY3J1cA0KICAgIA0K DQo= From nobody Mon Feb 19 12:29:00 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DEA7124C27 for ; Mon, 19 Feb 2018 12:28:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fs4c4BQnPjTC for ; Mon, 19 Feb 2018 12:28:57 -0800 (PST) Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B8E81200B9 for ; Mon, 19 Feb 2018 12:28:57 -0800 (PST) Received: by mail-lf0-x232.google.com with SMTP id q69so1152491lfi.10 for ; Mon, 19 Feb 2018 12:28:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=n2GmYcowds1126t/tF6aH6ijzHd9zoqAIp/uagT7VqY=; b=AVKxFY4NyadCft0OPZNtg0FhHq13Xu/2DFqUT1rSDJO4nphT2cVcMCGe27hz76knqo jZcDEtCAYXJWGZOFHhUykH3+v6haNMKwDvfi48w4GpA1Xn26ZrSerFzj+RhMtb5ENcSa qW4rGwVBxSJpOoBHYFDBH1nfJW7qelzgPDxEuFAlrhEAEHmjFTa3IpUwMf8HMJztTfK9 uoyzb6Ums7smEmNb/R1rxMWFceyeFWW+NlmYnZC/u3rKxzqNbtpXqWxqmDItGss30d30 MIqjEYC9QSWfKEsgjqfL+prSXCxyI5Xf9xhPf+ItMcEdzl4jcMchLEvEzLmLW2jiB7a2 p3Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=n2GmYcowds1126t/tF6aH6ijzHd9zoqAIp/uagT7VqY=; b=oaml/GPldnjl007lYjqXcamwEIuQI5fuXeXRMC0R75N42EFI818ducrH7lvjM+PEMm D7TQRmD2MHSQPLLjifXjtbzUvUM2vQrDao+RCD7ub5Gnqcc7QCc1sGcBhBhfXjd2YrtY HU22eVGHwW6QmPR51FlrrXhIDLQYUir/nbdq32rf32gn/k1RxtXKF4WxyrHKyhkPweQC nnjYZg0s2u3HuZUstcJyXG+xfaDww+cTTnhRuzWehCXslBx0FP8F8cRkSE+RQMDS9tcr QtU/ofKeAaTYq8Srlf3/igwBQ4eWn7CX6rKV76OgP+OZiQ1uV583MRE3QJWuDAv11La+ RT9A== X-Gm-Message-State: APf1xPAsV6no4Lvbtl/44jEZ22x0cFeRvVsqx8v/AYwucz0O1vKJamfm eUcLXTMlSMholcKF4hd29ZfXd+BKT2E+by0Z21+5HQ== X-Google-Smtp-Source: AH8x225uW3LYsJIFCwKS8OxM64nX6A6ocN2x/wy3anOGVUOTcyx250GR5kaiwm61psSCi+y35Jul3rtz8ZjJLjJ7Dw0= X-Received: by 10.46.32.11 with SMTP id g11mr1808342ljg.75.1519072135280; Mon, 19 Feb 2018 12:28:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.46.66.82 with HTTP; Mon, 19 Feb 2018 12:28:54 -0800 (PST) In-Reply-To: <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> References: <1758927.omyoBIiuhu@kitterma-e6430> <4936118.HT585htFV3@kitterma-e6430> <0f42a9e0-beec-3d2d-ba7f-2b5bf7183f3e@tana.it> From: "Murray S. Kucherawy" Date: Mon, 19 Feb 2018 20:28:54 +0000 Message-ID: To: Alessandro Vesely Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a1142c06602ff440565968b60" Archived-At: Subject: Re: [Dcrup] Addition of header 'a' to Authentication-Results X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 20:28:59 -0000 --001a1142c06602ff440565968b60 Content-Type: text/plain; charset="UTF-8" On Thu, Feb 15, 2018 at 11:24 AM, Alessandro Vesely wrote: > On Thu 15/Feb/2018 06:43:23 +0100 Scott Kitterman wrote: > > I think header.a could either be trivially added to the pending DCRUP > document > > or handled by 7601bis, but I think it's out of scope for the ARC working > > group, which is where I understand 7601bis is being discussed currently. > > The algorithm could be deduced from the selector if one takes the bother to > retrieve and parse that record. If it is a useful addition to A-R header > fields, by the same token it would be useful to read the algorithm in > aggregate > feedback records. As it introduces the new algorithm, dcrup-dkim-crypto > can > meaningfully make both additions. > Actually yeah, this is in part why we added "header.b" back in the day. If you can parse A-R, you can probably parse DKIM-Signature (and the various ARC fields), so you can extract this already, and "header.b" makes it possible to tie them together. -MSK --001a1142c06602ff440565968b60 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Thu, Feb 15, 2018 at 11:24 AM, Alessandro Vesely <vesely@= tana.it> wrote:
On Thu 15/Feb/2= 018 06:43:23 +0100 Scott Kitterman wrote:
> I think header.a could either be trivially added to the pending DCRUP = document
> or handled by 7601bis, but I think it's out of scope for the ARC w= orking
> group, which is where I understand 7601bis is being discussed currentl= y.

The algorithm could be deduced from the selector if one takes the bo= ther to
retrieve and parse that record.=C2=A0 If it is a useful addition to A-R hea= der
fields, by the same token it would be useful to read the algorithm in aggre= gate
feedback records.=C2=A0 As it introduces the new algorithm, dcrup-dkim-cryp= to can
meaningfully make both additions.

Actua= lly yeah, this is in part why we added "header.b" back in the day= .=C2=A0 If you can parse A-R, you can probably parse DKIM-Signature (and th= e various ARC fields), so you can extract this already, and "header.b&= quot; makes it possible to tie them together.

-MSK
--001a1142c06602ff440565968b60-- From nobody Mon Feb 19 14:04:23 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11BB8126DCA for ; Mon, 19 Feb 2018 14:04:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=WD9i2blL; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=ZWVK5EsX Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4s7a2g2ZqKwe for ; Mon, 19 Feb 2018 14:04:19 -0800 (PST) Received: from demo.winserver.com (secure.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1C9B1128D2E for ; Mon, 19 Feb 2018 14:04:18 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1407; t=1519077852; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=uS/sF2uIUf6NYy2/PyWZpz8uV5s=; b=WD9i2blLvqSsQ4anqwkraDMyj161uCpx5/Mm00EiTVHMHr0PnigGeI+9ilBkPS IvBOlUY6wuduAg1avRxS7eRjbFH1L/oBvYZrnfyk5HFWlYFsOW15Ao70uiAxKn/U g0oZ2WwS/JGX1onCrnZJNT886ukndDqNOb7ccBIlcP3ss= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 17:04:12 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 356562207.1.4364; Mon, 19 Feb 2018 17:04:12 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1407; t=1519077535; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=MYXjXYw bAlNiAPwNjYXWx2QO6ZoPGDL5BImd8HtFu6c=; b=ZWVK5EsXRpsFpU+/7CWRHaR scOKDvlbSauGu+/IoJ8x9eXpMEBpv5qawcKouvZIWXAkVLZXDNZ+MEvzp8NOYNb1 t95lavdqRTKlXY6oMJsahQK7opuaCNZoMS020k2Kr60+5iRZGc1xQbDBI0y7p7l6 C77twH1ujFhgrqnDf6vY= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 16:58:55 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 356441783.9.91044; Mon, 19 Feb 2018 16:58:54 -0500 Message-ID: <5A8B49D7.9060308@isdg.net> Date: Mon, 19 Feb 2018 17:04:07 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> <5A8A1F34.9080205@isdg.net> <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> In-Reply-To: <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 22:04:21 -0000 On 2/18/2018 10:09 PM, Scott Kitterman wrote: > > > On February 19, 2018 12:49:56 AM UTC, Hector Santos wrote: >> On 2/18/2018 6:55 PM, Stan Kalisch wrote: >> >>>> Any existing DKIM verifier that doesn't ignore an ed25519 signature >> is already badly broken. >>> >>> Yes. >> >> If a signer uses a=ed25519-sha256, all non-supportive verifiers are >> purposely "broken" in which case, the signature MUST be deemed >> invalid, and by design, in DKIM STD methodology, the signature must be >> viewed as never to exist. Any verifier that continues to consider to >> evaluate a non-supportive hash could be viewed as "broken" and a >> "security risk." > > It's really simple (RFC 6376 and predecessors): > > "3.3.4. Other Algorithms Other algorithms MAY be defined in the future. Verifiers MUST ignore any signatures using algorithms that they do not implement." > > Any verifier that does that is not "broken" and there's no problem. Any verifier that does something else is "broken". No version nonsense needed. If the new logic is to encourage ignoring/invalidate a DKIM STD76 feature, i.e. SHA1, then that technically is a STD version upgrade. The real "nonsense" is that software COULD break if you bumped the number. It couldn't be then even if it was desired. Thats the real problem here. At the end of the day, it is NOT STD76 v=1 behavior. -- HLS From nobody Mon Feb 19 14:15:02 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB824126BF6 for ; Mon, 19 Feb 2018 14:14:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id He3H4hGNZmd2 for ; Mon, 19 Feb 2018 14:14:58 -0800 (PST) Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB96A1241FC for ; Mon, 19 Feb 2018 14:14:58 -0800 (PST) Received: from steel.local (sfosf0017s350801.wiline.com [64.71.6.2] (may be forged)) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id w1JMErBu030492 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 19 Feb 2018 14:14:56 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1519078497; bh=4R5PGQWt+inmh6pczA1RrZfkw7FKbgY7JLl4sdvfNws=; h=Subject:To:References:From:Date:In-Reply-To; b=Pqkd0d29aAfe7uiEncQENBeltbA0MD6YPGtkikb8B0zNpiJQ6DpdY/dPk8JI+FvNr dSKQlS42eqWApOY7gUPRgfBRgh23klW00WswLGX7GOhq63k6CVxN0g03B0SRkAH3nc fAUIxkbr5W3x4AXFUGxGwBI6anv+k4pZ/qL/yTp4= To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> <5A8A1F34.9080205@isdg.net> <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> <5A8B49D7.9060308@isdg.net> From: Jim Fenton Message-ID: Date: Mon, 19 Feb 2018 14:14:47 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <5A8B49D7.9060308@isdg.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 22:15:00 -0000 On 2/19/18 2:04 PM, Hector Santos wrote: > On 2/18/2018 10:09 PM, Scott Kitterman wrote: >> >> >> On February 19, 2018 12:49:56 AM UTC, Hector Santos >> wrote: >>> On 2/18/2018 6:55 PM, Stan Kalisch wrote: >>> >>>>> Any existing DKIM verifier that doesn't ignore an ed25519 signature >>> is already badly broken. >>>> >>>> Yes. >>> >>> If a signer uses a=ed25519-sha256, all non-supportive verifiers are >>> purposely "broken" in which case, the signature MUST be deemed >>> invalid, and by design, in DKIM STD methodology, the signature must be >>> viewed as never to exist.  Any verifier that continues to consider to >>> evaluate a non-supportive hash could be viewed as "broken" and a >>> "security risk." >> >> It's really simple (RFC 6376 and predecessors): >> >> "3.3.4.  Other Algorithms Other algorithms MAY be defined in the >> future. Verifiers MUST ignore any signatures using algorithms that >> they do not implement." >> >> Any verifier that does that is not "broken" and there's no problem.  >> Any verifier that does something else is "broken".  No version >> nonsense needed. > > If the new logic is to encourage ignoring/invalidate a DKIM STD76 > feature, i.e. SHA1, then that technically is a STD version upgrade. > The real "nonsense" is that software COULD break if you bumped the > number.  It couldn't be then even if it was desired.  Thats the real > problem here. > > At the end of the day, it is NOT STD76 v=1 behavior. > Would bumping the version number to 1.1 tell us anything that the a=ed25519-sha256 tag doesn't already tell us? Seems like bumping the version number is redundant. -Jim From nobody Mon Feb 19 14:23:57 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 792F21241FC for ; Mon, 19 Feb 2018 14:23:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.208 X-Spam-Level: X-Spam-Status: No, score=-1.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=DchDwmkN; dkim=pass (1024-bit key) header.d=kitterman.com header.b=XlxO1vrs Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEaZBWOFCvGk for ; Mon, 19 Feb 2018 14:23:54 -0800 (PST) Received: from relay02.kitterman.com (unknown [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id 1735F1267BB for ; Mon, 19 Feb 2018 14:23:54 -0800 (PST) Received: from relay02.kitterman.com (localhost [127.0.0.1]) by relay02.kitterman.com (Postfix) with ESMTP id C2A5F7FF3E for ; Mon, 19 Feb 2018 17:23:51 -0500 (EST) DKIM-Signature: v=1; a=ed25519-sha256; c=simple/relaxed; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802; t=1519079031; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=yqES33+APfVZa8bTXl0cb0tGNizCbAA+K+5SrNauUtQ=; b=DchDwmkN86GCwzDaDRv0niMQlsk9c5A2PCy5cbWBivVSaDES+YvpVgTt 1xVsqaht2Kyo9qsuM0YlqihvgvwrBQ== DKIM-Signature: v=1; a=rsa-sha256; c=simple/relaxed; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201802r1; t=1519079031; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=yqES33+APfVZa8bTXl0cb0tGNizCbAA+K+5SrNauUtQ=; b=XlxO1vrsxWclKcCW7X6O+BapdNVybZfpGUD49Vn24G7euQwPqlXT6H0s M74lcE5wPdyCBl6Js6+HE1mJaK6ZnsmySD4/VNXDPhBjyeoDPsGTipR3jJ kk3HkSxtOe0uBpkNEc8yz81F++rXCzGEtpelhQACG+86U/sRtH6PwqlaA= Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by relay02.kitterman.com (Postfix) with ESMTPS id 8BA417FEBA for ; Mon, 19 Feb 2018 17:23:51 -0500 (EST) From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 19 Feb 2018 17:23:51 -0500 Message-ID: <3118227.KIiRJkE2LW@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <5A8B49D7.9060308@isdg.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> <5A8B49D7.9060308@isdg.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-AV-Checked: ClamAV using ClamSMTP Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 22:23:56 -0000 On Monday, February 19, 2018 05:04:07 PM Hector Santos wrote: > On 2/18/2018 10:09 PM, Scott Kitterman wrote: > > On February 19, 2018 12:49:56 AM UTC, Hector Santos wrote: > >> On 2/18/2018 6:55 PM, Stan Kalisch wrote: > >>>> Any existing DKIM verifier that doesn't ignore an ed25519 signature > >> > >> is already badly broken. > >> > >>> Yes. > >> > >> If a signer uses a=ed25519-sha256, all non-supportive verifiers are > >> purposely "broken" in which case, the signature MUST be deemed > >> invalid, and by design, in DKIM STD methodology, the signature must be > >> viewed as never to exist. Any verifier that continues to consider to > >> evaluate a non-supportive hash could be viewed as "broken" and a > >> "security risk." > > > > It's really simple (RFC 6376 and predecessors): > > > > "3.3.4. Other Algorithms Other algorithms MAY be defined in the future. > > Verifiers MUST ignore any signatures using algorithms that they do not > > implement." > > > > Any verifier that does that is not "broken" and there's no problem. Any > > verifier that does something else is "broken". No version nonsense > > needed. > If the new logic is to encourage ignoring/invalidate a DKIM STD76 > feature, i.e. SHA1, then that technically is a STD version upgrade. > The real "nonsense" is that software COULD break if you bumped the > number. It couldn't be then even if it was desired. Thats the real > problem here. > > At the end of the day, it is NOT STD76 v=1 behavior. That's not what we're talking about here. Even if that was correct, and I don't think it is, then the time to have that conversation would have been before RFC 8301 was published. At this point, SHA1 is gone. Scott K From nobody Mon Feb 19 14:50:40 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F579126BF6 for ; Mon, 19 Feb 2018 14:50:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=kjG5KG+m; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=jwwmGkj2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBGV1lrj0x9r for ; Mon, 19 Feb 2018 14:50:18 -0800 (PST) Received: from demo.winserver.com (ntbbs.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 349E11241FC for ; Mon, 19 Feb 2018 14:50:18 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=806; t=1519080607; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=OfDo85sb5GDLtoaEhPeI6sWG3YA=; b=kjG5KG+mjlmj+0k7ILMsri4ICeVfL9DWNsFPDqckkP7+CCbXCj9rqsTpSFLijT X6bVcuXqA4h1vdTOxhG1SwC/ukcPqLCYR/sodaisIbm/4dJktsVeeBW4lJlsRCoC RWbiys7R7yDGPAiG+qWTdmoGbmIoNHjGR5w06vUIfo5Z4= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 17:50:07 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 359316967.1.1364; Mon, 19 Feb 2018 17:50:06 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=806; t=1519080295; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=4rEQI/g A5WDkYw/RPDDG9mTBgG6JziiGPX0sY4GOWmA=; b=jwwmGkj2na2UcWMYC+CGKy/ nnnPG99aZrLR2Tg5qpjngoarvnDzHxX8eKOdIBTv5S2KP/iBior9fe5udiaNNnQM y0YvkcnWTWLFAVQ6D6ECOfuZplYn9F+oxjOBzK3uo9XF+H9jpNurrA69MPPz94Co NmksVB9sfQSuTT/u3z3Q= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 17:44:55 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 359201362.9.99376; Mon, 19 Feb 2018 17:44:54 -0500 Message-ID: <5A8B549F.1070907@isdg.net> Date: Mon, 19 Feb 2018 17:50:07 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> <5A8B49D7.9060308@isdg.net> <3118227.KIiRJkE2LW@kitterma-e6430> In-Reply-To: <3118227.KIiRJkE2LW@kitterma-e6430> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 22:50:19 -0000 On 2/19/2018 5:23 PM, Scott Kitterman wrote: >> At the end of the day, it is NOT STD76 v=1 behavior. > > That's not what we're talking about here. Even if that was correct, and I > don't think it is, then the time to have that conversation would have been > before RFC 8301 was published. At this point, SHA1 is gone. > Not sure what you mean "SHA1 is gone." That is my point. SHA1 is NOT gone in STD76 v=1 behavior, it will always be supported by those who know nothing about the updated proposed RFC8301 STD76 updated version. Are you ready to throw the book on packages that don't support RFC8301? Even if they support STD76 v=1? As it is now, IMTO, it creates documentation and code ambiguity. Anyway, this is a perfect opportunity for a version bump in my opinion. -- HLS From nobody Mon Feb 19 14:51:51 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6CD127775 for ; Mon, 19 Feb 2018 14:51:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=a6WJvbWA; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=HrwK6jnh Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7HZKzyxCUBjs for ; Mon, 19 Feb 2018 14:51:38 -0800 (PST) Received: from demo.winserver.com (ntbbs.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA9B126DCA for ; Mon, 19 Feb 2018 14:51:37 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=417; t=1519080692; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=2Vw2tNYnxgYVN+FKd/YtX6p1Tik=; b=a6WJvbWAqHGAbGrqrv8Oc0Mygh559CuwLiikCtRF02hneI+s10qIaUG1RUtM/C wp8uY3yOFHsfu7UnBf427oBbmi7hZ7g3kPNwyDQlOMFyrjTCyCfv7uDrCqjbZmcL MqrvwXs9Z8fk+XvLie/KKPwWXMU7Mv6Ke/X6SH5P86HAI= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 17:51:32 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 359402065.1.2348; Mon, 19 Feb 2018 17:51:32 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=417; t=1519080377; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=5B7E3hf heO7/mfSa9xk+MuOq6y23yTvj3SV5h64MnfM=; b=HrwK6jnh7J5uiStgDMU7GkJ mXc1YKjCBCSMfu29Edrv7GWBX8qo1c1nmowyjHOPTPxNKMmOKjBlWn6JRDIElj0v Tj/6jgy3N1bXkQzzLRmKU86ee9+SigIN7B41a7wAX2lfJDlAgNCsmRHVkzKDsFPE 6BHoJnWCwlnVJqUhPwas= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 17:46:17 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 359283065.9.94648; Mon, 19 Feb 2018 17:46:16 -0500 Message-ID: <5A8B54F0.2000701@isdg.net> Date: Mon, 19 Feb 2018 17:51:28 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <5A89B002.8020903@isdg.net> <0DC2866E-0410-4C95-896F-E9B69EEFA4C0@glyphein.mailforce.net> <125692CC-3D0E-4ABD-85BF-9805D9D1A152@glyphein.mailforce.net> <5A8A1F34.9080205@isdg.net> <5034D7A9-EF61-444E-9B57-3972DA836558@kitterman.com> <5A8B49D7.9060308@isdg.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 22:51:40 -0000 On 2/19/2018 5:14 PM, Jim Fenton wrote: >> >> At the end of the day, it is NOT STD76 v=1 behavior. >> > Would bumping the version number to 1.1 tell us anything that the > a=ed25519-sha256 tag doesn't already tell us? Seems like bumping the > version number is redundant. I agree, it can be viewed as redundant but it is more precise and we probably can use some more precision in this group. -- HLS From nobody Mon Feb 19 15:11:44 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C84E3126C83 for ; Mon, 19 Feb 2018 15:11:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6kZOQHKvvjV for ; Mon, 19 Feb 2018 15:11:41 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DA951241FC for ; Mon, 19 Feb 2018 15:11:41 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 6FA53C40245 for ; Mon, 19 Feb 2018 17:11:38 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1519081898; bh=q3STs4ZWutRfEOMz2hRSS2XRJd+0niXUYFMOyHJqGEY=; h=From:To:Subject:Date:In-Reply-To:References:From; b=qAKAAMRJimUyU2IBf/RnCsNcqPSo4PAKCbLrm0h4JAd/8p4FNMynVRHxtwO3eESf8 SWZ2/z0nBkZAZza9cUucfxi+a7FF3zZrE7xAdbNeQJvRqeVrK+Mx9m2In4LPpxu7fJ uk5sZy615UM2e/qwH8u5OOLeDnbFiW1iY1S3hwjY= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 19 Feb 2018 18:11:37 -0500 Message-ID: <2249204.uJMoLCJ6lp@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <5A8B549F.1070907@isdg.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 23:11:43 -0000 On Monday, February 19, 2018 05:50:07 PM Hector Santos wrote: > On 2/19/2018 5:23 PM, Scott Kitterman wrote: > >> At the end of the day, it is NOT STD76 v=1 behavior. > > > > That's not what we're talking about here. Even if that was correct, and I > > don't think it is, then the time to have that conversation would have been > > before RFC 8301 was published. At this point, SHA1 is gone. > > Not sure what you mean "SHA1 is gone." > > That is my point. SHA1 is NOT gone in STD76 v=1 behavior, it will > always be supported by those who know nothing about the updated > proposed RFC8301 STD76 updated version. Are you ready to throw the > book on packages that don't support RFC8301? Even if they support > STD76 v=1? As it is now, IMTO, it creates documentation and code > ambiguity. > > Anyway, this is a perfect opportunity for a version bump in my opinion. It's not, but clearly this isn't a productive discussion, so I'm done. Scott K From nobody Mon Feb 19 17:50:13 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63B1712D72F for ; Mon, 19 Feb 2018 17:50:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=Yuis7Wlx; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=TTKaqRSh Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNa7q-NHJ-6t for ; Mon, 19 Feb 2018 17:50:09 -0800 (PST) Received: from pop3.winserver.com (groups.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 697BD12D0C3 for ; Mon, 19 Feb 2018 17:50:09 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1300; t=1519091403; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=sN6uAks+htTMifH7edp+NPSZpkU=; b=Yuis7WlxqnZD1xO1bTV7Al8gu/GeMXnpSfQgCzjFzX241lGEe+TQljx+2QbhDe V2x5tvVPrPM5DqELvC+62nQmF/z/yMKm1dBl6ldX5wZFejI4H096tSQRgwwSNfth 5G+jdAoGg44zxD5tfRACUXqiUCBHEgbqzeEI8DMsJ1lX4= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 20:50:03 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 370112361.1.3608; Mon, 19 Feb 2018 20:50:02 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1300; t=1519091088; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=AH6nhP+ akwyYwNoXTgYSz/2OXVp/55uJoTvBxeJTQsg=; b=TTKaqRShIqT+L0qUvvOoqLS Iu/J+8+DHdH8iFl87LS9DaDmr1BLputeToSDMzd7hSC/OtX602yCE3yeHibaw9U0 emfx1xNVqYYtYPPwAehGeJI7XQQ1PaQHHgjDJTIMeKaiCeLoTcwk+kMowp0yTG6V TaYbhRiqyxcb/7S9daEg= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Mon, 19 Feb 2018 20:44:48 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 369993815.9.113680; Mon, 19 Feb 2018 20:44:46 -0500 Message-ID: <5A8B7EC7.3050103@isdg.net> Date: Mon, 19 Feb 2018 20:49:59 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> In-Reply-To: <2249204.uJMoLCJ6lp@kitterma-e6430> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 01:50:11 -0000 On 2/19/2018 6:11 PM, Scott Kitterman wrote: >> Anyway, this is a perfect opportunity for a version bump in my opinion. > > It's not, but clearly this isn't a productive discussion, so I'm done. It is unfortunate you feel privileged enough to begin to disparage me and resort to such unproductive "WG" tones. Since you already stated your opinion on the matter, you could of just step back and allow more folks to chime in, or not. I don't appreciate your tone. This is my technical opinion: STD76 says: v= Version (plain-text; REQUIRED). This tag defines the version of this specification that applies to the signature record. It MUST have the value "1" for implementations compliant with this version of DKIM. ABNF: sig-v-tag = %x76 [FWS] "=" [FWS] 1*DIGIT INFORMATIVE NOTE: DKIM-Signature version numbers may increase arithmetically as new versions of this specification are released. The "Request For Comment" RFC8301 proposed update to STD76 should be done with a version bump because SHA1 is being removed which is a standard DKIM STD76 feature. RFC8301 has language that will allow new compliant STD76+RFC8301 to invalidate compliant STD76 v=1 messages with legitimate SHA1 signatures. To me, that is "version bump" behavior. -- HLS From nobody Mon Feb 19 18:01:54 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B751126BF3 for ; Mon, 19 Feb 2018 18:01:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PaTLDlr9T_Xv for ; Mon, 19 Feb 2018 18:01:52 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9EE112008A for ; Mon, 19 Feb 2018 18:01:51 -0800 (PST) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1K1ulHF026895; Tue, 20 Feb 2018 02:01:49 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=wh5bKy+E8Y7u89gY9PVruDmCXmbhmEP8+toxabe5JnA=; b=S0ewDqXG/pu5Pkn9S5bHHbY38f3NgkIrHwdqE/A83615nTuXLTZE/Do8vl1Nv5Jupz4c gAMdBedTPFRaJZcTe7H30Q2PWejRDmjlXaR0cKnTf76NbCN8hnElHaEwdvXgaq3kzL/K MsCXYvzg4wZSupNtuHVXVsDRDik/WpqhSdpKR4i8cZC0PwwAmHs7ad042EHkUFsLqG1/ 5JJlRwY0f6v5RVXcsFQsFxBP9/SB4gmp7V68un28sjhzNCfUgBWY4zZl3NR50DfXATTi jeJ8YUP90xTrGcMboIX0wDMizRECX9tft6j3dAIEvAzFQsI/QDe1oDvd1fwYjKMGomAg tA== Received: from prod-mail-ppoint3 ([96.6.114.86]) by m0050095.ppops.net-00190b01. with ESMTP id 2g6ct6r1xs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 02:01:49 +0000 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1K20uCr011008; Mon, 19 Feb 2018 21:01:48 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.34]) by prod-mail-ppoint3.akamai.com with ESMTP id 2g6gm1e05t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 21:01:48 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.27.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 19 Feb 2018 20:01:47 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Mon, 19 Feb 2018 20:01:47 -0600 From: "Salz, Rich" To: Hector Santos , "dcrup@ietf.org" Thread-Topic: [Dcrup] Progress Evaluating DCRUP Thread-Index: AQHTqHODye7C2uaIYEG1yi09EX1uWaOqxj4AgAArfwCAAApmgIAAP2YAgAAPRACAACbrAIABPRWAgAAFhICAAAdWgIAABgKAgAAsQID//69ggA== Date: Tue, 20 Feb 2018 02:01:47 +0000 Message-ID: <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> In-Reply-To: <5A8B7EC7.3050103@isdg.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.38.213] Content-Type: text/plain; charset="utf-8" Content-ID: <2C21FC456A909B4984BB03BF36665E89@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_01:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=806 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802200024 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_01:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=750 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802200023 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 02:01:53 -0000 SXQgc2VlbXMgdG8gbWUgdGhhdCBpZiB0aGUgc3ludGF4IGFuZCBzZW1hbnRpY3Mgb2YgdGhlIGV4 aXN0aW5nIGxhYmVscyBhcmUgbm90IGNoYW5nZWQsIHRoZW4gdGhlcmUgaXMgbm8gbmVlZCB0byBj aGFuZ2UgdGhlIHZlcnNpb24uICBBZGRpbmcgb3IgcmVtb3ZpbmcgYWxnb3JpdGhtcyB3aXRoaW4g dGhlIGN1cnJlbnQgc3ludGF4IGRvZXMgbm90IHNlZW0gdG8gcmVxdWlyZSBhIHZlcnNpb24gY2hh bmdlLg0KDQpJZiBhbnlvbmUgZWxzZSBpcyBpbiBmYXZvciBvZiBjaGFuZ2luZyB0aGUgdmVyc2lv biwgcGxlYXNlIHNwZWFrIHVwIHdpdGhpbiBhIHdlZWsuIA0KDQo= From nobody Mon Feb 19 22:23:39 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92EE3126D74 for ; Mon, 19 Feb 2018 22:23:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tmk8BJRD48KA for ; Mon, 19 Feb 2018 22:23:36 -0800 (PST) Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC2E4124235 for ; Mon, 19 Feb 2018 22:23:35 -0800 (PST) Received: by mail-qt0-x234.google.com with SMTP id d26so15130816qtj.4 for ; Mon, 19 Feb 2018 22:23:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Vf72WcE1Ir/uedfPhGiTwevdTaoNLxmilEenIr7ZL1A=; b=FThrUvyG/FdMGKKO7urw8nocqDZeSkzK1CDsekC9Ebru3QfBMqbqTXY0+Qtt/mvE5G SlTErOg9fcYEyV9GBctlrwu/ihEL/FRfJjCIKd6v7VE/OKYYf+ctq3VSI19nisLuyfFW FjpbTtODLHZzAiDALl4l83yucOCuJ2CMyczh9LHJ72Ua+6UeC0leOB8JAZvk3fhTvOd9 VVBsuwLkyram35AfjBQNKojOwW0cOVXSLZk7130gfO9DdemRIZONP8NBbmrEeITylIF4 lsF1iStp7PbrwFwaEdbzE9tWwhazBdRDdMjyECjvE3zBA2abOkGazwx6DqvmEubQsdbD a7nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Vf72WcE1Ir/uedfPhGiTwevdTaoNLxmilEenIr7ZL1A=; b=UqGaEbsstFUY0Oa0WFAfelUG2oDPuDOl6hapX38BiW8dbAG80NL5T+L4VaUO1/UwHl qoLP20/1jDv2L8F4TASjEnoC+wMN8S7rw9Dik2XaG8kfbhcbrzRB971wOVK1+v8N8INQ YwDh2gueUmSwq7AfmrU3c00guoc+Uy+uOYBo5z5v2/lfKDWf0Q7OGDLAgyyzOD48DPgF 6tedfhdKsRP8MG/gVpdNNCp0jHxhsNY/KgeNylSE907MMJfCjbOMul5k+P/rKtlWgDpF Lh3T77JyCY4egTGkQBEDbadzUZzgc8XelZbHU1qIZyZdLltyhr20k9xwShdJml6FJcRw 5JnQ== X-Gm-Message-State: APf1xPCLPDjnjDMvq2pSg2BvG8CqE9ftzVI4TdV+x73ulfhEAtLvLJ3X dezVuQUFxl9aJNdTc7sfAAUSSkwdHOr3K9/3NOA= X-Google-Smtp-Source: AH8x224lAsufUF6JkydyULTcGLwbUUumzXz54+HTqxDGjKqUciUcDwN3KpTdWTk0HfLAXoAk002iEROBc2lqWqqEqSY= X-Received: by 10.200.38.109 with SMTP id v42mr28992955qtv.106.1519107814949; Mon, 19 Feb 2018 22:23:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.225.71 with HTTP; Mon, 19 Feb 2018 22:23:34 -0800 (PST) In-Reply-To: <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> From: denis bider Date: Tue, 20 Feb 2018 00:23:34 -0600 Message-ID: To: "Salz, Rich" Cc: Hector Santos , "dcrup@ietf.org" Content-Type: multipart/alternative; boundary="001a11410dbeaf89e305659ed94b" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 06:23:37 -0000 --001a11410dbeaf89e305659ed94b Content-Type: text/plain; charset="UTF-8" I can see Hector's point, not as a technical necessity, but as a tool to be able to say "You're still accepting SHA-1 signatures? Bah, so you don't support v1.1?" If you don't raise the version number, then you don't get to say that product X implements "only version 1.0" (because no Ed25519) or that they are "non-compliant with version 1.1" (because they accept SHA-1). So raising the version could be a useful tool from a social perspective, to more easily cajole people into improvements. However, it does not seem to be a technical necessity. On Mon, Feb 19, 2018 at 8:01 PM, Salz, Rich wrote: > It seems to me that if the syntax and semantics of the existing labels are > not changed, then there is no need to change the version. Adding or > removing algorithms within the current syntax does not seem to require a > version change. > > If anyone else is in favor of changing the version, please speak up within > a week. > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > --001a11410dbeaf89e305659ed94b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I can see Hector's point, not as a technical necessity= , but as a tool to be able to say "You're still accepting SHA-1 si= gnatures? Bah, so you don't support v1.1?"

If y= ou don't raise the version number, then you don't get to say that p= roduct X implements "only version 1.0" (because no Ed25519) or th= at they are "non-compliant with version 1.1" (because they accept= SHA-1).

So raising the version could be a useful = tool from a social perspective, to more easily cajole people into improveme= nts. However, it does not seem to be a technical necessity.

On Mon, Feb 19, 2018 = at 8:01 PM, Salz, Rich <rsalz@akamai.com> wrote:
It seems to me that if the syntax and semantics of th= e existing labels are not changed, then there is no need to change the vers= ion.=C2=A0 Adding or removing algorithms within the current syntax does not= seem to require a version change.

If anyone else is in favor of changing the version, please speak up within = a week.

_______________________________________________
Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup

--001a11410dbeaf89e305659ed94b-- From nobody Mon Feb 19 22:35:43 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 484C6126D74 for ; Mon, 19 Feb 2018 22:35:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTIzWbuuXkFn for ; Mon, 19 Feb 2018 22:35:38 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1589124235 for ; Mon, 19 Feb 2018 22:35:38 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id DFB53C40109 for ; Tue, 20 Feb 2018 00:35:36 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1519108536; bh=8qcpkqBjxfnoqTt32kpuMXOzHdnnxwsjheb2jZ42mY4=; h=From:To:Subject:Date:In-Reply-To:References:From; b=PESZxZkN37o2sv2wAskLrIOm1Fy3oLlziB4E/BE0CzyNFbVWyCWef9/3kHS0krn/a GFm/s/bU9mre+nYy0lOwCBiuZh5rg9hSAdYsxYvHMb7s3fPCeDxg/eSGKIdgX9zrSh n7g9hoiA8gEaJNMGKMQV6q7Td0LJwkTUp/snpx6M= From: Scott Kitterman To: dcrup@ietf.org Date: Tue, 20 Feb 2018 01:35:36 -0500 Message-ID: <2044432.13vEMCZcXB@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: References: <1594199.fQmGbeNpCI@kitterma-e6430> <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 06:35:42 -0000 For buzzword compliance, you can whinge about not implementing RFC 8301. Scott K On Tuesday, February 20, 2018 12:23:34 AM denis bider wrote: > I can see Hector's point, not as a technical necessity, but as a tool to be > able to say "You're still accepting SHA-1 signatures? Bah, so you don't > support v1.1?" > > If you don't raise the version number, then you don't get to say that > product X implements "only version 1.0" (because no Ed25519) or that they > are "non-compliant with version 1.1" (because they accept SHA-1). > > So raising the version could be a useful tool from a social perspective, to > more easily cajole people into improvements. However, it does not seem to > be a technical necessity. > > On Mon, Feb 19, 2018 at 8:01 PM, Salz, Rich wrote: > > It seems to me that if the syntax and semantics of the existing labels are > > not changed, then there is no need to change the version. Adding or > > removing algorithms within the current syntax does not seem to require a > > version change. > > > > If anyone else is in favor of changing the version, please speak up within > > a week. > > > > _______________________________________________ > > Dcrup mailing list > > Dcrup@ietf.org > > https://www.ietf.org/mailman/listinfo/dcrup From nobody Mon Feb 19 23:31:36 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1563C1243F3 for ; Mon, 19 Feb 2018 23:31:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hqKqwIVr0c_w for ; Mon, 19 Feb 2018 23:31:33 -0800 (PST) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AB0A124239 for ; Mon, 19 Feb 2018 23:31:33 -0800 (PST) Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1K7T5nS009662; Mon, 19 Feb 2018 23:31:29 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : date : message-id : sender : mime-version : content-type; s=PPS1017; bh=PCpq/GrsnSU+CJCwgKXrVPN1GO1XB65++QZrw/U45tE=; b=x+XzewM8Ht4Vcx6lBCWVrLpsLCodSzGzbQSfOI/6Scv9Hp4oH6ydld9EuGEWxYpaHGmb bkXd76HqJCvoi955FLXG1FqYDBU6A3ZjyVD1fYN0K6sEUCQlpcoByPsKMfXtvUPm8Oum Zymj8rvE9QyXJhqc9XAVclazmxpHhLEvIwx17sMx4nD1bKAQlNk8H0EvEaArVnhPBYr9 bLMoamGBDxNScZbACvxCw2YqKtDS+FF+gkRL+DjbG2dhf7d34o+wvG6v4yaAHFPNVK5+ IJfDYr+OVlv2lVG9NzJm2fIRk0RDZDMxK5w3HbAz87VqIXW5sKWqcyg5i5tRGV9cLYHk 9w== Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0052.outbound.protection.outlook.com [216.32.180.52]) by mx0b-00273201.pphosted.com with ESMTP id 2g8ew20157-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 23:31:29 -0800 Received: from BLUPR05CA0077.namprd05.prod.outlook.com (2a01:111:e400:855::47) by CY4PR05MB3368.namprd05.prod.outlook.com (2603:10b6:910:58::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Tue, 20 Feb 2018 07:31:27 +0000 Received: from BY2NAM05FT062.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::206) by BLUPR05CA0077.outlook.office365.com (2a01:111:e400:855::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.527.6 via Frontend Transport; Tue, 20 Feb 2018 07:31:27 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by BY2NAM05FT062.mail.protection.outlook.com (10.152.100.199) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.527.7 via Frontend Transport; Tue, 20 Feb 2018 07:31:27 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 19 Feb 2018 23:31:24 -0800 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w1K7VPfb014538; Mon, 19 Feb 2018 23:31:25 -0800 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 63B461144E; Mon, 19 Feb 2018 23:31:24 -0800 (PST) To: Hector Santos CC: In-Reply-To: <5A8B7EC7.3050103@isdg.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> Comments: In-reply-to: Hector Santos message dated "Mon, 19 Feb 2018 20:49:59 -0500." From: "Mark D. Baushke" Date: Mon, 19 Feb 2018 23:31:24 -0800 Message-ID: <56222.1519111884@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(346002)(376002)(39860400002)(39380400002)(2980300002)(189003)(199004)(86362001)(6916009)(7126002)(5660300001)(2950100002)(48376002)(305945005)(356003)(229853002)(106466001)(50466002)(76506005)(69596002)(53416004)(53936002)(97736004)(55016002)(6266002)(6246003)(68736007)(7846003)(6392003)(2906002)(2810700001)(4326008)(16586007)(316002)(76176011)(51416003)(7696005)(47776003)(558084003)(117636001)(478600001)(4743002)(97876018)(93886005)(105596002)(186003)(8936002)(81156014)(81166006)(8676002)(26005)(77096007)(336011)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR05MB3368; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT062; 1:zpCjGAaPrgleRAmnDZBUv1yYs37vQ3aq9eLXLJ7+lO10JbwEs6yRrweKje/0n89hMcXpABFINh29v+bOzI0wrRtU6m1C762WLVH7MCiLAgBvHGJvgktIBvJx3rOt0SGU X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0aea874c-7e29-4790-46c5-08d57833f3dd X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060); SRVR:CY4PR05MB3368; X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3368; 3:OhQzRqHoB6q5ZXbj3iJBsqv8Ue3/RklXAff80lEiStebtEX4ffMawycJ7tE1quamn9LmRVpaDzeXi+zuT4z/8NEcB1EjrisRBlxUVJKpWuLS4Jq2hTWuaiIePqgku9T47JL3rAQoyd4joprjxKf1uO8nRwwKDPVv1Cuvbi0wIQWCPPB2WTzdHVffxKWptiAhcqbqtdX2qECaKncxEIVM/n79IkZihoHAHWdr/+S8VagGa9Gr/kUZSmq6zFEc6CP68igM/NOLqhjYAEzz56HQEO8kLo+dutd7bdCqfMbNG8OBBBmPqUQSqV/MDh2P8pq+Z7unDbMvPVkqfNnd64aZCJLuRRFb4njx3udacQjXPSM=; 25:PV1H8NKBnQZeK8A/4ZGGV4SL5A/NPsyXpMFWVjhsjQq2fJuTPkR4zwzoBvVwQsdhypkxX9UBami9Q+DNVJGo3gFR0x/pFJ2xUmFl3OMsHo4lzzFL7QO5f1baiXIXhzhLaCC3hfwHFON98jsKdQc6JWgfJp6w+TYnVZ+QIOvBGBDOf1Iq7Y1USw1ZIkHHgkQwaUXAJdR8HHBkgJT6moNkm/jpyN2ZiUL6j8r0gyb7HB4Q2H/CJbTXpalbHzsyWZyNlJ9G/NJWoC4Fu8zwflcxY5qlnqC+rRXAeEifowA1DQy2RFOnrADwuSwQFClYwRgcviYgLqfyIqwotuxsPNNGrA== X-MS-TrafficTypeDiagnostic: CY4PR05MB3368: X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3368; 31:pJzrz7+JQfFdbpA4bzAf/LAHf0MkfrzRgs4pxZTGfqQEMnkG3fnLOo58Dd0tZSwN4lEhst1S2HHMLlxD29c9DgQ6tfjlgA9UhlWn50vy7NhpmPMF/olyzLOFRSW8E26mExxyfTJmSHByU056uZzphUDSty6kG7Mf0t2s4gKnErysygURfiZKadDsATCc1nipVzPtDs9cGbN8wwM8jzWgUVV6tKYMxl1He1tPKisYLgc=; 20:4wS460cReBSbnqkjrpKG3JZJZ+EmhHhDmBmDtJpQclDonMmPg+dzdQs6SiSuavcjCo2Fdjp/YdRrI3lp1syauRLx89q76PyqOgJWGss/HmqFUJwlSa5WJe1hb212dzhsnqtvavwxVr9dcgNm6gh5a6ORMv7MzI6Czc6lvGtVbxHS28rCAJ/9VXwXJcMyhp1p8ghzlmcS0hbFLestZcewToVrWAmzpTx22nKaaNYoiUo1GISEIZGAILy2tnrTFkxcsdxVOB59pSXqxODg8RMCKx1KZiPe1a/5CCs72ZpCkvlNYbZ05yGj8hLH1ngAyoxI18TmTUYsT2ao3nP/9vmK84omkkP3JIAGhE71LUhse1oLieCt+Ni38cq/GcDu110KCqnN2hLbEs4Lqo/V2/4UtnXjepOgYX9Eu3iv0cNeva2K+8fylI6xUyUTw6aIgrScC0+hZ8iT+4tGNfkdV2LmV8LP+UMfDjfZRexcZmKDLrJyw+5vieVlf954Bmf+o1F1 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93003095)(3231101)(944501161)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR05MB3368; BCL:0; PCL:0; RULEID:; SRVR:CY4PR05MB3368; X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3368; 4:f4ySr+E9WgTsJLPD9bLcc/weJ0XzbAT9OoZOeszKMJdPePbK36Prw4cA+HwYbyva8682nzQBXc7J0CbrAPyu20iU8C7g+EScj90W6M7C275bL8wr3tmK5uCSwo6afFIN/mgPPCFpXAak2S4mjnd8d1PL3Pemm0xQkGAlZawiWH4l/ek2LIyx9aXwTLWKhpey6XBJyuAO6ySJvbx5J33iiUyzPT49X2QpyAmuRT0zyXUPdmL5gkAy3Yy/7uwy8d/X93sbxucfn3M0EejbH7Vpcg== X-Forefront-PRVS: 05891FB07F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY4PR05MB3368; 23:FGZM2rN24GUvkT+2mcgm8DpwP33FpHjPSnpD6Tuuw?= =?us-ascii?Q?fm2n8NRBFWvtt5hqV4Be7NbjGeXKXccyqQy2Pd9QcTXhF71dFBPh5N4WAg6G?= =?us-ascii?Q?jZWAcIfRqThh+rOdcDGmuNpZW2hFM7BCXylzCvCfphizZ+9pkAUuVmkWC7zY?= =?us-ascii?Q?T65aqj6fz1pYrCdoLeDNMq6ALL+oJ3OoIjjad0ESX/KTdBTh5jJdxJ+3oxRY?= =?us-ascii?Q?ZzOoW8/tquTX9YRuLzRsWO3OhwuSg7qOpAxv0jn3G+5ynYazStzu+f2job/8?= =?us-ascii?Q?wDNLULsFUCJAGsIRG5iS1avjTce0kkQXOighuV7Wu77kfDMPuaKrdi2qS4bm?= =?us-ascii?Q?FjZ4RNg+5HlOabrsOrPa9CCWCe/N3HGpCkch7laJgy/4zRJrwvuSp7TMf5oS?= =?us-ascii?Q?z0lxebKzO/MCYfHoG/C6h+au49xkaCbpRTeYEuj1dN2BjChl6IVT1A5hgan+?= =?us-ascii?Q?deFh0QPvBAjDqlGny/Uf3wbdzyx4bWfOmFSi0LDfaEApHNdz5bGetJ+PU1Cy?= =?us-ascii?Q?UYdx+o0ZhGiZLBQ4hOi8wBynT2mMDEH6UmLI0UBe+hCDlna629nRWoO0TDh+?= =?us-ascii?Q?WAnQ5qWbO7/fojejMENSrOVVf30eXCVCkCptI6URk3l3GXI2Y9H/TVJVtwa2?= =?us-ascii?Q?75ohJuloHgi53ZcfbWI23a2mRArBduXvUik939uYyTRI9zn/kcTw2tG1gu+v?= =?us-ascii?Q?q48vo5ptYJtHn8mvA2h1Ye0LxvNuO7wM88hghqSCmrPyNi69auNdBttv95+C?= =?us-ascii?Q?IJReDXjltDFdELEWVl5X2mfaA6HLJgj5sBP8TPJMII79Hep6IcvYM5KKZTwn?= =?us-ascii?Q?mafYp3YvX8ikCpW91RlUMw63r4veVElcnHalEl/nYN8jRtA9/UloTTBnPwC0?= =?us-ascii?Q?G7nlyiVXAkj1hAcg3AryNek3hss/bXWGG7fQ3c9sAuNDfNIZG4gId9XKyeB0?= =?us-ascii?Q?v6mIOTSt3rsdatsiakS9X/429zfveXd0qN1eDVhwosUpD4SmOukS5DULr/GN?= =?us-ascii?Q?7jlNPMIA5bDORQmcLXAzlFc0vcJFxaNhaT9PrsqcCMT7cpHKocBhY8796vux?= =?us-ascii?Q?ZeM7hVbYEJXvjuu/yxkqHzxf9qy3gFYAII+hSJQnj8phE7Jsd87KnPX7IbmY?= =?us-ascii?Q?pLDklhvu996WFpo0GGwE5DW20DiCSjtX4P0AaLFe+LveH7tzMDOHQmilQDqQ?= =?us-ascii?Q?s9ftcz8Pw/jdw6D1MrDgXK84A+4oBHn1lcjqWNCwDd91iIGuJt/0hpNDGIQQ?= =?us-ascii?Q?pkWpN+1W8XQ14vukDUtx5z62LufuRdbma2bQDSi?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR05MB3368; 6:xZ95efmxdq5R9CWkp0ALOIq5UEqziP9SW6dqSWJo7Kv+JDZh3gD+lhS1dIoMpe7O41nGJ4bhw0rrCRazrWbPlNp++43/0U5Y2yVQXVgRR4R9wW3zxCnuou/gKoGs+sgz5S23RA5GI7MOhTRwxjp4x35ZoUSb6Si8Z//3lQ7B8/tOfGoSfgg3+1wSgoWetvipQFGfDP1IyiF9vz46djS92px4qNuECQmCjr9BatWyDdtntxYmwErc+jYk9IyD5RyFKy2c1Z2COW1WN6RG9rbmGstrz/asdpDjHr88D9uaZ1JQ1bC+4EuhYe/7UcWNSsOT1f0yyJ9YbPMRZUi0kb4IIRO82xOw8BMffgag3xkzoRQ=; 5:2dCTPNLA4ZG8Y3yJ1d1ij1Ezwcgj+AUTBErIyE3bm1eEinwT5amQCBPVTl6XFoFJqp8VxQm8sbopW5deu26u+PlRI5wuJKtU/uhvIdUfILXhHRHrXQg+mGyqxhX3iN0E4OkvV/sajt8RSIkHnICo4Wg3E89bYg6zNVhTvP3Jrdo=; 24:fLyDY2iFgEG24wkDDYFrBXKtU1JUfzJdQIxGWUbrmbc0gHK+VAVTG98Ru/D7sKg1CWWtKqQAe1Th+gtnZs1ByPMUjZHWJQ9PrcFsamSBvJE=; 7:TU3+VYpqPsZX1bZDVxLXstJ6S4CfXEXaTtvv2bl1GCtP5oCcMI6zJgp/k5gQzl0ULjw9lrImIX1I9zIr3y/GwtuwnfuwczqV0PvS2hzJsf1pAHhZb8DiH1KHQMhMrO3ygf4D7CAJMFUH26aikK7fHn1gVnEKAFgiMZzeLUnNFQCStBepnPKivZgO53QXRfPXErRbQ/8OotNadIN3qeHM+5Jy0uF8Sb9RK4dy/WWVt6a97iFSwYe5BVvqvyq0qo6K SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2018 07:31:27.0635 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0aea874c-7e29-4790-46c5-08d57833f3dd X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR05MB3368 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=688 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802200098 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 07:31:35 -0000 +1 to bumping the version number per Hector Santos' argument. (I agree with denis bider that it is not a mandatory technical necessity, but it still seems like good hygene to me.) -- Mark From nobody Tue Feb 20 06:50:28 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C82DC12D7F7 for ; Tue, 20 Feb 2018 06:50:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsJJH6rD9C4U for ; Tue, 20 Feb 2018 06:50:24 -0800 (PST) Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C896124B17 for ; Tue, 20 Feb 2018 06:50:24 -0800 (PST) Received: by mail-lf0-x22e.google.com with SMTP id f136so4551948lff.8 for ; Tue, 20 Feb 2018 06:50:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xs9dpFgrup2w1G6HFNiaJYwze4njzqxJ6nniYbFNBbw=; b=b2uoFVRRbn3dc2Cfwjdtz9v7MxM2lWvo698PvemGWC6/zwxsQVTW9OILsZABIGI0Xg hlkuRq8eH53GybzVhl6dSdb/DHCrpus1NLY2ad3c5ABZYU2Mr+CxgHr0qNuNMUd1T4c7 Qon2QyRYVf3HQprin4T8///z7vXmfrNGcM1tk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xs9dpFgrup2w1G6HFNiaJYwze4njzqxJ6nniYbFNBbw=; b=ljOxL7ylixGXwXKAVGFW8KqThekDspMgPKs+m80HKQOmrh4g9hFvGvaeFsreHfXNCN djVQ6po+yRyN8pz7CB8hT5AybgjwV7Ufd1AuEKpubbfpFpTcS01KaLj1vyb/gjezIn0S 1jaLntKvimSvs3V/x8oDCh4SVyaoalafYmyTts86MXhewF7jT/jn96oXGLc5vT1uGY0U wBc22B+9GlcMgitb06Jx2cHEu6wVcqgHtqknwJ+owuqYpvGnCuZpMoi3cNjH8o8Rt3N0 OeA+9Bz11wI0TEUpw9fJAFjUJ73QkBu5FHH4YvTVcmmo47poBj+xQ8TUVXL6TDCQHrcJ Gxwg== X-Gm-Message-State: APf1xPDLX2ZkjrB5p6N5dDoE/4wE0T1PEcZeWJNf09T3KQ1dSKtue2q2 ttAPdIefNI7To9totUAys/t+gxkNN8Pee6NE0eO4bjUX X-Google-Smtp-Source: AH8x226hPh+gms1AkSt+pzKOyxWVMiI5AsqdBftPudHer9NiShmT+UymEq6ZVoy4yvKY8Ho4bgqQ3+97/uSbjQxjJPE= X-Received: by 10.46.122.15 with SMTP id v15mr13140921ljc.141.1519138222378; Tue, 20 Feb 2018 06:50:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.81.206 with HTTP; Tue, 20 Feb 2018 06:50:21 -0800 (PST) In-Reply-To: <56222.1519111884@eng-mail01.juniper.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <56222.1519111884@eng-mail01.juniper.net> From: Kurt Andersen Date: Tue, 20 Feb 2018 06:50:21 -0800 Message-ID: To: "Mark D. Baushke" Cc: Hector Santos , dcrup@ietf.org Content-Type: multipart/alternative; boundary="f4f5e8067d901c28c50565a5eea6" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 14:50:27 -0000 --f4f5e8067d901c28c50565a5eea6 Content-Type: text/plain; charset="UTF-8" On Mon, Feb 19, 2018 at 11:31 PM, Mark D. Baushke wrote: > +1 to bumping the version number per Hector Santos' argument. > (I agree with denis bider that it is not a mandatory technical > necessity, but it still seems like good hygene to me.) > > The problem with using the version number as a compliance marker is that most people would expect that support for 1.1 includes support for 1.0 rather than cutting off the the "bad" parts of 1.0. The same goes for N+anything - forward compatibility is expected rather than breaking old behaviour. --Kurt --f4f5e8067d901c28c50565a5eea6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On M= on, Feb 19, 2018 at 11:31 PM, Mark D. Baushke <mdb@juniper.net> wrote:
+1 to bumping the version number= per Hector Santos' argument.
=C2=A0 =C2=A0(I agree with denis bider that it is not a mandatory technical=
=C2=A0 =C2=A0necessity, but it still seems like good hygene to me.)
<= /blockquote>

The problem with using the version number a= s a compliance marker is that most people would expect that support for 1.1= includes support for 1.0 rather than cutting off the the "bad" p= arts of 1.0. The same goes for N+anything - forward compatibility is expect= ed rather than breaking old behaviour.

--Kurt=C2= =A0

--f4f5e8067d901c28c50565a5eea6-- From nobody Tue Feb 20 08:42:05 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4CA1129C53 for ; Tue, 20 Feb 2018 08:42:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srN7TOAPBGvI for ; Tue, 20 Feb 2018 08:42:02 -0800 (PST) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B54E128954 for ; Tue, 20 Feb 2018 08:42:02 -0800 (PST) Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1KFx1ot005972; Tue, 20 Feb 2018 08:01:06 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : date : message-id : sender : mime-version : content-type; s=PPS1017; bh=9klI64dN4ybZpMqMhBlyO2Z4dVvyiuX2tiWkAkvdtCk=; b=nKOtPxPOY+Oi5jj3pir6rm+6F6h23vzDUG08B7/hfsRWel7IONyYaDMMV4Htb4P5AIMz w8zYFkEd6xaDQW4fcyQKovm/2dZVbMXQnvYo5FLj4dt6JiSGdt5YVmwcG+kBwMD3oGHt Fcu6LWa+ACd01ufOonCnvcvTF/VJVJg60fyPc6G3J52qVaB+xd4l98iL1k/wlsWhOhxD xcPHJuspc0RwIYgPyP64A56ZbYPG/5fgZ9FImEpqs/83kpFHgA+gpWbjsftFeuyup8+E 1L4MSG/0uUTMnGJqxQUTihqkilkmfCpNQmVIf7BS7rysVEb8Is62x3eG58UTuzQFUMB0 uQ== Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0056.outbound.protection.outlook.com [207.46.163.56]) by mx0b-00273201.pphosted.com with ESMTP id 2g8p5r82vs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 08:00:58 -0800 Received: from SN4PR0501CA0098.namprd05.prod.outlook.com (10.167.128.15) by CO2PR0501MB888.namprd05.prod.outlook.com (10.141.247.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Tue, 20 Feb 2018 15:59:36 +0000 Received: from DM3NAM05FT046.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::205) by SN4PR0501CA0098.outlook.office365.com (2603:10b6:803:42::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.527.6 via Frontend Transport; Tue, 20 Feb 2018 15:59:35 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT046.mail.protection.outlook.com (10.152.98.160) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.527.7 via Frontend Transport; Tue, 20 Feb 2018 15:59:34 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 20 Feb 2018 07:59:35 -0800 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w1KFxVqf022248; Tue, 20 Feb 2018 07:59:32 -0800 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 69E0F1144F; Tue, 20 Feb 2018 07:59:26 -0800 (PST) To: Kurt Andersen CC: Hector Santos , In-Reply-To: References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <56222.1519111884@eng-mail01.juniper.net> Comments: In-reply-to: Kurt Andersen message dated "Tue, 20 Feb 2018 06:50:21 -0800." From: "Mark D. Baushke" Date: Tue, 20 Feb 2018 07:59:26 -0800 Message-ID: <75845.1519142366@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(39380400002)(346002)(376002)(39860400002)(2980300002)(189003)(199004)(53936002)(55016002)(6392003)(4326008)(7846003)(6266002)(106466001)(117636001)(81166006)(8936002)(81156014)(8676002)(478600001)(6246003)(97876018)(86362001)(6346003)(93886005)(97736004)(4743002)(76176011)(51416003)(48376002)(7696005)(305945005)(229853002)(54906003)(47776003)(16586007)(186003)(6916009)(26005)(336011)(77096007)(316002)(2950100002)(2810700001)(356003)(50466002)(76506005)(69596002)(53416004)(2906002)(105596002)(68736007)(7126002)(5660300001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR0501MB888; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT046; 1:9HLZiSSVlba+iU3EYWTDgdQT2/HRKMpbHVRMIvQz9BPqimAfKkqxGsQrArM12pZCEXq9e9ApzpJh9aLsHa9yuuAuLhjsk5okCceXREFtkfin9ROJI+Wl5WV9oG+UM/Uw X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9163cb9b-21d3-463c-9c86-08d5787af010 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060); SRVR:CO2PR0501MB888; X-Microsoft-Exchange-Diagnostics: 1; CO2PR0501MB888; 3:tVn2mrJzcz8Dwy11seeDUOs7DdTLRbVcM3ryfPDxZAnU6pC5Kc68ul+kzt2CjuoIreiAGal0o9zjJwDGbuzYNbGXrDQK0/I3RqYWljmx4ExSs6NbYvcL+QhNIp4X0+dP4B0jEaHktR0Kme5wHi6bOU3rQ8xws/aHFT627ori2FypcsnnTqtlZnxpltPR4ODZaE+OmqIPnaiBaND5DVLVkMIaPSXAv4NaqcXQuCNsazz9wsatkU36b3X94tR/SzF/HngYegklxc3vs0DbYwl46nFCl+BhJ5/l5LgMdVMrolnQYRIX0FzFQMEb1CTL8UGmZrFwpqJc/7fbKkHYdFN57ZXmKRAywnb0CIWV8uX2IiY=; 25:AMFssEr46bxgWzHLwCnsyoR2BZZ7TEkdEX9gu9AEK3OeVPG+98ByDn3MQ7xiZJVL0tHol30FjFMzINOf78A6xXGuHzeb6/d7WAIbqPGf67xTMDcGvudQKbsa1o7ipGuUUlTx3wL3gqTk8oEny0VGKuZJxLqpCkf5N8YRxZ6d+iyDXVndKUXuwwKVE8xCr6CSLs4AyKOu0AfC0pKOFxC1XLLqS4PKS4zUtRG8jHID7aA9rdzmi4FKVugboZUotR6tq6cjTLt4FnLSYsLIIguahgtGUZRaOgiFWalWSwY0rEOKJRzQeq7vb5eSex07kOAYx+ERb/1iQFgKfxHak9RXHg== X-MS-TrafficTypeDiagnostic: CO2PR0501MB888: X-Microsoft-Exchange-Diagnostics: 1; CO2PR0501MB888; 31:PgPA/P8qqQUr1G00k7pEuSySyNgT+O3PBCTVKIB9+U56MmZF8Mn2RvJ6FcYleyWQJf9q3A7h+jnY7KPN2uqhm5vdA66aSH3zfhXC9haIMejBsoa9r3j/Pp+sj8IzxjDZ9l5mLci/Et/uRRXWtzi/8PVxQAGkq26VFK/XJ571NV/B5BOAUeyb5OxMLkZqXxW6pptiGkEAS7qMY5bA3gXd/Fq49PzPf7UEymD+TOwskvc=; 20:FO5hIrq2X9BMmeuh0lEm0dTqi1ayw2YsvFxz+l8mjS5qxgXj5ajxYZUrsW10z6CoFijcM4Pm+x4I0grH6UhgZ3bWhcyLbZzV4YGUsgt9xvvhMDERAkwj8U4ra3SXogZ6uMnm5GrvarTW4YnAkM+PNqAgnB24U6r14aZuJxJr415vlR5TB5/3NxaUYFuyJCdmsoM6iU1gEw3oW7UzwLfWFQQ6mVijexGlCJJ/CLm0c4I60hA1qoypjxgL8WazfK3ID/vsHaMC9aFDo8lTAZVkYbtFgL10tfri7pr+H8uutOFhFmxVjvQbTUjJijAbT1FyIaZqojMul0ZM8cA/lTdwEmU+a9mphaq+E5A+Uj7Q7ZdWIGQSRE4qdSycP5xFumfNP/Ir/PG+dJJrmolqDUTFBbI01l01SeuQiJBqCBNpC+k/S2CLkFj9MCfLV3vBhmaPjgJYBHdqZKKfshk6jX+pkz/Jq7Sq53iEnnREAPYHluKHRFyqn/9eBF5LNaEFiwbO X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001056)(6040501)(2401047)(8121501046)(5005006)(93006095)(93003095)(10201501046)(3231125)(944501161)(52105037)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:CO2PR0501MB888; BCL:0; PCL:0; RULEID:; SRVR:CO2PR0501MB888; X-Microsoft-Exchange-Diagnostics: 1; CO2PR0501MB888; 4:YQGk42KepJqhLEbavho4KKuIrypziTowWzUYwmCUH/XVYb28vypdesGX/V38QD0y203zTl6NHOv2IyhPYoDfK2kBbMVDIRgahQDNnwEl8KK/aRLQo6551Rx9ctIPySEVSQU4U5YR/+hxwjiJCr9JblL1gvcAyF6SWkftIkAISCJGiPZiFfSACL9S5GHbm4xKyXgfBd5QfjMbWhqf/+Xlf+fokslOPRaWy0lfBO8croEdBXWlqrxfbayC9x9b8NJDdfPeqij4SRiYRpndPtV+EA== X-Forefront-PRVS: 05891FB07F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CO2PR0501MB888; 23:tPiBuhvEhTXfYqwKoBpZwFUnGQ2NjlrEhuB2pGYJ?= =?us-ascii?Q?JJTNlo3bdxDNC62AZqk7bploeRbMTNjef1pFH5OwVCSqrtQFi+xY92VfiMyo?= =?us-ascii?Q?Gaqypo/Fpd9ONbYCD9UYBQLz44P+FMJhnO3SHUqxSwPRVk1AgfP62ElAZIO4?= =?us-ascii?Q?jrXGeDKCE5Gd4fYD/ydcwwGxAOzumXqCeQRtJEMdid3nNJYxZFXd4kUTP7FD?= =?us-ascii?Q?tm0ZifRRBVf941n6thKPnWhRPPfItSFCLOM4uJ/Igmg2YwXlrG2cC5CZ/nC3?= =?us-ascii?Q?/HV5dLFSOCT2AkX3haP8/jo3U2ETdM2spw2gr50uujGGEPs+KV29qnkTTqgy?= =?us-ascii?Q?9ReBSobp6O+AwmyR2vjGUVcuSUkNtIGMxEpNN2ur3ZKM45Oar/fnJDaCdDGu?= =?us-ascii?Q?8zDhgVIk3LezuD7qvEmibp6/kFC6cPPwmChi0sjjbu3jx8KP44Pwk+O9s6yW?= =?us-ascii?Q?WO6gBVx43A/fcay8OA0xt7MRVjsgwtSNvfpMyPVwjCo5y7UyvjRsNw17COr2?= =?us-ascii?Q?MprS3r2vgAx49Bd+Gl+p8UHE1fJktBZE5uddZLrtIAttRho6YnEKENeiwDNf?= =?us-ascii?Q?blvf6Ne3qxy/Y5zvX/DsH8cBS5ZbPn12gtYuAOuu76KuOQ5sB4AqvGOhW35Z?= =?us-ascii?Q?TUEnUte55Iv67qzRDYbkEoR2kDRFUdEs6KauGpwV6w2NKB21fehD5AzLpTwq?= =?us-ascii?Q?5z37yX3GnNClsVPlR94Q6TuYti4Qh/aP8paXBARey2R02wm5Mye8I0h5RPRe?= =?us-ascii?Q?6eXqIs16T8gzEJCbUyukBsvQFW0N4Meip8sqJ+8IYEcfW2lv3/JN/xGF+VIR?= =?us-ascii?Q?53b6C6+ho025ZGPe6Mp09p6TP7f0cbAlhSZgNd0Kve3cb3gx4aKhkF4zr3/U?= =?us-ascii?Q?1fU+ZwSMUWd+ox+UII1ICI9bRhE2QqRoHQlUKQIcfKUddO1Uvy7RfiGb8GPS?= =?us-ascii?Q?wYb7ydTvIjr34pfmPaiuKtW5We+35hcUyEi48Jv/mRZG/DiCS3agnHzQ+rDA?= =?us-ascii?Q?Ex5qIZo3j/eYlawn7siNUfPftLK6rSdSnkXoOQ0fUQgeuDfKi7AtA0JOhnCc?= =?us-ascii?Q?REwap1l2KsatlUk5yxlD0tNrzTF0LN0ABhlnYkqfsT4dmlBXoQc5j/B8FphG?= =?us-ascii?Q?1FkKI71wrjWHSPP5xL/IYS4s7HpTz7Juh3syDc7TA+z2Lvk5Q0wL+aane1iC?= =?us-ascii?Q?beFFwb5dhNBhhgvfVcZQzuTflatfNk/sW/8zzScHLv+uB06RaPBkkTVaDASc?= =?us-ascii?Q?mJXvdas1szT6tcnshDl7w0oLGqMbwqApkbwUH188?= X-Microsoft-Exchange-Diagnostics: 1; CO2PR0501MB888; 6:woUc2DpAMkajeIW92z1vxTs1lsxdu7li4vzUtAzMUhBL3RQYPYJWxjjU9oOB8VYuem5S6ik9/QixwmVzaj1wzfbyzAWXeemh5lpe2w01P2CjySDGaz95eHJMnPsgleEfjeUxfgjPYA9NFHfBWsX4m7LvbMvRABzi7XHb9t0q50UQW5MrT0aU78JVSTVpqSQSo96fAST0K90shhixuOe1FC0XOJUZ/nIV1oWeygeXjlwo4eHyg4KDoFyYgVFx0QMLMKzWtorK6XgyK6knugRtXy+abX8hQFGsTIBFFaM6hGU2m17/qczj30bMlOhu5+UvR3gNj1MO8E9fZ+LXNDd099AdsgJhgbpeQDXIO4SvLlA=; 5:ukYH9VxRo4IcaD0+wjxWDbqoUBsU43d644A1f/ij/wX2Oj+CUYBTHwQivnFa1ZSUjPT13vL8Uaq9A5SHzsqJv+XrcHvFe5SsGxT5Fc9jjdheaxztnVc2Z1/0PL2IHPJtG2rOFU+0pZofzV+NoNwiUBiWFWzHF26V1xLAjbWyMxE=; 24:uczQhUFsVdzMsOnt5Rgv7+FPgCrqAmCgu4lsbzylzCI/WwIJSTXAljapgr2kZc6tF8TlJ9k/cQwPbapjdKrIgsR2Ery9kn2QClYW3D4tPXM=; 7:QByBmgBy70NVCdYZe1bWJXIe3kzRT12939vKnOu3IGMxN5LwyH3QFRFzuwmCjno/k9uzAmb4NC/5kYGEABGVvme5NjQv5Kgjx8tV9UEY7adBaMvmyMoWqbEgMki7xfzy36cf+T9BT7jELupRIsO8qmC40kfaMY1FWEoK5QRI2Zxi4TE8YF9Y9Bri4dMq7hOb7d/UvDOzW2MMsGIDRklA/2LrVQhNbxI+MUxFm/Pycm2eVYKBGThWvM0Q3WysGSkq SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2018 15:59:34.8631 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9163cb9b-21d3-463c-9c86-08d5787af010 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR0501MB888 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=801 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802200200 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 16:42:04 -0000 Hi Kurt, Kurt Andersen writes: > The problem with using the version number as a compliance marker is that > most people would expect that support for 1.1 includes support for 1.0 > rather than cutting off the the "bad" parts of 1.0. The same goes for > N+anything - forward compatibility is expected rather than breaking old > behaviour. Hmmm... There are counter examples (OpenSSL). However, many bump the version to a new major number when leaving older things behind. There are RFC drafts out there to deprecate or remove older algorithms such as RC4 and SHA1 from many protocols. I would have no problems with v=2 rather than v=1 if that is what is needed to kill SHA1. -- Mark From nobody Tue Feb 20 10:02:32 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B859212D94A for ; Tue, 20 Feb 2018 10:02:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=exgCcaVc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mxF9RLCJ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2uwU2WU9IIX for ; Tue, 20 Feb 2018 10:02:29 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB3C126D0C for ; Tue, 20 Feb 2018 10:02:29 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 5FC9220DB0; Tue, 20 Feb 2018 13:02:28 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Tue, 20 Feb 2018 13:02:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=OnsEVb2r5VxnlSOQ0 3X27MTp1BbC+mZ5tzY7k66YJKI=; b=exgCcaVcJTk855sW/qxff1Rz9CgNXjPGt PXRN0ZsPZ7A43IvBYOUPLNMWzL+wNXN6dzt6KntyGcPEqWUTMGY77AwuJujWEzMT yQf0RNXrT1UiBFopp93oUy6y7uoU+iwaewgd5R10fnvEJEf+AIh/poguPu7Av6LX BUJLT4XODhUOl/joXNYjWiCLVwFkQDdtD16DN1UgF1al5tqsEp+ZKgGE4DXTnTlQ GiZxiN7B+AmSdjrKyAqlRduHnV72fOpdDoG7HxMI88uTi2yTXebAtdzgBAlyUEmi KZ+qdEgL2fIj+JLDCX4tEhFRr4jT2sN20l+hk3kM0Vd7sWZNhU+8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=OnsEVb 2r5VxnlSOQ03X27MTp1BbC+mZ5tzY7k66YJKI=; b=mxF9RLCJ2lBZ0r8mAQzrdm +7tMjPo/N5un8yEFblWzcxAHVOktZNpUQXj5FieolPSJzYkEuGloor3dK8V7Nojv ughz4+AcSscbR/TY6QAzj6CeayZnO6NGNQh5ROiRMR1Sc0mkK9B9qXD58jonInMD PzP9X1gpO4CaSzKV2Howyn61K8Qu3L0Cj8N5Gzekh52QqhajhpOdCfIF8BR9/tzG nLupou/kyaphaGJT6K/Rcd2CTG4enjqX3UN5oBaeiBBv4i2DC4qPyWZ6yqAmESa9 xsCsyj0WwZG0VyqaWkzTB+MGagNSeQ/fvtgoZyADU23aNaFXgyYjiw2NW8h9cMYg == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id E19527E3DF; Tue, 20 Feb 2018 13:02:27 -0500 (EST) References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <56222.1519111884@eng-mail01.juniper.net> <75845.1519142366@eng-mail01.juniper.net> In-Reply-To: <75845.1519142366@eng-mail01.juniper.net> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-0CFABF65-6140-4872-A9A9-F71C5A023529 Message-Id: <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> Cc: Kurt Andersen , dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Tue, 20 Feb 2018 13:02:25 -0500 To: "Mark D. Baushke" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 18:02:31 -0000 --Apple-Mail-0CFABF65-6140-4872-A9A9-F71C5A023529 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Feb 20, 2018, at 10:59 AM, Mark D. Baushke wrote: > Kurt Andersen writes: >=20 >> The problem with using the version number as a compliance marker is that >> most people would expect that support for 1.1 includes support for 1.0 >> rather than cutting off the the "bad" parts of 1.0. The same goes for >> N+anything - forward compatibility is expected rather than breaking old >> behaviour. >=20 > Hmmm... There are counter examples (OpenSSL). However, many bump the > version to a new major number when leaving older things behind. >=20 > There are RFC drafts out there to deprecate or remove older algorithms > such as RC4 and SHA1 from many protocols. Yes, RFC 8301 changed SHA1 in DKIM to historic last month. > I would have no problems with v=3D2 rather than v=3D1 if that is what is > needed to kill SHA1. Again, this seems like a lot of pain for something that might break version n= umbers, especially when the same verifiers that badly mishandle algorithms m= ight mishandle version numbers as well. This having been said, if people are serious about this, it seems to me then= that people might as well consider https://datatracker.ietf.org/doc/draft-l= evine-dkim-conditional/ in parallel. Consider how much it might/might not c= ollide with bad implementations, how much that matters in the grand scheme o= f things if it's going to be used for other modifications to DKIM, and so fo= rth. Thanks, Stan= --Apple-Mail-0CFABF65-6140-4872-A9A9-F71C5A023529 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
On Feb 20, 2018, at 10:59 AM, Mark D. Baushke <mdb@juniper.net> wrote:

Kurt Andersen <kurta@drkurt.com> writes:

The problem with using the version number as a compliance marker is that
most people would expec= t that support for 1.1 includes support for 1.0
rather than cutting off the the "bad" parts of 1.= 0. The same goes for
= N+anything - forward compatibility is expected rather than breaking old
behaviour.

Hmmm... There are counter examples (OpenSSL)= . However, many bump the
version to a new major number when l= eaving older things behind.

There are RFC d= rafts out there to deprecate or remove older algorithms
such= as RC4 and SHA1 from many protocols.

=
Yes, RFC 8301 changed SHA1 in DKIM to historic last month.

I would have no problems with= v=3D2 rather than v=3D1 if that is what is
needed to kill S= HA1.

Again, this seems like a lo= t of pain for something that might break version numbers, especially when th= e same verifiers that badly mishandle algorithms might mishandle version num= bers as well.

This having been said, if people are s= erious about this, it seems to me then that people might as well consider&nb= sp;https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ = in parallel.  Consider how much it might/might not collide with bad imp= lementations, how much that matters in the grand scheme of things if it's go= ing to be used for other modifications to DKIM, and so forth.

=

Thanks,
Stan
= --Apple-Mail-0CFABF65-6140-4872-A9A9-F71C5A023529-- From nobody Tue Feb 20 10:19:00 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50CE71289B0 for ; Tue, 20 Feb 2018 10:18:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qUv1sY03Tldt for ; Tue, 20 Feb 2018 10:18:56 -0800 (PST) Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AEA7126D0C for ; Tue, 20 Feb 2018 10:18:56 -0800 (PST) Received: from steel.local (50-226-7-216-static.hfc.comcastbusiness.net [50.226.7.216] (may be forged)) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id w1KIIrwh014348 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 20 Feb 2018 10:18:55 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1519150735; bh=COqtzoQw+VtLAaajU91BYw6xgg763yrllLDT2wPWnFY=; h=Subject:To:References:From:Date:In-Reply-To; b=Ia7FMMa+evBnuKjJENtr154uXe5TLrBXfq59YB0Y0b/+YRX15J4e7wrRxuRQ34nb4 WOdA6jx2bXwG2t9flvOVFvYgiUT4rPwehgzBU2pVywzdbwU3ioNolFayynLaoAZNEQ n1W1hrUBlMS8Jv2Gy/yViVVLbVcZRY+dk8tpaOjI= To: dcrup@ietf.org References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> From: Jim Fenton Message-ID: <67483c2f-fa0a-11d3-c5fc-aabbaf8d5563@bluepopcorn.net> Date: Tue, 20 Feb 2018 10:18:51 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 18:18:57 -0000 On 2/19/18 10:23 PM, denis bider wrote: > I can see Hector's point, not as a technical necessity, but as a tool > to be able to say "You're still accepting SHA-1 signatures? Bah, so > you don't support v1.1?" The problem I see with this is that the version number is associated with the signer, not the verifier. You can already tell that the signer isn't using SHA1 (because they didn't). The signer and the verifier for a particular domain aren't necessarily the same entity, so it may or may not say something about the acceptance of SHA1 by a verifier. But non-usage of SHA1 was the subject of RFC 8301, not this draft. If we were going to bump the version number to indicate non-usage of SHA1, it belonged there. -Jim From nobody Tue Feb 20 10:23:37 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A27126D0C for ; Tue, 20 Feb 2018 10:23:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id korkzbCZwRKL for ; Tue, 20 Feb 2018 10:23:33 -0800 (PST) Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4D9C12D943 for ; Tue, 20 Feb 2018 10:23:33 -0800 (PST) Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1KIEh49007241; Tue, 20 Feb 2018 10:23:29 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : date : message-id : sender : mime-version : content-type; s=PPS1017; bh=vtImEIKjIvW+ptJ6XGl2V68mJ7ZlCcWzIWjRJXYyhp8=; b=rtw0Usx1Od7v6HeAEQkWjkgVfKC4IeC5YDojjesC3/QJxzaRk8xRD0wmsqtEZyrglul2 bcyt4UtFLFKX5TXdXqBFmp6S+F4rDNw3awgMcg/uqrh7ykqbGMKD1VWwtQiXnZW9OP0G ie8JFJWHnyDQAtm1IBTAXzK9xQZWiCVnozmR1lQQNr2L4ttxkQkamjyW1V2XEU/RBO2b xUtoXE2G2skJ+Z1jmzfQbu4MjkSeQw77iWksgDy2WJRUtsIRs49HQgkG/Ti+q5x2e0jn xwbvMXlPal1Kt7jqRsg00FzQhWMx/NQGNsHCxF7zt3KAGwqh/WQDd4j5XJbobryHvcaK ww== Received: from nam01-bn3-obe.outbound.protection.outlook.com (mail-bn3nam01lp0178.outbound.protection.outlook.com [216.32.180.178]) by mx0a-00273201.pphosted.com with ESMTP id 2g8q3306tv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 10:23:26 -0800 Received: from SN4PR0501CA0093.namprd05.prod.outlook.com (2603:10b6:803:22::31) by DM2PR0501MB892.namprd05.prod.outlook.com (2a01:111:e400:246d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Tue, 20 Feb 2018 18:23:23 +0000 Received: from CO1NAM05FT026.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::200) by SN4PR0501CA0093.outlook.office365.com (2603:10b6:803:22::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.527.6 via Frontend Transport; Tue, 20 Feb 2018 18:23:23 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by CO1NAM05FT026.mail.protection.outlook.com (10.152.96.135) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.527.7 via Frontend Transport; Tue, 20 Feb 2018 18:23:23 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 20 Feb 2018 10:23:22 -0800 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w1KINL2r000387; Tue, 20 Feb 2018 10:23:21 -0800 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 669531144E; Tue, 20 Feb 2018 10:23:21 -0800 (PST) To: Stan Kalisch CC: Kurt Andersen , In-Reply-To: <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> References: <1594199.fQmGbeNpCI@kitterma-e6430> <3118227.KIiRJkE2LW@kitterma-e6430> <5A8B549F.1070907@isdg.net> <2249204.uJMoLCJ6lp@kitterma-e6430> <5A8B7EC7.3050103@isdg.net> <56222.1519111884@eng-mail01.juniper.net> <75845.1519142366@eng-mail01.juniper.net> <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> Comments: In-reply-to: Stan Kalisch message dated "Tue, 20 Feb 2018 13:02:25 -0500." From: "Mark D. Baushke" Date: Tue, 20 Feb 2018 10:23:21 -0800 Message-ID: <81689.1519151001@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(39860400002)(39380400002)(376002)(346002)(2980300002)(199004)(189003)(50466002)(356003)(55016002)(8936002)(48376002)(2950100002)(6916009)(336011)(4326008)(68736007)(478600001)(229853002)(53936002)(93886005)(26005)(117636001)(81156014)(69596002)(81166006)(6266002)(76176011)(7696005)(51416003)(8676002)(7126002)(186003)(77096007)(6246003)(97736004)(6392003)(7846003)(305945005)(54906003)(97876018)(86362001)(105596002)(4743002)(47776003)(2810700001)(106466001)(2906002)(316002)(16586007)(5660300001)(76506005)(53416004)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB892; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; CO1NAM05FT026; 1:G3/wrMTjar+NeU6ccw98t5npO6GW+dDGKjGCRzhCMUGFl0LYRguxSfuM8/aLWCfY77PLGioXTfkicvpwGwG2Y3Qh/C6U7kOHIzl6VxUUWlEFZky7D2+qAejJ9/x9IA7d X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0324b4d1-a344-4f45-1edd-08d5788f06dc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060); SRVR:DM2PR0501MB892; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 3:6CjJrHmKilHq04zWKoaHJOp7j6CQmeaSM8PPjStD5ZX1FWOSGjN4mIEFTUcJ0liqvUFEM8mB0fA7d7sisnD2rkFRuKv48wclymUxm57XqoRbng8eNnddZGhKJCvH+d51ZYOX8gtU8bOKCxzlX9WgzRhAAfZRXXob2ErtFogGQgj9uAkNi0EOrEkX02qrJm1a6oeD0faUoqLPtlhqyhTLXiSHJwCAIvLuUEZ2Od0HVIPrDNzTt6e6N8vfDPSrKVYr+J5mWcfjHUZnZxe6Zu/sIONUL3mCqzkOAKAEm6YE7m7EjEgm3sdf0rkImon9KQQYBSlDw2edT68svgq22FJ9QFo0+hmgSq8td9jT3uhyV/0=; 25:hZ5mOaHzKAChcxj8cLieuq1ihjlxvE5e/i8YIpFnJLIlU54wj9cykMpZ9PPhQhsfCaAopERk6in6flHTFZw4vqpVU2jhD5t38FKfAaXKOPofWG15LO6+krddRBxqT7eEDsUCIAt4JoklCMUrNc1KBLjtXwL4TvMsmg2lyaQIWtVNyL2jTkHtBoUK05E8JTHgc5Z1dW7Ktv7/2Wdou+nCBlMhTXEQ9Mq1cFFscrKVPyW1SR0CM6UEdAmLWVKNZIqXCnyt9oYA1egXuGcXrleUCXv7jW9FNbLczfP7l4n1F4gpfpJA6VWkZ+YywcaajGHPicn/KSpBwLpHRASnCAsdXA== X-MS-TrafficTypeDiagnostic: DM2PR0501MB892: X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 31:WJZthi1ViAHhpcnUOBYpCOzGZO8q35RpOUs7DuJKEpJKsvDrL8cr4mrLWmlf5xmynUB5aFwaCd/7XeD1N/0eoNdskKmilbM019JVz7NRYROO1qR6k1dlM1qGabb3N21SWm+oR86ES+YxJ4KTYsJP++0BRA0x2ySn6IjUNowBP0LyvJJjKxvuv3K0bC4xkdIzOTENXE4mKwxWebWurDUGI6YhRamaZNhlyv9PdKLbtdU=; 20:bzuYxTAUFjEiljE7enT+iB7arWZ4HVpexF6qj35ZTNO19xtzyPZz/RPtsX+C9ZtAgicOLtYS1MxBNg+t3laifO1qXuJW1jO34bdm8Z4GUM56D4N95gi9FIz+KGZdWeMFhNhVEgVL2mhTuJuJE/BLrlqF46jkYAmAo1Ao8QmnEmIAKyYHVZPzKB5LgJDfREg/8XduqaRvToTdJyBsQupSnskDdH28rVF3/fjd5uRjICyx7Pqxo7CK5clFBVeMHouJi6BpPLlvmbNqDCMgnzXDgFIIxlMQf1YdtmYhPFfgwrXzjrXTJWgxf60nYk/1gC/5kA0hJMfbcEBT9doLReyCIKeiVOp/jtoI3GHKOfAwBI30qHVwgTyv8kjChRVeSpu58DIAVWxmrGAsKQ8KvgtFsPYydCm7LBsMVKLR69ZQnZ7m3RoehxN1JVhQom2gMbkN0y1tfV2Eq7YsMw+Q5txfumBFBcNsDVwwP0iBJdt1OJ/PCmGdnpTmP4y57R2AlyOd X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93003095)(3231101)(944501161)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR0501MB892; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB892; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 4:/3KXrv6LHSbmYpfJdjJeizJqyLzZRdL4tP2ZxaCeHTocBDgEQER464+Hp9q6TtKjaxHCyoLDdG+Eg6PBsAkYTjCAcUEu1vUJPOsRfJAHQNJWIRwntWeNGNcnY5aeEbWJ0douTygGVjn5COq4FuQASoY7Horw2Rk5/vCeEoOIoN4aXZnewwLHSJryXKJUVdGry/ztZ5IgERUmJGsKqW/94sXLKjJiQCDtjf9UV0U4T3V7cAHhMnjVl3uMDYNiMnQOc09Kt8hP9h7ScKZy0W7MAw== X-Forefront-PRVS: 05891FB07F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0501MB892; 23:6fncng28fJ1eX03FvgH/3jsQXNqe51BzuxdXevxt?= =?us-ascii?Q?kCd5C6B+C/IZ9vvq0sLsyzrHzarkVkHXAsu7sMB8/hkI5wB9M3H73x43or3m?= =?us-ascii?Q?wcJTcXvWqwk/m2OdQuyYgcmQY4S2CTUP7EEUHMxt4urWYgbi4iiR1bWvjYFa?= =?us-ascii?Q?ev9u656+AlGOiLXRF/NcJs5IUUPEqOlCSJGDKWn1D57M9XVQFXqSb/0+bIbE?= =?us-ascii?Q?ZTIdR1JpAsF35LNR5Q02Vu4CWuj/vkOuYbK0iFnPaCsceREHVZ24v+TLsmsn?= =?us-ascii?Q?X7nNqXL04wCEiTZt/Llufe0iN2KPcpHRo0DxDMqCQbEYuRET5qFeiduu1gyw?= =?us-ascii?Q?UweAEo/gVNzPf7miOSpHPGm+B1wxUxXytw4Gg5zj/Ua1ir7yP5vphvImSU4H?= =?us-ascii?Q?1zav/a4txczV/WO+omhyez9HE76YjdCKA2oLxREqpoNGjvdyaFsOGMJUJnG8?= =?us-ascii?Q?yGdTOJv1YnPuDiQ+P//v+zD7i9IZWf3SusTmwjYdMNOC/KmcYnIaJ2t3/Zu7?= =?us-ascii?Q?kfTh162l8UTwsnlNVbmpvE2x5mwAzzkLdGXKtkh4dk5SJ16C3V9mUiQiwQCo?= =?us-ascii?Q?AT196crJoQGHD8z43X6HlAKRIsk7hFerpfYG77ECznfXIJU23hZCk5S6e9AZ?= =?us-ascii?Q?GDwE5OllM9/yq/0R4LLy/ZrU64BrcHbs66pQHi9qJ/R29Lh+YMDYH3wXs7QS?= =?us-ascii?Q?eBNtqnKsraay4boXPwYLPoadeRjEwyfbL1gurRonT9jSW3B+6J8uCLrpbEtv?= =?us-ascii?Q?O7P8pLXIYh3uQgx81FMfpxyliubEaX61/EhIa095mmjdbiWORph99vkZICVA?= =?us-ascii?Q?jOmAZG1CpD/VVMggU7NdRq+i0bSJdJP52A/oTIi/2Y7SNuTQWiQ8s3UOlx1S?= =?us-ascii?Q?Ldfd3zpMigsaOqRJMQA4NMQjdPR8KsnlEl2UPISc2Jzc4zXiuSp5XwI4dPPx?= =?us-ascii?Q?XcSNObLshXHrrZ9+pW6nDExm0FcSOjMS/Wwemx4iZCtYweDMb2p422wF5DP9?= =?us-ascii?Q?Qq5nQLb6xxcaF10Sc4YNMpGA7tckeObBWE0/eCUzoFb+QwtrKs+qlsVe08mT?= =?us-ascii?Q?kishH3EDwGShKouL710ed0cRBr7utQC+kfwOX4gXu8hRjCeXT57OOE4Qj9VZ?= =?us-ascii?Q?UYRNo9DsCXsjw7si9ECUB8+N4+RtprS/a7rWblyKBqDL2HBN6x9PzCqDkIo7?= =?us-ascii?Q?OH98c5/PdLf+D4KyPCUIRN9rMcrkDrSkP/l5elYmNW95uRV/088mYi1nEog7?= =?us-ascii?Q?h0/PW1U1JpcPzBQhRS0=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 6:trE3ql3ijgjRDCS+4Y7gowqKNg8+deb+PJZEWVRz72p8Nytdvf8tadaClh4nkj7LuZKtE2YHewD13JQ8OY+L0BV1RH1K6SnrvTt41v/TQW93IWlEUx/hNflR6VqnjSXy3QOAUkNoPUVhaoXARqhKdGO2hNkGvHuqxbZExYRQFYwZs176/e3QTHszP+H9XExQ2XOf9FoQgyr+Y1K8k27bVX/09AoDo9TMz6hXxAOYJCI8EBds5QksM3nnyhSBDN0QSh9wRFzof9z20JRJ6P4uD2gKh12vSLtlS+t0PMdggLGa+ugPVugETHG93Sa+ac6LyoqXgE0MVnTj4ocXAZ4/+pkgTTa63UNbIGHMzCTNLfc=; 5:L2dKR2kKRF4bAtA52r5KZnZF5axKatIiTiILfBrECAz4D0pHB6iSTUdblMuxVxnuxiBl83LRat5Zit7IdC5rruEfPP48JOyK0xJtigj4YkUy+y0BeVwO/Vu6C0vfOX445/F4t/SdRuXnUZLztKqhSZPsFxxeffEvh2P5lqfP+Gw=; 24:YMU4wFF0zSUJlXb8VAxhwY85u0UibroPAo+NfBXj6LGgUP3X1R3TAT3JljuAuWAKeSU2YZpBZibqV269Xbki1j+94pNDRjUisXaQgqHy+80=; 7:/NqK3heUWXZTtqh3D84hb4v5xH1i/p0240ap5n9Mh2Mmlqiciv8n9+WnNkqmf4RDfAkZvW5lp+Q4p/bC2i35la7X2N3WE2bZ/iq11uQPSYAgy7YzPle9+UF5ytwH5xGCxoAFTQhCNJVnLc17GrW3XpjIrgi2jv4hHmEiccBoIX0vJ5AImr0HnLZaIeNGA6eSFb9gw9l2gAbU8XvPjuYgt4gpC5k+J9yyofqe7CeZbVhQtikgpkPPKG7OkbaXrCub SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2018 18:23:23.0882 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0324b4d1-a344-4f45-1edd-08d5788f06dc X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB892 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=840 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802200219 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 18:23:36 -0000 Hi Stan, Many thanks for pointing out draft-levine-dkim-conditional-03 as I had missed it. I agree that those changes would likely need a version bump as J. Levine has written. As has been said, the version bump is not really a mandatory technical change. It is a "nice to have" change. Implementors do need to worry about the installed base. That said, after having live through over 15 years of SSH 1.99 still having SSHv1 AND having SSHv2, I would like to have seen the SSHv2 change happen more quickly than it did. I am not sure if a version bump for DKIM will help or hurt transition away from SHA1 or not. -- Mark From nobody Tue Feb 20 15:36:11 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 681CE126BF6 for ; Tue, 20 Feb 2018 15:36:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.76 X-Spam-Level: X-Spam-Status: No, score=-1.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=VBfe/N1w; dkim=pass (1536-bit key) header.d=taugh.com header.b=Usr2J4jt Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIss8XsizgaM for ; Tue, 20 Feb 2018 15:36:08 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F90B1267BB for ; Tue, 20 Feb 2018 15:36:08 -0800 (PST) Received: (qmail 33567 invoked from network); 20 Feb 2018 23:36:07 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=831d.5a8cb0e7.k1802; bh=87pTN/GtDnRv1U6dO32RDGIEZ3XZ2rzWL/ApMu/zCgA=; b=VBfe/N1wsTsP8vHLZvcY50/TxLeVfsxTquxuXIL5NRok/3kHuHVfFNoOSoulNW74al6So6y+g/blF6xtUiZX/eWZpVpSUrGm6Ky8Mim4aTLil48YvuM+YlWXzfK8YHyjQKASQrEnYJnzXZ+155caAj5ewb3ovH1n6GGIkb3b2PrvbPqdi/FA+8vauiRBrRT7x/7mw8o6qVRM0A8nlmVsEti3leeKwEsAkg4VRj2bo4Qo+CQCYBrSb0ROT7y3jw7A DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=831d.5a8cb0e7.k1802; bh=87pTN/GtDnRv1U6dO32RDGIEZ3XZ2rzWL/ApMu/zCgA=; b=Usr2J4jtLrN+WjK8GYj7F0Tv8MkCv6ynYlpehOdp8/C8/S4snroJVMHuCfqdwG5Qx6bp2iS0Li0kRv1v7tSVRrBL6JQcyijJyqMjepCJKxaSUjvMwPpBEFBsq+G+i4mveP2jbR1lOO8JUPrc+vI120CPyRDWXeQlLw4SwvshdyYfwz4hgedUlHA/vDZ7jKbHuQmkLzm70+dVwS3c0mm8g7NmU7W5eI6go6Bu0vnsspP5Mg3Th8IdVO0nUaSLU3lr Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 20 Feb 2018 23:36:06 -0000 Received: by ary.local (Postfix, from userid 501) id 189361C29C3E; Tue, 20 Feb 2018 15:36:04 -0800 (PST) Date: 20 Feb 2018 15:36:04 -0800 Message-Id: <20180220233605.189361C29C3E@ary.local> From: "John Levine" To: dcrup@ietf.org Cc: rsalz@akamai.com In-Reply-To: <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 23:36:09 -0000 In article <8497E537-C37E-412A-84F5-F581C840A279@akamai.com> you write: >If anyone else is in favor of changing the version, please speak up within a week. For reasons already rehashed, I specifically think that changing the version is a terrible idea. No. From nobody Tue Feb 20 15:42:47 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84962126BF6 for ; Tue, 20 Feb 2018 15:42:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.76 X-Spam-Level: X-Spam-Status: No, score=-1.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=ZXAJHeu2; dkim=pass (1536-bit key) header.d=taugh.com header.b=TFbvKQNt Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mvm5pKNKdBdC for ; Tue, 20 Feb 2018 15:42:44 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 785C61267BB for ; Tue, 20 Feb 2018 15:42:44 -0800 (PST) Received: (qmail 34582 invoked from network); 20 Feb 2018 23:42:43 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=8714.5a8cb273.k1802; bh=2Cn0vHgN7OaXAcEGvaBJ+JK9X2BNXw4udWq4QnxYtQY=; b=ZXAJHeu2iQsUMsHw3kHlXdDdVWYJwF7xA5cd26MTaY8zZHIDexfeWnehESW5Cn/S2mDWUL08ARwd400cLyBFEU6/QWwU87YvvLQr6uyhL9/Qnw9gSQN6hkMRCUEzjjP9DzwpbIIF+5/dGCWABZdfeV7QbwUsu1sdHLFRQ9uTihMk2iMesCrohvPVrcEEwERbwb3RxLuAVwtNkBKEUgRrxl3yB1JMkPsA6T6eaLnqd2ril2AHLG3X3v8vRvZ4kblo DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=8714.5a8cb273.k1802; bh=2Cn0vHgN7OaXAcEGvaBJ+JK9X2BNXw4udWq4QnxYtQY=; b=TFbvKQNttAovyOFvK+an3dyXqiPtwq2TwfC5vYQRHF/Bh+aL/D3qaaMXS6gK7sirhxmy0NhDeCXzd1ek7OHvGk2F0SYM1xCO7viTDfBgZGYRp4j+fDUaCoWocU5sM4I/5nIhSzboscN+MXFpB1Kvj3s5eD7FEaDqPrr8uc56vJw2RyP777/nD903TwixYo1cIR1eXcVNMFHdGDr2DHgwCk2GckkkU3UrDmxHtTrwDxGPewNgJXw+BICxfc7VmwAl Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 20 Feb 2018 23:42:43 -0000 Received: by ary.local (Postfix, from userid 501) id BAD821C2A315; Tue, 20 Feb 2018 15:42:41 -0800 (PST) Date: 20 Feb 2018 15:42:41 -0800 Message-Id: <20180220234241.BAD821C2A315@ary.local> From: "John Levine" To: dcrup@ietf.org Cc: mdb@juniper.net In-Reply-To: <75845.1519142366@eng-mail01.juniper.net> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 23:42:45 -0000 In article <75845.1519142366@eng-mail01.juniper.net> you write: >I would have no problems with v=2 rather than v=1 if that is what is >needed to kill SHA1. Given that RFC 8301 was published last month, it seems a little late to raise this argument. I can assure you that no matter what we do, DKIM v=1 will never go away, ever. The only way to get people to stop signing with sha1 is to persuade large mail receivers to stop accepting it, and that is a social process unrelated to publishing RFCs. R's, John From nobody Tue Feb 20 15:55:34 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5055B12E044 for ; Tue, 20 Feb 2018 15:55:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=TTowDZzd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cy4erco+ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP3H0BIhMaOx for ; Tue, 20 Feb 2018 15:55:32 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3293D12E042 for ; Tue, 20 Feb 2018 15:55:32 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 7645820CA2; Tue, 20 Feb 2018 18:55:31 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Tue, 20 Feb 2018 18:55:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=u4IY9fAaZgkSAda6r cxKLyBCuV6jPApXo6Kt71Aje+w=; b=TTowDZzd86CS2c+t8kFUs7S0LZ1FwNpdJ h7pN1ncfugwoIUUPo4lL2ov63sBl7skYTzH9vZwuoBw0U/+pcrHt2lmreHGMWPzA 0Lwb6Cugn0Fz8gp9dpp+DlR1jAgjXSO9zQ6tRQ0qVco85bLhvvo+FQYLzogN+Jxt Q/ZTZqxqbe3PmRCCAPyyVCyk3O/wZteAzvLaPv7Aa6D3HPLJ/OHJrpRrDjcQYUQY r+kdMjlD/bvDQRyzYraDbfBP7uHEQH75+ThK7bnTssCSe72cFl5Y73oCCOeILOOm D2Ww9NkBcqDw4C5R+jsO7jWI51sDUVcCk/jFUnpfUmjedHsgpRd5g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=u4IY9f AaZgkSAda6rcxKLyBCuV6jPApXo6Kt71Aje+w=; b=cy4erco+UQG175JlFk7aFI qHbuExaTvoT9uN9SiOZRkE09k6J3HtuMq84bh2S47pUUgKCKkI7S24zwOQvJhezl RPDAjMG5M0tDM0cUoIhbnpQcgnb///qpb+tAAp1zmEU8AFwWM30FYZxsEv+Vm9yU jcTgLY+S/rpRD8o9QYadq8bkS2ogEvRj0/7BnmaLwH+TUcCBLp8TXe68uh7PVZeF ypVYPoj099lIwmEexTKadCSCGc6ZZRXv4+L6jMwOBMhbIfKhU8MQI/v5l2Bio4BP B7/piA/FQdo9dh56vkx8p01W0n7VEYAlRlNy59T8Etggmd+7OQ2OiAjofw0GFvJg == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 30CD97E142; Tue, 20 Feb 2018 18:55:31 -0500 (EST) References: <20180220234241.BAD821C2A315@ary.local> Mime-Version: 1.0 (1.0) In-Reply-To: <20180220234241.BAD821C2A315@ary.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: Cc: dcrup@ietf.org, mdb@juniper.net X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Tue, 20 Feb 2018 18:55:29 -0500 To: John Levine Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 23:55:33 -0000 > On Feb 20, 2018, at 6:42 PM, John Levine wrote: >=20 > The only way to get people to stop signing with sha1 is > to persuade large mail receivers to stop accepting it, I suspect this is what will eventually happen, and that one or two of them w= ill actually be proactive in this regard. Stan= From nobody Tue Feb 20 16:36:20 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12B4E12E741 for ; Tue, 20 Feb 2018 16:36:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.76 X-Spam-Level: X-Spam-Status: No, score=-1.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=d5w2/dlp; dkim=pass (1536-bit key) header.d=taugh.com header.b=ERWUjBqu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AfGpzJvcply for ; Tue, 20 Feb 2018 16:36:17 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8732B126BFD for ; Tue, 20 Feb 2018 16:36:17 -0800 (PST) Received: (qmail 44116 invoked from network); 21 Feb 2018 00:36:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=ac52.5a8cbf00.k1802; bh=nWz9b1MA0Ur6VpPvc2R2Nne16JOcS2xTKukCx5qyABE=; b=d5w2/dlpffIJtgzwm8gFxxgtWNX1cB/BaEEQb90Z+D6cgPMVzQcPxLvIHQ3s+sJK8Yg6aX2ghPnz2BFoFCUIETfykVxwDb13sYXkfhfyaRY9fDPFXdcuLXxjfenk5ojvKuPeH9ennRlXxUITDrnFc7gJrCs1KBBqnQhBKVJxczCRmLUEpEXxJfvCd9vUZcUIdTOz5/tIc3iXVSUmjBLZT1z2QVoGcULJAehNTeYw2EIu3ewvqRXMO0BvQ3+CUqXz DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=ac52.5a8cbf00.k1802; bh=nWz9b1MA0Ur6VpPvc2R2Nne16JOcS2xTKukCx5qyABE=; b=ERWUjBquSehKfy+Lfoip10YCMGa4Xg3qSYUp0wdL3oFvHfZqAeXpk/lJNMYtW8abfUEeceYLevO2yoXuFbck3me3NSvuM4UCZbBVHqmxD+amqSFp8myUQjYKwcFk27q03VlJJ5bHzPIdi4jqO8wIF0qucsx6tsd6/haChAAgBvnkCxmWRnuLiQOtfoTfMxCd1RYPfjCJfSKobHoge1SQJurtTGF8ha7R0QKzKmy2Wvoqp3WEWhbvDsy/l2sponz2 Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 21 Feb 2018 00:36:15 -0000 Received: by ary.local (Postfix, from userid 501) id 9BEBD1C2E8DA; Tue, 20 Feb 2018 16:36:15 -0800 (PST) Date: 20 Feb 2018 16:36:15 -0800 Message-Id: <20180221003615.9BEBD1C2E8DA@ary.local> From: "John Levine" To: dcrup@ietf.org Cc: stan@glyphein.mailforce.net In-Reply-To: <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 00:36:19 -0000 In article <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> you write: >This having been said, if people are serious about this, it seems to me then that people might as well consider >https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ in parallel. Please don't. That was a strawman proposal for what eventually turned into ARC. Nobody plans to implement it. This whole version number argument is a distraction. We don't need a new version number to add a new signing algorithm, and it will do nothing whatsoever to discourage sha1 signatures. R's, John -- Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Tue Feb 20 16:50:19 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03BD012E741 for ; Tue, 20 Feb 2018 16:50:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=YQlMuaWH; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=VWrXJxez Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8MwuD4beCIm for ; Tue, 20 Feb 2018 16:50:16 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309B012E050 for ; Tue, 20 Feb 2018 16:50:16 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 707F820BC2; Tue, 20 Feb 2018 19:50:15 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Tue, 20 Feb 2018 19:50:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WYzUBWlyxkzWOkAqD 0KipXm+dBAqipvQeu7TFHWNSUo=; b=YQlMuaWHTtho97GBVevqNggWzBThw3Gcs 7Y6vpc2kG3bdDqa4ba2hX+AnMLt1IsXStzPGZdjv/U4iOKDD04qX8yaFjvJGuxU3 x4tVO9QN4w9TonP7Adm5rz6CmS7TB3eLSeKa7SXrGv3MYb3M/0gd92KwHX9mbbBn bh3YkYUlWHEFnEkMnLPRri6kTyCR1s88ULlR9QHDymeo/qw2qTEMSvyyogCT0wk9 wlHAhjzRXOVCaNyaKeLb9vPILPBgmgPY/W9P89GbiMVi/hWH3QSMc4NBhBtnzAyj kLZa7gnsCu/OvNmscOU3Qhj1pfZQKhmBoy0/oOWZcjRu4r/XEisPg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=WYzUBW lyxkzWOkAqD0KipXm+dBAqipvQeu7TFHWNSUo=; b=VWrXJxezzvEfelrC+g8C0j fxRcT4FOhLpjpk2M/O/1WNnqUqLNmFahMt8kblhhPglQSalA3C/9IpuXEW94L4Za yo5++WdxmAuFe82js6PblDh14fT7GAs71HESqMP5BHh/LY8SCRiZb8wKpTkPFHeg 62vrrfx8C8R0rgEbugUraDTPSlMNEQl+mysEEXs5cMSrUjVIr7KTZhad3lsXEn+o k6ppB25Lhh3JIAGjANR2FXA5MydxEKKQ+hUbEZDyosgbnRcMqflWtHgjetqTuZcV YgPDLI5QkpBRCzievZnp5xZK3d2NDim5zVEsJXioOUs/k6V2lvdCLwYtHQKAxuyg == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 0122E7E188; Tue, 20 Feb 2018 19:50:15 -0500 (EST) References: <20180221003615.9BEBD1C2E8DA@ary.local> In-Reply-To: <20180221003615.9BEBD1C2E8DA@ary.local> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: Cc: dcrup@ietf.org X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Tue, 20 Feb 2018 19:50:12 -0500 To: John Levine Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 00:50:18 -0000 > On Feb 20, 2018, at 7:36 PM, John Levine wrote: >=20 > In article <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> y= ou write: >> This having been said, if people are serious about this, it seems to me t= hen that people might as well consider >> https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ in parall= el. >=20 > Please don't. That was a strawman proposal for what eventually turned > into ARC. Fair enough. > Nobody plans to implement it. >=20 > This whole version number argument is a distraction. We don't need a > new version number to add a new signing algorithm, and it will do nothing > whatsoever to discourage sha1 signatures. I still think there are potentially useful bits in it that might stand on th= eir own, but my motivation in mentioning it is that it still seems better th= an just changing a number, if that's what people were interested in. I agre= e it isn't necessary for adding or removing algorithms, and I agree that thi= s wouldn't make SHA1 go away. Thanks, Stan= From nobody Tue Feb 20 17:15:10 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82BFD12E050 for ; Tue, 20 Feb 2018 17:15:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYT2mWoKNT79 for ; Tue, 20 Feb 2018 17:15:07 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E11D12DFDB for ; Tue, 20 Feb 2018 17:15:07 -0800 (PST) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1L18nbt003907; Wed, 21 Feb 2018 01:15:02 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=oO0MVEgQRgO5aeMN6I5hzU5KqdBej3zQWZUiAmTrMJs=; b=MWMcJ5xpK0wbWVarYq+RBOFPpzANbJwdMBOXL1ujdX9nIjT/nu+dO42VjFSbTIb5G+5t 1zWm1z21zWw/IX5HrmdmJWKFskIHOmnwELk/QOZ4EqHTaZzYb9wCV809dkxD4sapp0rZ RS1TuYQgMDajwHBQWH5KW5X4pag3um1fFOjWBgELLiYcbEPSO/uMy53bQhz5vPYAY6Zx nEtARReTWt6Z54KrD9u6JgaoDCrxrvfYQrHxYYMnlQZWSBPmZ1MMct383k5awNhTF+wF YMSatoPQRvHoe4Z3NVyYVA9zGRqXX97UkEY4k/Eml6JW8apKx4uOlRyoNX2kQU8A1Lmw LA== Received: from prod-mail-ppoint3 ([96.6.114.86]) by m0050102.ppops.net-00190b01. with ESMTP id 2g8mmnssvd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Feb 2018 01:15:02 +0000 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1L1BN23013549; Tue, 20 Feb 2018 20:15:01 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.31]) by prod-mail-ppoint3.akamai.com with ESMTP id 2g6gm1h192-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 20:15:01 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 20 Feb 2018 19:14:59 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Tue, 20 Feb 2018 19:14:57 -0600 From: "Salz, Rich" To: John Levine , "dcrup@ietf.org" CC: "stan@glyphein.mailforce.net" Thread-Topic: [Dcrup] Progress Evaluating DCRUP Thread-Index: AQHTqHODye7C2uaIYEG1yi09EX1uWaOqxj4AgAArfwCAAApmgIAAP2YAgAAPRACAACbrAIABPRWAgAAFhICAAAdWgIAABgKAgAAsQID///rlJ4AA3yOA//+6qu+AAHr/gIAAbgqA//+24wA= Date: Wed, 21 Feb 2018 01:14:57 +0000 Message-ID: References: <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> <20180221003615.9BEBD1C2E8DA@ary.local> In-Reply-To: <20180221003615.9BEBD1C2E8DA@ary.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.204] Content-Type: text/plain; charset="utf-8" Content-ID: <47D376169DD1274793E1F52620E3017B@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=913 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210013 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=858 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210013 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 01:15:08 -0000 PiAgV2UgZG9uJ3QgbmVlZCBhDQogICAgbmV3IHZlcnNpb24gbnVtYmVyIHRvIGFkZCBhIG5ldyBz aWduaW5nIGFsZ29yaXRobSwgYW5kIGl0IHdpbGwgZG8gbm90aGluZw0KICAgIHdoYXRzb2V2ZXIg dG8gZGlzY291cmFnZSBzaGExIHNpZ25hdHVyZXMuDQogIA0KU3BlYWtpbmcgYXMgY2hhaXI6ICB5 ZXMgdGhpcyBpcyBhY2N1cmF0ZS4NCg0KDQo= From nobody Tue Feb 20 17:43:15 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F44E120227 for ; Tue, 20 Feb 2018 17:43:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4fquDsavuwr for ; Tue, 20 Feb 2018 17:43:11 -0800 (PST) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 825ED1200F1 for ; Tue, 20 Feb 2018 17:43:11 -0800 (PST) Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1L1e5dY012540; Tue, 20 Feb 2018 17:43:05 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : date : message-id : sender : mime-version : content-type; s=PPS1017; bh=OQCAihudsNjjprBpuVOGfDps5rxbZAOI1AJ7BmXH8kA=; b=ytCIPyfWj20C47QUru5hX0aZ+ktyOPm2/l/T/XPjMgr/nUvyQzHF+GGWiFYxP5+N7kqW uwWQcjZuyqlpLR+/lgY0gF54ioJ1v4Dka6I0YjK2nTyDQqGOghYxMg0sfm1cCXZB25JG RIVAObEgXh/7xBPNKRbEFlX0rOhyuIqgWqOe9FxrMrErmR137YTnki7kOlXqzRSAwF+B CCiTDNRevZyAIsAxBsgz48sCdadUrtq/iVs4uU2Zta261vqAd3BdtEUY2fm18P4LoKXh C8/zBtmyv0J8nZLoa8R9UHJbA0yUyIzEG92G0KMHQp6MtMtGQm8bvQJ+Gfig3l5LNkkL Bw== Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0049.outbound.protection.outlook.com [216.32.180.49]) by mx0b-00273201.pphosted.com with ESMTP id 2g8wka048w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 17:43:04 -0800 Received: from CO2PR05CA0054.namprd05.prod.outlook.com (2603:10b6:102:2::22) by DM2PR0501MB892.namprd05.prod.outlook.com (2a01:111:e400:246d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Wed, 21 Feb 2018 01:43:03 +0000 Received: from DM3NAM05FT016.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::200) by CO2PR05CA0054.outlook.office365.com (2603:10b6:102:2::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.527.6 via Frontend Transport; Wed, 21 Feb 2018 01:43:02 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT016.mail.protection.outlook.com (10.152.98.125) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.527.7 via Frontend Transport; Wed, 21 Feb 2018 01:43:02 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 20 Feb 2018 17:43:02 -0800 Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w1L1gx1n001053; Tue, 20 Feb 2018 17:43:00 -0800 (envelope-from mdb@juniper.net) Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id B76C01141B; Tue, 20 Feb 2018 17:42:59 -0800 (PST) To: "Salz, Rich" CC: John Levine , "dcrup@ietf.org" , "stan@glyphein.mailforce.net" In-Reply-To: References: <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> <20180221003615.9BEBD1C2E8DA@ary.local> Comments: In-reply-to: "Salz, Rich" message dated "Wed, 21 Feb 2018 01:14:57 +0000." From: "Mark D. Baushke" Date: Tue, 20 Feb 2018 17:42:59 -0800 Message-ID: <6947.1519177379@eng-mail01.juniper.net> Sender: MIME-Version: 1.0 Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(39860400002)(376002)(39380400002)(346002)(2980300002)(199004)(189003)(50466002)(356003)(558084003)(48376002)(8936002)(6916009)(55016002)(2950100002)(336011)(68736007)(4326008)(478600001)(229853002)(53936002)(69596002)(6246003)(26005)(81166006)(81156014)(117636001)(6266002)(76176011)(7696005)(51416003)(186003)(8676002)(7126002)(77096007)(6392003)(7846003)(97736004)(54906003)(97876018)(305945005)(86362001)(105596002)(4743002)(47776003)(2810700001)(106466001)(2906002)(316002)(53416004)(16586007)(5660300001)(76506005)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB892; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT016; 1:2ncWoJTIOp2kunVL3bXso1ivEAr1x11eImZKGlkFv7CFT4XzLpEoE0ocIdNoJdlJCqnGoACDkWD8arco274oj6P+8Nzzkc3RoLqj5a8qSpu5ScIlvumGJzuOD7k6/xpC X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dc79a19c-cce1-44a0-7ca9-08d578cc71fd X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060); SRVR:DM2PR0501MB892; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 3:1vEq5vFEda0QNABceH4tkUenUszJgwxaUAiwDfZaGlaixicoGSLw/E+gEVfniEgexHKc6X/tSAxSPEtrSOedfBXxAcXvA7wRTSzlzHpeD5v5GZHjdgZluTtmipxpD26WmU/ZtQNAIKbBB9a3EmoeZckTPCz1pgX74M8b0UGH6AJQm5eBqUFxwtDjd7EL9hM9dhRcvZ6MJoY1S150hUKCjUjvr1Dcyw6CyrLwKu6JLiQI/0UacDoHc7Y/5NJXouI36KrSWAqNEZU7+qE7QiU67819+ANKZiInCykBoDwZBtWhTWTqSpk0nkcTYnBuPpUCJCPv/Hs9qFV6Jomeesqp8fpe8I7G320aIROmvJ8EyF4=; 25:Gt65ur/GsYoiOsdIAbau6tJORMsqPV8Ul2ZPK22OcDFIj8tGPKBIqSTmnit5+c++rJCxAdoaoIDEEF/wZ6AHHxpYIWvqRQWz4DjCi1hN9vC//nfruma4sFHGdr8URa7VRUL/ldc4WGWAiksmcmzm5/mMLHgqrNucl9ZoUp5NLxdXuy7+Z61z5cL2pwvdqp8LuCBTunlld+rmKsI9cvHKkjZ7x5QVjPv1H7PEJTS+gqrfSrX4l8yYTDHzrq2eaFxMWL0J0lbc+t4f8twyP1bQ650HiK+a+ejAT40P9vD3Gs1qPz6Yy5WxMpX3QIrxVgDVo5CRKgxM72Yqx/3ojIOyMA== X-MS-TrafficTypeDiagnostic: DM2PR0501MB892: X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 31:kAk6tnSzx2gRE1mjM13pRnPJTP4l/H/puuHMCVLI+Rw2wy10DJ7wrEEPWs9noYmdviKasmtYRU780BSc1qDEFb0ioKxBOF5Hr51Y41vVxiYqVcMjJDS+fCAE1nG7Tegf5SLMQOJ0Bz9hY22g9IUPZtyOWudBx7EOYOb4v6Gl6v2SO2Ks/3Rh1kJzMOuIutNoFWFW+M9RTV5fhr5yamVOmR0TCPIe8o6alE+XWvP522o=; 20:1yprvViQscaymXcYJn2dMt019H+vvgGarLPdTKEswQy77r0zwlf0skvRPN9T9tSgREMrnn2qq6lliN9Aiielc7RAMwEDbG/raPhdVHXKc7Ki6gG96pXCqpbvjjsMCPuzu66idUnYPKSiEraGnXNfrdsi5E5Dv2pfFTc9bEglQzlFfpFRTLzA6Zno9Fl92c8e1Gvnwom5w47OEK0qW+mFgwm0h68GH0rB34dc7YqhikT2/o9rlHxqiiTgAdd0SHLR+b2aY6DU2R4uSupmzpzXGe2Qs75lzPbAfD48FbRHQnN/jN4Ee0xI56+2Ji14515J5Yhtgf8Rf/F9TxTzfFgQ/briMpOP+DVJqSZ64Na/zZfyHnhWfMWevWvIjkT/i7slLS1JHEd1zWMQDJLQYzi3EFtzr3yNP9Kn8TjSrcijv9K8gF3kBWJI4X4Zg2pcPQud3q9h01mUycKfaSZxDT6KEKp90vdRpUdgPk0UUbNZ3Wgjzb1J1Jftsw1D+2aYL5Oi X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93003095)(3002001)(3231101)(944501161)(6055026)(6041288)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:DM2PR0501MB892; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB892; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 4:wcwm6QG5mfYKRcxQnNGJfxnNZQiC3wh6J703iuIqHOXLpvbXFMvqY53vtn5B1HC+iYEMtOv7Xn18vSjW9t2nWZNwR4142FL4dU1jat0q814y+H3EOCzPuxK463Q4JfcaL1wa5lDprL7QRu6gyS/m0o03PEY1V3QBePo5V7xIu7LO/Tk+9PZVzcxI3QV+OE9SFpONxzFhY72uXduMhDS0dqyQBSgGVgOYOGKJFTv2fuDbCPpXAp53/dizYZdAGSLXgIIQGjCTyo8KLDb4CnomBw== X-Forefront-PRVS: 0590BBCCBC X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0501MB892; 23:dliNWE4y1OIwS2aXWSeq2hWBcsT6XNuy/gp/HbBn?= =?us-ascii?Q?t5Zmz+LCNkrh1+k5khMRiHBFX7d+CnPZY//KUUt5Ay9vtk2HxF+Nl9ULjh/T?= =?us-ascii?Q?Q4drTgWJLs9oq0MMDQFkgKoWgwMLRVfePEa7d9nFzuY9jZHQKOIXMZWuapmG?= =?us-ascii?Q?0++LhcPoyoghTatnNSnlUx0x77xBd/ko2WPW5lvO/MLHq2mgzZFCxas6Xz9M?= =?us-ascii?Q?1FUs1ERw33kiL+PfbDCXBngrHFtKxeuX+qvymHhp5zc1R/ylN8m08uJxZB/K?= =?us-ascii?Q?gbFUbEy0eAibhN42lxmFic2wlKcvYLGl/qYAjIjA28E0ItoBk8abYZiW59IX?= =?us-ascii?Q?d/0jXqmttNHv/Juqc+lFUXVbnpxuqky691g5BNfL5XneGcH6qeWZorHsbd0l?= =?us-ascii?Q?cVYs5mbUcnVaRHwBAOt2QiXECo4/z7Fd00gypMNynfgFSIhh1HUjVAJCDJiN?= =?us-ascii?Q?IQ0EdCkmcICIoRYuCRkfhkrlRCs/KvJJya4LvIABEAttOVH40I4DwX31Z8gE?= =?us-ascii?Q?J5eoIv6nqg4XGBzYf5rv8JJ61e4HW6g+9dhm+5l5fXwZx6pwD3aTlgAa9DwW?= =?us-ascii?Q?/XzA0ufY2uzjip3jife1lWVarxw2UnqgBYsyiZWC/cxr6I/TDbJWQIOzzgHi?= =?us-ascii?Q?NgyvkcafCvGi6VOwxuD4bTzjv799ha1RriSiKDDTReRhg/ffB/N9LuSJvHfq?= =?us-ascii?Q?i36tvFgE8KpF1MJ4pjNCsb3QutVZEiiJtkZHp6XJ44AdjXzFGD5JLCUzZDhN?= =?us-ascii?Q?esdrbte0Ar7h0MDBrSkTYkiGMOdsoyQ2MI8CyIx74js3X9HWumDuzhu7Qcrq?= =?us-ascii?Q?zRFEP8GTEMJWJyzdsJq0xaYA0iqIpRHYWNVZ6au87TCx7rGsrR3Va1f1Xer8?= =?us-ascii?Q?b6RaKVFyVc0B88IskpBbx5z4Vmf0s9WPOnnCBUXf2kjRXxA5g/1abCxGnmIk?= =?us-ascii?Q?VDwS0iAncMrokOejSE/SDbUug+7142cgd/nm67g7JpPYXO4wN3Delwzt6clQ?= =?us-ascii?Q?eLEhRn6gVK9lhC6uZFYR+iRvmvCUIow/UpdKDzUOfDQfr4YCwqGgKZVJ63db?= =?us-ascii?Q?/QtJ16gMogQblbnrFhu4nyMZQ/UCrRnZkhzL5/VtPrd887S4xWK0vJOCTPyR?= =?us-ascii?Q?xSIhI3KwtelV1hvS3ius7J6ZJeQkNq+44oAlhAzAShA3hmXm2NmWO8BYpwjk?= =?us-ascii?Q?fEf2O1RhNuaxK2HuqRIO4sSC6gwVJFTcR6s8PZm5ik++FKUiu+7tjCUJCk2d?= =?us-ascii?Q?/WQpEDVJKDV5qT4DI3NtNUbh9JrfFrdKUUfDV1tF?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB892; 6:j/T5qjWicfq5VdiiQ6KyNC93e/tcfEjydFYbSoK5aYjT3A4DNDycqfWegMsMXo+zjJ38+4762FxuhTaC5EHYcs+Kwlvn4PXoBeAl4Rt/s8HkySuYFvXNBQIx1wNBdA3Oy0BEB2gN8rdVErxQFASzIPZRgnZZpwhpRE42CJRLJC0OiaWGF7wiZBE2pLIoGe8DY++kUDyn+/u1VmvtEfeVUSrT8h98gcQN3wW9fQ89EX0THdtKYtQWi4sbgrKARDQ+BRR8l9NRWQ8GgT1cEwFHaP6kRW2tOjnSemV4izArT0Zn1SFTIohhXVl/MHDUdJ/E4ulDJHbjbMwdo/t+xSt36Keb0pW9EONKMMmekPDhiIY=; 5:+Is7u9HqAzBnRVu1Xm8a+NtbcC2+XPJ4c8Gn74rcdzx9Kb5vviGNqfM8TI1+vnZd91fF7QAIWU26i+NL7EEZF2BD1+Xbxmq32d1m9PmReBJ93opdM7C14bB6PTmtRFwMZ2GqxED2nqw7hcYK1yjyu63kLvoLdr4F89V6O0e8R4Y=; 24:4VNjQpbIM8b1hI7MCSfMyuMkZEowLLGWvMScFE2TOgTGZAn36y46K0BQ/Ynlgp3WOFX3glIHJTb6Ge0T4NL0kpqfE8uTIXAbwOJhoKYSkVg=; 7:x716DT8L8Jv0QZ12B7oaAQ97BO5vg6cKbyAx1EwBkWFZKMrbbczBrRDLYxPWxKCpaSLjf0P4MFv9h6GWIBxcr7ReAMpODWlx8HJzcT0fD/qQZAcoxQXqk4gWbPrVhRVchtCDdO11kSqfcBXBoYQwNiog3fZHotJTFpbiC5TtYcR1UNW/7OoJlS3AYgyhB7dns0cw5SYyMzQD72XPw7BGVlM4mikmg1j8qi1hRmA6CniCeNZ8rAhewuwnFE6V5HUh SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2018 01:43:02.0923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dc79a19c-cce1-44a0-7ca9-08d578cc71fd X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB892 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=962 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210018 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 01:43:14 -0000 Salz, Rich writes: > > We don't need a > new version number to add a new signing algorithm, and it will do nothing > whatsoever to discourage sha1 signatures. > > Speaking as chair: yes this is accurate. Okay. I withdraw my support for bumping the version number. -- Mark From nobody Tue Feb 20 18:33:10 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C371241F3 for ; Tue, 20 Feb 2018 18:33:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.208 X-Spam-Level: X-Spam-Status: No, score=-1.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=NVKgwMNW; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=LE5s5KJa Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xpckp4nMq94W for ; Tue, 20 Feb 2018 18:33:07 -0800 (PST) Received: from secure.winserver.com (unknown [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 3E03C120227 for ; Tue, 20 Feb 2018 18:33:07 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1052; t=1519180385; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=LmyOTOSw+UnHoavY4jKaxMNWn/8=; b=NVKgwMNWXBrIJBgmLEM1iQBZRUb+lTPlDvu4x56usX+OxAh+/bsD+nqDoHnMxk WfMRbkKEJcb62OuJBYsw4MjNWTMauDF/i/Q9T6K95B1/GAGRCOLs21EfQv655oFi rtdcHhIQkEOTYAlge/YxIXqPQVLvkuogbJqpwZA+5DKow= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 21:33:05 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 459093724.1.3228; Tue, 20 Feb 2018 21:33:04 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1052; t=1519180068; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=YDW7i19 hO+mDTkZ1Eotl8uZAD5plkmYLdxHtrP5pUHM=; b=LE5s5KJaKTSThi5NHHoeWOt VqVxPvbDo+PmEFvZi+hLio7rUuG+2LdJLHkeDcAV6jeEMGYBOTqFM+Gio7r5AJPE BGRZ/MuJhgfXpfVnRWrbqHvxuZdAP5teTpBA4fGLnNHmeVYZBi2JjjN5Zmt0qZOU TMtu5gsGehOGX+D3Qi6E= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 21:27:48 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 458974674.9.226588; Tue, 20 Feb 2018 21:27:47 -0500 Message-ID: <5A8CDA60.30603@isdg.net> Date: Tue, 20 Feb 2018 21:33:04 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <20180221003615.9BEBD1C2E8DA@ary.local> In-Reply-To: <20180221003615.9BEBD1C2E8DA@ary.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 02:33:09 -0000 On 2/20/2018 7:36 PM, John Levine wrote: > In article <61F5CA74-C744-4F98-9CF9-88AC51E5F7C7@glyphein.mailforce.net> you write: >> This having been said, if people are serious about this, it seems to me then that people might as well consider >> https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ in parallel. > > Please don't. That was a strawman proposal for what eventually turned > into ARC. Nobody plans to implement it. > > This whole version number argument is a distraction. Strawman proposals? So it was a joke? To waste people's time? Talk about distractions. :( I never expected the version number to change. Wasn't technically necessary, but the RFC8301 update is changing a STD76 standard with SHA1 invalidation and it won't take large systems to make to happen. Any updated system can do it now, today. BTW, STD76+RFC8301 is already obsolete with its statement: "Signers MUST sign using rsa-sha256." DRUP will need to update STD76-RFC8301 again to allow signers to use ed25519-sha256. -- HLS From nobody Tue Feb 20 18:54:55 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41C7D1204DA for ; Tue, 20 Feb 2018 18:54:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyqLzRs70A3M for ; Tue, 20 Feb 2018 18:54:51 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2DE1241F3 for ; Tue, 20 Feb 2018 18:54:51 -0800 (PST) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1L2pdtu020831; Wed, 21 Feb 2018 02:54:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=ffM0zwVuaX6xky9dc2oBJ5b/frqsVen1ornjwlc1dGM=; b=ksM8pY0nmVavcx0oLSDOjXCzkGDiP0drh0fGOc7Du+ydD+V+k3ClbjHnUR8PwrTjgYrG KsVz+Lj06BsWsiK2BljzQ9hDN68o8yNV+xtTdZuUcgXpul9JQWYFnawhqssI7BWLgrEM bhUQdIBikzSEPOS0df5FeeqVgu+Jt9PPxEJuVkYi7bIhXZv7g8IptVTcBj8ePUBhrlOd uBkSbCAV/ubUCkr7UBxH4ZBDAQOLvJ7nJ9A4o0k4sp3I47jTTRRfR0VYEaYBtBJ2ZhY6 z4Bdog/HQwY1Bj+VvLWwuD1GtFaBq0KcEhpQIstIfTZRwCBTFFQcXVDDejT1kR1oIWP/ tA== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2g6ct6uncn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Feb 2018 02:54:36 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1L2p7tM007680; Tue, 20 Feb 2018 21:54:35 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.34]) by prod-mail-ppoint2.akamai.com with ESMTP id 2g8x7wra4x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 21:54:34 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.27.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 20 Feb 2018 20:54:33 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Tue, 20 Feb 2018 20:54:33 -0600 From: "Salz, Rich" To: Hector Santos , "dcrup@ietf.org" Thread-Topic: [Dcrup] Progress Evaluating DCRUP Thread-Index: AQHTqHODye7C2uaIYEG1yi09EX1uWaOqxj4AgAArfwCAAApmgIAAP2YAgAAPRACAACbrAIABPRWAgAAFhICAAAdWgIAABgKAgAAsQID///rlJ4AA3yOA//+6qu+AAHr/gIAAbgqAgAAgowD//7ITAA== Date: Wed, 21 Feb 2018 02:54:33 +0000 Message-ID: <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> In-Reply-To: <5A8CDA60.30603@isdg.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.38.107] Content-Type: text/plain; charset="utf-8" Content-ID: <398BC4C6EB9F8F4FADE287EEAC4838D6@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=742 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210033 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=690 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210034 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 02:54:52 -0000 PiAgICAgRFJVUCB3aWxsIG5lZWQgdG8gdXBkYXRlIFNURDc2LVJGQzgzMDEgYWdhaW4gdG8gYWxs b3cgc2lnbmVycyB0byB1c2UgDQogICAgZWQyNTUxOS1zaGEyNTYuDQogICANCldpbGwgd2U/ICBP dXIgaW50ZW50IHdhcyB0byBzaHV0IGRvd24gYWZ0ZXIgdGhpcyBsYXN0IGRyYWZ0IGlzIHB1Ymxp c2hlZC4gIElzIHRoZXJlIG1vcmUgdG8gZG8/ICBMZXQncyBnZXQgdGhhdCBvbiB0aGUgdGFibGUs IGlmIHNvLiAgQWxla3NleSwgeW91ciB0aG91Z2h0cz8NCg0K From nobody Tue Feb 20 19:17:40 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 690AE124D68 for ; Tue, 20 Feb 2018 19:17:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=I/ze+HaY; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=r4AAFfoJ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NX95WDOw6Md for ; Tue, 20 Feb 2018 19:17:37 -0800 (PST) Received: from secure.winserver.com (dkim.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 50D951204DA for ; Tue, 20 Feb 2018 19:17:37 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1216; t=1519183050; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=6OVOXQEWKHJd0rjFbvsR2dsNYeU=; b=I/ze+HaYgCzU6x6uK2amsxsmAys97K4zU4blN3dqbjeQtR5XaBuNkMBNneqcYN Fe7j9ozVjbQNpMnGJ5nr3dEuLi6Eg0fwee19iUpca8yA3sA7yGmkJBA+3kkqH2sB 2mmXGOnBde9yF2s4fqtMmZvJkuflWfd95USVwcSwRdji8= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 22:17:30 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 461758783.1.8364; Tue, 20 Feb 2018 22:17:29 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1216; t=1519182735; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=cTEBIOJ jvbmUWD9WiQizRjeQ4uklvhiBFux/1q4bxO8=; b=r4AAFfoJks4eAK3bzyOpZ/B G3GBdCr/JfiQNbmzeQrBwxaFPVxIzWvVqAEYGFZl1sZOY6DRtvlAJGMJ+yGwICrn Ir31g58zxh6jEdwNELN4b44JMYsUCXsH2evr6YQjSnwAEZyamWJcjoIfV7Z1cY3M ApI41zg2xipDdR0OjYJs= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 22:12:15 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 461640955.9.228604; Tue, 20 Feb 2018 22:12:14 -0500 Message-ID: <5A8CE4CA.9090502@isdg.net> Date: Tue, 20 Feb 2018 22:17:30 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> In-Reply-To: <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 03:17:38 -0000 On 2/20/2018 9:54 PM, Salz, Rich wrote: >> DRUP will need to update STD76-RFC8301 again to allow signers to use > ed25519-sha256. > > Will we? Our intent was to shut down after this last draft is published. Is there more to do? Let's get that on the table, if so. Aleksey, your thoughts? > A primary purpose of the split was to better address the spread of implementations, which include: - Those who will wait for ed25519 support (library wise, i.e. openssl), - Those who can invalidate SHA1 today to address security concerns, and - Those who will do ed25519 support and not remove support for SHA1, just yet, for customer support reasons and make sure it will of a policy option. I agreed with the split to minimize "malpractice" compliancy concerns. But it was probably a better idea to do both together for better integrated software engineering and implementation. Those who implement RFC8301 today and remove SHA1, including new implementations who are now encourage to not code for SHA1 and only hash with SHA256 will eventually need to be ready to update for ed25519 support. They need to be aware of this new STAD76+RFC5301+DRUP ("v1+") version of DKIM. -- HLS From nobody Tue Feb 20 19:24:24 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5155D126D73 for ; Tue, 20 Feb 2018 19:24:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r344dZFdOPNr for ; Tue, 20 Feb 2018 19:24:21 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40154124234 for ; Tue, 20 Feb 2018 19:24:21 -0800 (PST) Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1L3MXKW004126; Wed, 21 Feb 2018 03:24:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=7GqramZiyKXZJbsofGgAgFGzU5aNRCiVGzChaYfpNhI=; b=ITE2J7H0GNZvd20kNo3NDgK235xSqJfgRBM6kNYkdcCZK7yALTQATIUs5N5+D37wtLht CBemoHINJ/Uqv3Bjhvn2dFwWmDRLu2AKMmC7FGfucSpNgaWO/95CGcMBILtZKFW2w6oH jD55H/Lzv6vovXlwiUg0pJBdga58lB2cxRALlzvlu11ssiOoR6nx9NNOiTqP/XgyCwPR 6J52T6iLq/2CfStt8XVobreDHImv1fA+ViW8JIdvNpKIQHN7/YWjmN6oHAhMVI4J1Xpu +X7pVBLYqzh6Rgqm7Tl3g4nAyhd6PzVLjiCxFVE2qPppOkWVE+jH6IyZ2uvm2qzzWy0h QQ== Received: from prod-mail-ppoint4 ([96.6.114.87]) by mx0b-00190b01.pphosted.com with ESMTP id 2g6a4w2c5n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Feb 2018 03:24:18 +0000 Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1L3L5f3006176; Tue, 20 Feb 2018 22:24:17 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.31]) by prod-mail-ppoint4.akamai.com with ESMTP id 2g6gm1h73k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 22:24:17 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.27.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 20 Feb 2018 21:24:17 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Tue, 20 Feb 2018 21:24:17 -0600 From: "Salz, Rich" To: Hector Santos , "dcrup@ietf.org" Thread-Topic: [Dcrup] Progress Evaluating DCRUP Thread-Index: AQHTqHODye7C2uaIYEG1yi09EX1uWaOqxj4AgAArfwCAAApmgIAAP2YAgAAPRACAACbrAIABPRWAgAAFhICAAAdWgIAABgKAgAAsQID///rlJ4AA3yOA//+6qu+AAHr/gIAAbgqAgAAgowD//7ITAAALSvEA//+uDwA= Date: Wed, 21 Feb 2018 03:24:16 +0000 Message-ID: References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> <5A8CE4CA.9090502@isdg.net> In-Reply-To: <5A8CE4CA.9090502@isdg.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.38.107] Content-Type: text/plain; charset="utf-8" Content-ID: <7DDCA57E7599DA4AABA17A859EF0B788@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=742 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210041 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-20_10:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=694 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802210041 Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 03:24:22 -0000 V2hlbiB0aGlzIGRyYWZ0IGlzIHB1Ymxpc2hlZCBhcyBhbiBSRkMsIHRoZXJlIHdpbGwgYmUgYSBs aW5rIGZvcndhcmQvYmFja3dhcmQgc2F5aW5nIGl0IHVwZGF0ZXMgODMwMS4gIElzbid0IHRoYXQg ZW5vdWdoPw0KDQpJdCdzIG5vdCBhIG5ldyB2ZXJzaW9uLiANCg0K From nobody Tue Feb 20 19:47:00 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53695124D68 for ; Tue, 20 Feb 2018 19:46:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=M5NObADJ; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=o3C2zJUG Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WB0Dy72h65Sf for ; Tue, 20 Feb 2018 19:46:57 -0800 (PST) Received: from ntbbs.winserver.com (ftp.catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 6CEEC124234 for ; Tue, 20 Feb 2018 19:46:57 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=334; t=1519184810; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=Obd5rn7UMRGX++hsCHF1n0Q7Jbw=; b=M5NObADJYgpgvSAUuUGwNMaEoWkHr/cqDCk3GANr63BM5bqJI6SfjDmyv6ehMo 9jLyoYnCsbCub9t2j4XFUq9S4Gw9fpsFeX8jLifQxlmZLl9nQPW4PzbCm1vW02x/ OxFaag+tYh2GR8JNMK/wfuRi1cnPBCO/A2Yn2JsB11shs= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 22:46:50 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 463518973.1.3000; Tue, 20 Feb 2018 22:46:50 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=334; t=1519184492; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=dl3JMXp oX65e1tY6SbfyUizgdJ2ltrYW1qSwgyRxeSA=; b=o3C2zJUGtv4VzfWAx4kqQWv HGQbsS8q9ww3FQAYwDJCrhvMF2h1WkS3hQhI9ZD55yB1qsm/BfRjYfuaXxhoXmKT eLizL9W53zYLA2FGYNqz0m/sYA+k6aHmM1fGJe8WZP41S9ckT/EoS6lUnMwQQTXa FJJnxFkutl0sbCkBkqy4= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 22:41:32 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 463398565.9.233024; Tue, 20 Feb 2018 22:41:31 -0500 Message-ID: <5A8CEBA8.5000806@isdg.net> Date: Tue, 20 Feb 2018 22:46:48 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: "Salz, Rich" , "dcrup@ietf.org" References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> <5A8CE4CA.9090502@isdg.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 03:46:59 -0000 On 2/20/2018 10:24 PM, Salz, Rich wrote: > When this draft is published as an RFC, there will be a link forward/backward saying it updates 8301. Isn't that enough? > Pending review of text change, that will generally fix it. > It's not a new version. Well, I think it is. lol, we lets keep it v=1. :) thanks -- HLS From nobody Tue Feb 20 20:06:40 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8837F126BF3 for ; Tue, 20 Feb 2018 20:06:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=SQ+akizW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=aDbX44G2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQwzGq6sdNCQ for ; Tue, 20 Feb 2018 20:06:37 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4221243FE for ; Tue, 20 Feb 2018 20:06:37 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id BC2EF20BF6 for ; Tue, 20 Feb 2018 23:06:36 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Tue, 20 Feb 2018 23:06:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=TcC7UvvdCDtBuaVjjBo6nDInynfzS wl9XsRMpisp7uY=; b=SQ+akizWf6RLiOIVH3tDhpvXUHVRk3bD1OGQkp9WlNard IFdyXLLyNF1IZjAVHfacdQvKmks2Jin1hA4ZZUJr9AgtL+NrmFv6+84Cf6rqXGPo Lx+KhxqxIG4Oh1r/wq/4GBMRw9xN1AaE9DPsGby3jl6PhrDf98ywDzszFxdmYETH Xu1AYlgTBv2fEUz0B6OoNTOj+BUHib5+RSLtHX4eawZZAlSeSUNFvD3R7Dsh704B RJoNqboFddxIsgKxhns/6e9cu29GDgQx9uADAQItQ+ycXy9DB+YvpbZq3RzGwtiG k2j2lOM9rJM148Jjwf6b0uve4W810y03hqV9PBnHw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=TcC7Uv vdCDtBuaVjjBo6nDInynfzSwl9XsRMpisp7uY=; b=aDbX44G2XqixzLVq7WlZVy ROMyro1lRZGF3FBzfhERee/LLkRwOfC02d9kfao3uzj03QPSae83l4Ie4enCwmeQ KgUWDoW3YFy8YS14mK0rIPECZVlDv2VZzS409WjypXKU18ZJg7HUogkqNWzsHZVh FKxSMSYYsGE1YO2+m4goBGo3kDjncfYSOW/LOqv+QDZ/cSYrVm/yFwJ4F77Wjpny vOMa4r1MJ5ivioyemJyk0wkuvieQ49YiMtne/VlKlOO0p/V0+yboTMPaFohCfDn8 7cf4OYr/sBmDtVmj/uTU8RX/hFlLmFyvKJm33itHvVkW9HeBwL5/xRGfzl7+nulQ == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 64F357E0FD for ; Tue, 20 Feb 2018 23:06:36 -0500 (EST) References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <5A8CDA60.30603@isdg.net> Message-Id: <346B67D3-A737-46B6-A188-35C767E14AD4@glyphein.mailforce.net> Date: Tue, 20 Feb 2018 23:06:34 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 04:06:38 -0000 > On Feb 20, 2018, at 9:33 PM, Hector Santos wrote: >=20 > Strawman proposals? So it was a joke? To waste people's time? Talk abou= t distractions. :( Speaking of distractions: > I never expected the version number to change. Instead of serially asking for the version number to be changed and saying t= hat the concern regarding implementations mishandling version numbers was "n= onsense", it would have been helpful if you had said this, instead. Stan= From nobody Tue Feb 20 20:55:01 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 397E012D0C3 for ; Tue, 20 Feb 2018 20:55:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=F2lv6e1G; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=RYn/05l6 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92FyhINL8ahv for ; Tue, 20 Feb 2018 20:54:58 -0800 (PST) Received: from news.winserver.com (mail.catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1758B129C6D for ; Tue, 20 Feb 2018 20:54:58 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1669; t=1519188895; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=zIx1eunjiDucM/DEZxxw5d9QI+c=; b=F2lv6e1GGAENgoyO/w6sfP028xMu34Z3o0WeOastDaCO0yYlEhM8Jk+8A4FXKy AGC0SceXLMdoIcMaxCKyvajjeRTp85VPc69Hmsq5xlx/wnSzWXoVN35RGAwMqfqD zAkIoWbnOeMgvM5U3SLX2VLPLdoT2yVaQ7oNCwUhY32gs= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 23:54:55 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 467604094.1.6932; Tue, 20 Feb 2018 23:54:55 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1669; t=1519188581; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=Ay0lklh bMpbWByAd2Znat9pn9bLZp/NHMKHO6IQ7w9Y=; b=RYn/05l679/T3EgG5oBgJ0V i76TABbhkEGTGmU3hWfq4gpI10/QQLih2B0PKl3d/4S74k70ufMfOTCt4hvtov31 CM8miGfwfmcRr3Aav7xTU1lgFcLgAfTuh8xN4dqrdVJJan/vXLaPP3g4KfaabnTZ XUcMiHZ9oOFSbOV3PfME= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Tue, 20 Feb 2018 23:49:41 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 467487674.9.237560; Tue, 20 Feb 2018 23:49:40 -0500 Message-ID: <5A8CFBA1.6080609@isdg.net> Date: Tue, 20 Feb 2018 23:54:57 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <346B67D3-A737-46B6-A188-35C767E14AD4@glyphein.mailforce.net> In-Reply-To: <346B67D3-A737-46B6-A188-35C767E14AD4@glyphein.mailforce.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 04:55:00 -0000 On 2/20/2018 11:06 PM, Stan Kalisch wrote: > >> On Feb 20, 2018, at 9:33 PM, Hector Santos wrote: >> >> Strawman proposals? So it was a joke? To waste people's time? Talk about distractions. :( > > Speaking of distractions: > >> I never expected the version number to change. > > Instead of serially asking for the version number to be changed and saying that the concern regarding implementations mishandling version numbers was "nonsense", it would have been helpful if you had said this, instead. > First, I stated an opinion why it should be changed. I responded to someone else's statement indicating this was "nonsense" and I indicated the real problem or "nonsense" is that we unfortunately have implementations that could "break" if the v= value is changed. So right there, it was clear there was issues with bumping. While unknown tags are ignored, a "v=1" change could cause a problem. I just felt we might consider finally addressing it now that we are updating a standard STD76. A rare opportunity. I threw it out there and I never expected it to be endorsed. I was rather surprised a few "agreed." Thanks for your input. We all agreed it wasn't necessary. However, expecting it would come, once Levine commented, well, I knew the game was over. Your acceptance of his "Strawman" comment well, not cool. No one knew this was another Levine "strawman" proposal, I didn't, like ADSP was which many in the industry wasted many years with it. To repeat this, it is really not cool to do it again with DKIM-Conditional. Nonethesless, No I didn't think a version bump would be endorsed. Thanks -- HLS From nobody Wed Feb 21 08:37:54 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738AC12D871 for ; Wed, 21 Feb 2018 08:37:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.761 X-Spam-Level: X-Spam-Status: No, score=-1.761 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Xccn9dyX; dkim=pass (1536-bit key) header.d=taugh.com header.b=VioycUZ4 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZ-IbewRBoSg for ; Wed, 21 Feb 2018 08:37:51 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B09112D7F8 for ; Wed, 21 Feb 2018 08:37:51 -0800 (PST) Received: (qmail 6793 invoked from network); 21 Feb 2018 16:37:49 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1a87.5a8da05d.k1802; bh=mvyBS/l0NZ+EFsMyjtxJE+eqp1AMqucEenFuCDUVnAA=; b=Xccn9dyXzJNAGLkRCYk/mkDM0w3iccD1+JrzC84SCplH/47By8pntwkgH4OOEFGbXzknMBDtUVkr58oPRd6ml24mZx5E7A+pGyOmMSR8pq/w1MVmlxYEmxXC1wgJXeqGbN3V9F8RfBGFhSEUhd4NZKUVXl3Mic3R5ETKBb/Xr+igJ/dmQyhtDU+TCBTJ7KgyvAxxP+3E8sYDJtuKAIgKnYpPwSHYVhyVSrQuSoBe6fVE0utHAgagnqtdmmF3lUWm DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1a87.5a8da05d.k1802; bh=mvyBS/l0NZ+EFsMyjtxJE+eqp1AMqucEenFuCDUVnAA=; b=VioycUZ4disDVGPcyT6PmaHTRzUCRxn1f4UNppE716EMYrQrgvUvF3X5ql91oDNTIXObVDDlDH6s9FjXj0rpJLjQdA768TZHp7/Jr/8Mr+oESug6DQ76bquN5ynfWaq7YzT/I/BzP71LbwyT01RFWoEtZCkDluTtfL8A6VbXvejRuBdk6V475wSJf/JZp4+plDNuZDlLeXQPxfR5C/JWHhakD8tEz8OYi+gA18qlEfdarfO+Pe5w+cf8EfW/3pTG Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 21 Feb 2018 16:37:48 -0000 Received: by ary.local (Postfix, from userid 501) id 633F81C400D7; Wed, 21 Feb 2018 08:37:48 -0800 (PST) Date: 21 Feb 2018 08:37:48 -0800 Message-Id: <20180221163748.633F81C400D7@ary.local> From: "John Levine" To: dcrup@ietf.org Cc: rsalz@akamai.com In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 16:37:52 -0000 In article you write: >When this draft is published as an RFC, there will be a link forward/backward saying it updates 8301. Isn't that enough? RFC 8301 is an update to 6376, and this will also be an update to 6376. It doesn't need to update 8301, since sha1 and 512 bit rsa are still dead. It's not like we reissue RFC 5322 every time someone invents a new mail header, after all. R's, John From nobody Wed Feb 21 13:03:43 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68C1212D95C for ; Wed, 21 Feb 2018 13:03:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=txmOhI6C; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Mx8EX1Dx Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKz97UNUk0DN for ; Wed, 21 Feb 2018 13:03:39 -0800 (PST) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74982126C0F for ; Wed, 21 Feb 2018 13:03:39 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A218320977 for ; Wed, 21 Feb 2018 16:03:36 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 21 Feb 2018 16:03:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=oHufWeoOijfBSi7W+I6jSAR/5xtIa HMWyNGuqGdIW8g=; b=txmOhI6CNFdWDSX4oIzBiSwWKLsBAKDIlvsaZ/s4JnvJ0 E01WBtHqotl0DT9SycJ1tVeKXJxaSJns2xsOkYcPeVihrEwFSlkFkwo+Qh3cyu7t BnBW9Jhm4rtviQzek2GM9nvsvE2WUdnew4wKGEFy4AIS0B+3cWKjpw0O7ahEzIo9 0T3TJcFiZGMKRZhE02gvS/rvT8IWECsCBFZL4ADPs20iYk22PJvVJu8uYshmiH/J 6uzTr870ql0pGrCcpENB1mcbhu+T6TKvPOxCed8N8rdM1xzL3HXda6vYmDRghYu7 KxHeoNmWHdYykbRV9qiINJrYEKAoD4YAV0bqlX/Xg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=oHufWe oOijfBSi7W+I6jSAR/5xtIaHMWyNGuqGdIW8g=; b=Mx8EX1Dxt7zwTw2ZQELZa0 JKTeVHrLfruYV+YISv/9jrXKEfPmjGdSHoeDvwz10wjaBST3V/WonhRMGAIbBszp HBU8jxExZ24msKZAWzV5uuR+BNA8zoLqRteEt2jED+Lbyqbuxst67u+Q1WExtpB3 nnzF3ue8X22hbKj1YIonVHdVqq+SeJ82nsXt+YwGwKRMoKiMAVWzUk+QWVhaaKx2 9Eyjx9mP+BtP7PJrUv+LwNcYFqCSqkOZQ6q/z02zD2SplIhMS00xKGNjFpHOpk8j qn/BLaZJ3RKss/5x2jeHB3hyp7CV9Pw2WDYVpOe58p2GG6ompoQ4hIDDieYfxGgw == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 4BBD37E0DA for ; Wed, 21 Feb 2018 16:03:36 -0500 (EST) References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <346B67D3-A737-46B6-A188-35C767E14AD4@glyphein.mailforce.net> <5A8CFBA1.6080609@isdg.net> From: Stan Kalisch Content-Type: text/plain; charset=us-ascii X-Mailer: iPhone Mail (13G36) In-Reply-To: <5A8CFBA1.6080609@isdg.net> Message-Id: <72974E79-623C-4B24-932A-587CB773D146@glyphein.mailforce.net> Date: Wed, 21 Feb 2018 16:03:34 -0500 To: dcrup@ietf.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 21:03:41 -0000 Your original language about "nonsense" wasn't clear to me in that regard, b= ut I now see what you intended, so thanks. As for John Levine's document, i= t's still helpful as a thought exercise, and I'll concede I wasn't around fo= r much of the discussion that led to the genesis of ARC. I don't think a dr= aft that's not intended to be seen to completion is necessarily a bad thing;= it has its place. Thanks, Stan > On Feb 20, 2018, at 11:54 PM, Hector Santos wrote: >>> Strawman proposals? So it was a joke? To waste people's time? Talk ab= out distractions. :( >>=20 >> Speaking of distractions: >>=20 >>> I never expected the version number to change. >>=20 >> Instead of serially asking for the version number to be changed and sayin= g that the concern regarding implementations mishandling version numbers was= "nonsense", it would have been helpful if you had said this, instead. >=20 > First, I stated an opinion why it should be changed. I responded to someo= ne else's statement indicating this was "nonsense" and I indicated the real p= roblem or "nonsense" is that we unfortunately have implementations that coul= d "break" if the v=3D value is changed. So right there, it was clear there w= as issues with bumping. While unknown tags are ignored, a "v=3D1" change c= ould cause a problem. I just felt we might consider finally addressing it n= ow that we are updating a standard STD76. A rare opportunity. I threw it ou= t there and I never expected it to be endorsed. I was rather surprised a few= "agreed." Thanks for your input. We all agreed it wasn't necessary. Howe= ver, expecting it would come, once Levine commented, well, I knew the game w= as over. Your acceptance of his "Strawman" comment well, not cool. No one k= new this was another Levine "strawman" proposal, I didn't, like ADSP was whi= ch many in the industry wasted many years with it. To repeat this, it is r= eally not cool to do it again with DKIM-Conditional. >=20 > Nonethesless, No I didn't think a version bump would be endorsed. >=20 >=20 > Thanks >=20 > --=20 > HLS >=20 >=20 > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup From nobody Thu Feb 22 06:35:24 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30C8F12711E for ; Thu, 22 Feb 2018 06:35:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=S+7tSaeB; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=PZuoHLbQ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCmfBnhC8Hp6 for ; Thu, 22 Feb 2018 06:35:15 -0800 (PST) Received: from mail.winserver.com (catinthebox.net [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 79F8912EAD6 for ; Thu, 22 Feb 2018 06:34:57 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1882; t=1519310088; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=K6mB9ROE0IFjftv/rnGeSFcTBh4=; b=S+7tSaeBvx7CMlupzqpvdE16decsFpBnd+837FrnA0qJeO/Q8Zpol9fPyHsW8i u/aQf83L/GuftnXEi+VER8mvuZHtXCa92XkweZmM6sVcbOC9asywvil6YwkKwhXo n/JMmqVX3yS00JGb7bxl0F3IGRgIvpv/CKG54sKHknkf4= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Thu, 22 Feb 2018 09:34:48 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 588795639.1.7804; Thu, 22 Feb 2018 09:34:48 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1882; t=1519309769; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=sedI01P 91QCmRWp0a6lLo8TwLBlOB3raDIZSMDf/Xyc=; b=PZuoHLbQq8AKg4sCnR4HC8M kuFv1qbx1R2tw27fj9ScGAAJuz/Hh/STHVYz39OK7iborsqLoPh6zACKKIr4xVDV yU7PQlrb65BtDRaK18t7VQ9xwVot5At+Y7yJNpTKJ0dzTw4uM4iKZ+UEepUSzis1 MHQk9CxxCsE1wKc/bC24= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Thu, 22 Feb 2018 09:29:29 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 588674846.9.378076; Thu, 22 Feb 2018 09:29:27 -0500 Message-ID: <5A8ED509.6050805@isdg.net> Date: Thu, 22 Feb 2018 09:34:49 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <20180221163748.633F81C400D7@ary.local> In-Reply-To: <20180221163748.633F81C400D7@ary.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 14:35:23 -0000 On 2/21/2018 11:37 AM, John Levine wrote: > In article you write: >> When this draft is published as an RFC, there will be a link forward/backward saying it updates 8301. Isn't that enough? > > RFC 8301 is an update to 6376, and this will also be an update to > 6376. It doesn't need to update 8301, since sha1 and 512 bit rsa are > still dead. > I suppose someone who applies RFC8301 and not DRUP could indicate the updated STD76 only supports sha256 and nothing more, why, because it now says so: STD76 Section 3.3 was updated by RFC8301 to include a sentence: Signers MUST sign using rsa-sha256. What DRUP section 5 has is: 5. Key and algorithm choice and strength Section 3.3 of [RFC6376] describes DKIM's hash and signature algorithms. It is updated as follows: Signers SHOULD implement and verifiers MUST implement the ed25519-sha256 algorithm. DRUP should update RFC8301's section 3.1 to replace its text or have a similar clear replacement text for STD76 section 3.3 that includes SHA256 and ED25519 as possible hashes. I also have a problem with a Verifier MUST implement. I think ed25519 is too early code to be enforcing it on a fixed and stable STD76 standard. Removing SHA1 is one thing, telling implementations they MUST add something new or risk being slapped with non-compliance and "malpractice" when they really don't need to do is another, especially when STD76+ now mandates signers MUST sign with SHA256. I suggest changing it to Verifiers SHOULD implement and also correct the STD76 text with non-ambiguous functional specification. > It's not like we reissue RFC 5322 every time someone invents a new > mail header, after all. No, but RFC5322 updates do make references among themselves. I'm sure we can find many examples of this. -- HLS From nobody Sun Feb 25 00:30:14 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A8C126BFD for ; Sun, 25 Feb 2018 00:30:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJ467W4GVXNp for ; Sun, 25 Feb 2018 00:30:11 -0800 (PST) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE22126D74 for ; Sun, 25 Feb 2018 00:30:11 -0800 (PST) Received: by mail-lf0-x231.google.com with SMTP id r80so17989096lfe.13 for ; Sun, 25 Feb 2018 00:30:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aYHCvP8cgmir+kpxRxUzSA2oAf0vol6JHOUqwJ+Umes=; b=Gy+kkC0xSEAedj+HeBeBwbyAtoGH3OtOWRL8gNVjwP7WHDBMOxOCiT+oMvTRdenEkA abkAqR730nVdP6v4nZiEQco1zFQddqPJWEaHhN06oVF6weGRKt8MOsSA+JBS5fbOSERp xvk7B3fWWUdqJSNhMhoqswJQJOHWp0m0aurCmiWsjE0pXNFZ4lOBDikwjGPdNCDrdWyi hOHhAnkNAN1OkTkAvqywyC3itUVncjf2FqVVuA2u+5agN6hOoIYB9xSE1iUDBsCnkYzS BQMJ65ifmScJpityd3JB2qi7bn9Ot8xq8VmsMXqKezBn9iZ4m4YdWCqdfEfjmrqWmGmP 1xrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aYHCvP8cgmir+kpxRxUzSA2oAf0vol6JHOUqwJ+Umes=; b=rYKhhr/wT7ZmZxZGMX4n/Mi0W1CgBYhPXGKZO9+0283dnMmqgdSZXYYJZizbOIJSXG QPvMeTU+rgyAtu239reIxQeJl5Log65Sp5EE4fO/1UOjhhdOam85+Efw+XyHo+/nyh82 xHkav1DjsZ0lp8sfe7j+1KLz1ppUB9PBgFHsXSq03vrNpflIWUgTujfe6fXeWVpQvTr1 s1eam0S2eh/fZ3p2p+pux5Lv7zvRKc1tocXfR72mD7raxjZ2L8bSoOKt8II2s5V/6MXg Cjfk07IW7wjpPpDHsNRXl3nCgRqSN+N8CXFfcaJN7NKxGFV6E5R4CTnu7oS0iFWQ96V3 o/QQ== X-Gm-Message-State: APf1xPDFfT4VmKVHDcRT1pNy5Q9O1DdupHuwZbNCamqJ/EYtOJ4DcWIc GrsCzH42rAD4dsJ5cS9lFLP4wKRD2GWJejw62Sw= X-Google-Smtp-Source: AH8x226d2JwNLeUy1HuhvZghbiBKkgJWGs6EdlXzN2n5AGcbHWkeYoO5fPk2Bmlg3ZngplJ5S6I9PdR0kDB52ktnTHU= X-Received: by 10.46.129.216 with SMTP id s24mr5191089ljg.2.1519547409679; Sun, 25 Feb 2018 00:30:09 -0800 (PST) MIME-Version: 1.0 Received: by 10.46.66.82 with HTTP; Sun, 25 Feb 2018 00:30:08 -0800 (PST) In-Reply-To: <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> From: "Murray S. Kucherawy" Date: Sun, 25 Feb 2018 00:30:08 -0800 Message-ID: To: "Salz, Rich" Cc: Hector Santos , "dcrup@ietf.org" Content-Type: multipart/alternative; boundary="f4f5e80c31f492ca9205660533b0" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 08:30:13 -0000 --f4f5e80c31f492ca9205660533b0 Content-Type: text/plain; charset="UTF-8" On Tue, Feb 20, 2018 at 6:54 PM, Salz, Rich wrote: > > DRUP will need to update STD76-RFC8301 again to allow signers to use > ed25519-sha256. > > Will we? Our intent was to shut down after this last draft is published. > Is there more to do? Let's get that on the table, if so. Aleksey, your > thoughts? > I don't think that's strictly necessary. As I recall, 8301 updated 6376 to specifically deprecate a practice the community believes is insecure. Adding a new algorithm is a step in the opposite direction, so I think adding ed25519 as a key type just requires IANA actions and the appropriate documentation, which I believe is what our remaining document already does. What am I missing? -MSK --f4f5e80c31f492ca9205660533b0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, Feb 20, 2018 at 6:54 PM, Salz, Rich <rsalz@akamai.= com> wrote:
>=C2=A0 =C2=A0 = =C2=A0DRUP will need to update STD76-RFC8301 again to allow signers to use<= br> =C2=A0 =C2=A0 ed25519-sha256.

Will we?=C2=A0 Our intent was to shut down after this last draft is = published.=C2=A0 Is there more to do?=C2=A0 Let's get that on the table= , if so.=C2=A0 Aleksey, your thoughts?

= I don't think that's strictly necessary.=C2=A0 As I recall, 8301 up= dated 6376 to specifically deprecate a practice the community believes is i= nsecure.=C2=A0 Adding a new algorithm is a step in the opposite direction, = so I think adding ed25519 as a key type just requires IANA actions and the = appropriate documentation, which I believe is what our remaining document a= lready does.

What am I missing?

-MSK
--f4f5e80c31f492ca9205660533b0-- From nobody Sun Feb 25 01:43:17 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4E212708C for ; Sun, 25 Feb 2018 01:43:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rdv5wePipG_w for ; Sun, 25 Feb 2018 01:43:13 -0800 (PST) Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7E81126BFD for ; Sun, 25 Feb 2018 01:43:12 -0800 (PST) Received: by mail-lf0-x229.google.com with SMTP id m69so18109420lfe.8 for ; Sun, 25 Feb 2018 01:43:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=H7bsNOGgVLBSEvRg5/8nLPNIpcrBsjfeJLTshN3YMLk=; b=Aqpzd0k1aT7G7Y3citYeTburcnKTie74wZ/RfOlPE56ENT0R8xAuIWrfhBevnj//7N T/SeswjZ9FGqy4QkHnO2PkNakJWTod/KyMpZzhpngeFBWR9l7/KEL4CPCOv5OREdu+rS RaZMFQNniLv/6gq9YI2ebhe38lD7NVmFtTEtXOZLyF5jjjuU9hKhRLUni3HFocQqqUy5 9bNRrWomg0DNtjFhrjkoO9PPPpdxzeWVEdtkHAWaM4zKCb9b+U8SmxpxtCyh9DhqLeYX YjPWNIq9YHoHkicXef1ojthvHofJRsaRGOIc0bK1jYLha3cbrqJmE7MtqziY5AVIW0Ok gkEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=H7bsNOGgVLBSEvRg5/8nLPNIpcrBsjfeJLTshN3YMLk=; b=BK8KLo/BOjppvKGbZOTNPutFQQ7oQm7/WUOtOOakyBi42+Fv6f5CulJuHQJnzsHgb5 SosOwz3V9tl9s+BMNhXnFemZlkstXbGIph+17qZXtRQe41ctjjbTZSWUV1QSkyajW3fT k1A70KjQz6Om0BLya99qiYMCr/MdqhKxgF4dyupRcos8ZR1X3IBaVEfHJgzPg5Xcsc2P rTeAif40H0cWM4zW9s6UwqIKK3MTCOsyZwO5RfqHFNVB9QL8TFJOX2BPZfdY2ZUFrNvC BDgt/Sk1VyPTfuvMRsMGAibPYNpXI/ifbHIGJTEW4T1w0MsyZye+/ulFavOiAr2OkH4m 8uRQ== X-Gm-Message-State: APf1xPCL0Vr1iQ23zQw0hBEtV2l9idQiF56Nc6/peUfPyzJO1Ucu0dyH IkDLfo75uedVpHyJvYqqKxLCXo9V9O1AYftGMP8raQ== X-Google-Smtp-Source: AG47ELsswJyPrCsGKFaK06O6VCgxdQ+dmP7n+hox17RQLAFX3+nDkQrj8tvo7faGxInbQDbzazu5PU5w6O5qFaMYhJU= X-Received: by 10.25.152.141 with SMTP id a135mr4978399lfe.93.1519551791134; Sun, 25 Feb 2018 01:43:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.46.66.82 with HTTP; Sun, 25 Feb 2018 01:43:09 -0800 (PST) In-Reply-To: <4405549.Ah4LRhlE6C@kitterma-e6430> References: <20180207171204.F0F0C1A5E207@ary.qy> <4405549.Ah4LRhlE6C@kitterma-e6430> From: "Murray S. Kucherawy" Date: Sun, 25 Feb 2018 01:43:09 -0800 Message-ID: To: Scott Kitterman Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="001a114023feba7e740566063859" Archived-At: Subject: Re: [Dcrup] WGLC final issues draft-ietf-dcrup-dkim-crypto X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 09:43:15 -0000 --001a114023feba7e740566063859 Content-Type: text/plain; charset="UTF-8" Scott or Jeremy, Do you happen to have the sample key and message you used to generate these in a file I can easily grab for testing an OpenDKIM revision that supports the new key type? -MSK On Wed, Feb 7, 2018 at 8:43 PM, Scott Kitterman wrote: > On Wednesday, February 07, 2018 12:12:04 PM John Levine wrote: > > >I proposed that for messages shorter than, say, 4k, (a) be skipped. But > > >doing that extra hash seems to require less code changes. > > > > > >With respect to Section 4 of rfc8032, I recommend that the draft say we > opt > > >for "(2) a single-pass interface for creating signatures." Draft > readers > > >ought not to be so confused as we are... > > > > > >> b) feeding the result of (a) to a gnutls routine which does > > >> > > >> c.1) a sha512 > > >> c.2) an ed25519 signing, or verification > > >> > > >> That sounds like an "extra hash" to me. > > > > > >The disadvantage is that (b) would have provided a collision-safe > signature > > >even if sha512 had collisions. We lower that to sha256's health. I > don't > > >think this is going to be a problem, but we have to state it. > > > > Definitely not. This adds more overall complexity for no practical > benefit. > > > > We have running code, two implementations that interoperate. So I > > really really hope as soon as we get the examples to splice into the > > draft, we're done. > > Here are four signatures (different canonicalizations) of the attached > message > (take from the RFC 6376 examples) using the RFC 8032 section 7.1 keys. > > DKIM-Signature: v=1; a=ed25519-sha256; c=simple/simple; d=example.com; > i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : > to : subject : date : message-id : from : subject : date; > bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; > b=Mj7y77UZsr6byb6fk1BIMpiyHZxcowFkqvJ6F4eY4njHotFIOjTFdgHr > XLDMt0jmh825Cz9vB6D5qOY1dUuECw== > > DKIM-Signature: v=1; a=ed25519-sha256; c=simple/relaxed; d=example.com; > i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : > to : subject : date : message-id : from : subject : date; > bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; > b=M1Vb4fEK0ArpknLL7NDIuTxDk2lHaSo1IBAzvcQLQJRcWHTNalHYIRU1 > pCDDil/QPUE43jbbxpsSYFRpimciCQ== > > DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=example.com; > i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : > to : subject : date : message-id : from : subject : date; > bh=4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=; > b=IBZHsUwdU/NsqUAJ2mdNGbf/YIkDWc77wIMBXxRa+JJCfvTUW9eLylxq > HqYi8SKwZ3u5JDnalh1YhJ8xbNVfAg== > > DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=example.com; > i=@example.com; q=dns/txt; s=test; t=1518064698; h=from : > to : subject : date : message-id : from : subject : date; > bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; > b=y+8dPwTZtEcxLGqb/3uVXEwp7Kd2ndscOKEkr5uowppsP5T5ptKdkFuM > 0iI0gU9TtGI8oO8JzbF91tR2w0kCDQ== > > If someone can double check that one or more of those verify, then I think > that'll work for examples. > > Scott K > Hi. > > We lost the game. Are you hungry yet? > > Joe. > > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > > --001a114023feba7e740566063859 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Scott or Jeremy,

Do you happen to h= ave the sample key and message you used to generate these in a file I can e= asily grab for testing an OpenDKIM revision that supports the new key type?=

-MSK


On Wed, Feb 7, 2018 at 8:43 PM, Scott Kitterman <skli= st@kitterman.com> wrote:
On Wednesday, February 07, 2018 12:12:04 PM John Levine wrot= e:
> >I proposed that for messages shorter than, say, 4k, (a) be skipped= .=C2=A0 But
> >doing that extra hash seems to require less code changes.
> >
> >With respect to Section 4 of rfc8032, I recommend that the draft s= ay we opt
> >for "(2) a single-pass interface for creating signatures.&quo= t;=C2=A0 Draft readers
> >ought not to be so confused as we are...
> >
> >> b) feeding the result of (a) to a gnutls routine which does > >>
> >>=C2=A0 =C2=A0 c.1) a sha512
> >>=C2=A0 =C2=A0 c.2) an ed25519 signing, or verification
> >>
> >> That sounds like an "extra hash" to me.
> >
> >The disadvantage is that (b) would have provided a collision-safe = signature
> >even if sha512 had collisions.=C2=A0 We lower that to sha256's= health.=C2=A0 I don't
> >think this is going to be a problem, but we have to state it.
>
> Definitely not.=C2=A0 This adds more overall complexity for no practic= al benefit.
>
> We have running code, two implementations that interoperate.=C2=A0 So = I
> really really hope as soon as we get the examples to splice into the > draft, we're done.

Here are four signatures (different canonicalizations) of the attach= ed message
(take from the RFC 6376 examples) using the RFC 8032 section 7.1 keys.

DKIM-Signature: v=3D1; a=3Ded25519-sha256; c=3Dsimple/simple; d=3Dexample.com;
=C2=A0i=3D@example.com; q=3Ddns/txt; s=3Dtest; t=3D1518064698; h=3Dfrom :
=C2=A0to : subject : date : message-id : from : subject : date;
=C2=A0bh=3D4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=3D;
=C2=A0b=3DMj7y77UZsr6byb6fk1BIMpiyHZxcowFkqvJ6F4eY4njHotFIOjTFdgH= r
=C2=A0XLDMt0jmh825Cz9vB6D5qOY1dUuECw=3D=3D

DKIM-Signature: v=3D1; a=3Ded25519-sha256; c=3Dsimple/relaxed; d=3Dexample.com;
=C2=A0i=3D@example.com; q=3Ddns/txt; s=3Dtest; t=3D1518064698; h=3Dfrom :
=C2=A0to : subject : date : message-id : from : subject : date;
=C2=A0bh=3D2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=3D;
=C2=A0b=3DM1Vb4fEK0ArpknLL7NDIuTxDk2lHaSo1IBAzvcQLQJRcWHTNalHYIRU= 1
=C2=A0pCDDil/QPUE43jbbxpsSYFRpimciCQ=3D=3D

DKIM-Signature: v=3D1; a=3Ded25519-sha256; c=3Drelaxed/simple; d=3Dexample.com;
=C2=A0i=3D@example.com; q=3Ddns/txt; s=3Dtest; t=3D1518064698; h=3Dfrom :
=C2=A0to : subject : date : message-id : from : subject : date;
=C2=A0bh=3D4bLNXImK9drULnmePzZNEBleUanJCX5PIsDIFoH4KTQ=3D;
=C2=A0b=3DIBZHsUwdU/NsqUAJ2mdNGbf/YIkDWc77wIMBXxRa+JJCfvTUW9eLylx= q
=C2=A0HqYi8SKwZ3u5JDnalh1YhJ8xbNVfAg=3D=3D

DKIM-Signature: v=3D1; a=3Ded25519-sha256; c=3Drelaxed/relaxed; d=3Dexample.com;
=C2=A0i=3D@example.com; q=3Ddns/txt; s=3Dtest; t=3D1518064698; h=3Dfrom :
=C2=A0to : subject : date : message-id : from : subject : date;
=C2=A0bh=3D2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=3D;
=C2=A0b=3Dy+8dPwTZtEcxLGqb/3uVXEwp7Kd2ndscOKEkr5uowppsP5T5ptKdkFu= M
=C2=A00iI0gU9TtGI8oO8JzbF91tR2w0kCDQ=3D=3D

If someone can double check that one or more of those verify, then I think<= br> that'll work for examples.

Scott K
Hi.

We lost the game.=C2=A0 Are you hungry yet?

Joe.


_______________________________________________
Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mailman/listinfo/dcrup


--001a114023feba7e740566063859-- From nobody Sun Feb 25 19:17:11 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 216AA127275 for ; Sun, 25 Feb 2018 19:17:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.619 X-Spam-Level: X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=MGeL+79s; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=STSZit0R Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lDKwiTWLuzQT for ; Sun, 25 Feb 2018 19:17:08 -0800 (PST) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32DFA126C26 for ; Sun, 25 Feb 2018 19:17:08 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E4F93209D5; Sun, 25 Feb 2018 22:17:04 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sun, 25 Feb 2018 22:17:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Zo/eIrNVPP0CsQVn8 oxhMbGWauVDAjbkk62Qh07pKI0=; b=MGeL+79skJ4xGvQuN5AVsMbCX5KOw5Uwc tV25lXbbM4IWK1wiwO+1ItyHgjc/vHq5zIqfSdGpgKnmVuLCUMDGTvRKhLEX01rc MyNYvrVX1J7MZiws06smbJtd5qxzWyx44TkcnFebvSuReIYUrCGOF7RzzLR5lO/h 9a4VkX0juWU69AXA5JaXq85okFSfVqQUd8mZ5sAuIB1iYPJ0QIuVZq1w0/Y2ECOV Kg34d8Qm/8mDz16nRt+iRm3Y9g5kg6uP+vXgjwSFjmouJ0VLFfY8LQPicyefEE8B eGYHvNGGEqf2tNqooHl3fFv9DL/OyX6dI/5H2ImWvVP2GEKhsS33w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Zo/eIr NVPP0CsQVn8oxhMbGWauVDAjbkk62Qh07pKI0=; b=STSZit0RUVsTEBDrMOIoLL NrCzm19YTws9Ezy3purakGKxl59M5c24KnLu0w6VfGYG3AeXZWc3ppbq1QjCeo6S PbKKyMYkLzlKaVT4Ti1KtYzpztzD068C9Z5BOwcGvlnxGBmxCCXbymutR1x2xIBW TABUTVnv2xrmtjwyZKSW+Qt4GCxxWAJVGZEz/vx+Lqfs9A8W/dFDTenn9g1gd/Z1 qcWQwJkULh+QrJxZ97XOmg27FZtU38TFtax3mUnzh3heK0lLoH/qwOWtSRoDlyfr pS0L8bx6myrRg10zdRH9oshTHdAP5K9WOPxk7LNeBzLUF1HkL04Gj887U5lw6m1Q == X-ME-Sender: Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 937077E46B; Sun, 25 Feb 2018 22:17:04 -0500 (EST) References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary=Apple-Mail-9C73370B-5645-4B73-A8DD-87B9F1459F4A Message-Id: Cc: "Salz, Rich" , "dcrup@ietf.org" X-Mailer: iPhone Mail (13G36) From: Stan Kalisch Date: Sun, 25 Feb 2018 22:17:01 -0500 To: "Murray S. Kucherawy" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 03:17:10 -0000 --Apple-Mail-9C73370B-5645-4B73-A8DD-87B9F1459F4A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > On Feb 25, 2018, at 3:30 AM, Murray S. Kucherawy wro= te: >=20 >> On Tue, Feb 20, 2018 at 6:54 PM, Salz, Rich wrote: >> > DRUP will need to update STD76-RFC8301 again to allow signers to us= e >> ed25519-sha256. >>=20 >> Will we? Our intent was to shut down after this last draft is published.= Is there more to do? Let's get that on the table, if so. Aleksey, your t= houghts? >=20 > I don't think that's strictly necessary. I don't think it is, either. To play devil's advocate, the only thing that I= see that potentially facilitates mild confusion, in retrospect, is where RFC= 8301 reads, "Two algorithms are defined by this specification at this time:= rsa-sha1 and rsa-sha256." This is, of course, correct, but, in theory, in t= he not-too-distant future, someone modifying an implementation could be up l= ate one night and go, "Oh. It says 'January 2018' and 'at this time', so I'= m good," without checking to see if anything else updates 6376. This, however, doesn't change the fact that you're supposed to check each RFC= to see if something else updates it. Which is why I don't buy Hector's arg= ument. Stan > As I recall, 8301 updated 6376 to specifically deprecate a practice the co= mmunity believes is insecure. Adding a new algorithm is a step in the oppos= ite direction, so I think adding ed25519 as a key type just requires IANA ac= tions and the appropriate documentation, which I believe is what our remaini= ng document already does. >=20 > What am I missing? >=20 > -MSK=20 > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup --Apple-Mail-9C73370B-5645-4B73-A8DD-87B9F1459F4A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
On Feb 25, 2018, at 3:30 AM, Murray S. Kucherawy <superuser@gmail.com> wrote:
On Tue, Feb 20, 2018 a= t 6:54 PM, Salz, Rich <rsalz@akamai.com> wrote:
>     DRUP will need to update STD76-RFC8301 a= gain to allow signers to use
    ed25519-sha256.

Will we?  Our intent was to shut down after this last draft is p= ublished.  Is there more to do?  Let's get that on the table, if s= o.  Aleksey, your thoughts?

I don't= think that's strictly necessary.
=

I don't think it is, either.  To play devil's advocate, t= he only thing that I see that potentially facilitates mild confusion, in ret= rospect, is where RFC 8301 reads, "Two algorithms are defined by this specif= ication at this time: rsa-sha1 and rsa-sha256."  This is, of course, co= rrect, but, in theory, in the not-too-distant future, someone modifying an i= mplementation could be up late one night and go, "Oh.  It says 'January= 2018' and 'at this time', so I'm good," without checking to see if anything= else updates 6376.

This, however, doesn't change t= he fact that you're supposed to check each RFC to see if something else upda= tes it.  Which is why I don't buy Hector's argument.


Stan

As I recall, 8301 updated 6376 to specifically deprecate a practice the com= munity believes is insecure.  Adding a new algorithm is a step in the o= pposite direction, so I think adding ed25519 as a key type just requires IAN= A actions and the appropriate documentation, which I believe is what our rem= aining document already does.

What am I missing?

-MSK
____________________= ___________________________
Dcrup mailing list
Dcrup@ietf.org
https://www.ietf.org/mai= lman/listinfo/dcrup
= --Apple-Mail-9C73370B-5645-4B73-A8DD-87B9F1459F4A-- From nobody Sun Feb 25 20:07:35 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05ABA12762F for ; Sun, 25 Feb 2018 20:07:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=Hlg9V8bE; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=lN1xzT6x Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkx-3NYm4qrG for ; Sun, 25 Feb 2018 20:07:31 -0800 (PST) Received: from demo.winserver.com (mail.santronics.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id C53271275F4 for ; Sun, 25 Feb 2018 20:07:30 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2252; t=1519618041; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=/6Wj//+MEnLBDQZPEd+zo4IV4Eg=; b=Hlg9V8bE5OJg3ThveGtKiGJu0fo8iBYOt2Kl+5UWTmcIcyutgMWMkRs4hrKQSZ tJiZiEQ1Mnp5eNY7RyxaRo9hljUWem74+3EWDaRkqnjc4SKrAg2XbVMdtsPUFjwD NGcw0ZTRgeQFLX7IIVcllQUJxdENqXuyTjyCnrv9WShow= Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 25 Feb 2018 23:07:21 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 896744311.1.8880; Sun, 25 Feb 2018 23:07:20 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2252; t=1519617716; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=RqiOn9V wIGOXGEdu0ofJWossNaTo6JgRvDx5qb5ko+Y=; b=lN1xzT6x0/H4f7RSJarngIw hBFI/eNa7ifUgun9YFCj6/lGTBmd9Lbqoc398qtXKUU+F6f9IyncoBMBlAa7SLFj 7g27JelEYka5B9vMYx/BVhobR8Q7HNAxPIpzNnmhm6ygDO6WdZ4xrH/IZ5OZa0D6 YdKM2yPC8gdgkpzYJFeA= Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dcrup@ietf.org; Sun, 25 Feb 2018 23:01:56 -0500 Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 896622190.9.357508; Sun, 25 Feb 2018 23:01:55 -0500 Message-ID: <5A9387F6.8060609@isdg.net> Date: Sun, 25 Feb 2018 23:07:18 -0500 From: Hector Santos Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A8CDA60.30603@isdg.net> <8CB88C62-C49B-4246-96E5-856FC3695604@akamai.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 04:07:33 -0000 That includes the DROP author who is fully aware of RFC8301 and it "should" make a reference in order to relax the sha256 mandate imposed by RFC8301. It can't ignorant of the STD76+RFC8301 update. My opinion. On 2/25/2018 10:17 PM, Stan Kalisch wrote: > On Feb 25, 2018, at 3:30 AM, Murray S. Kucherawy > wrote: > >> On Tue, Feb 20, 2018 at 6:54 PM, Salz, Rich > > wrote: >> >> > DRUP will need to update STD76-RFC8301 again to allow signers to use >> ed25519-sha256. >> >> Will we? Our intent was to shut down after this last draft is >> published. Is there more to do? Let's get that on the table, >> if so. Aleksey, your thoughts? >> >> >> I don't think that's strictly necessary. > > I don't think it is, either. To play devil's advocate, the only thing > that I see that potentially facilitates mild confusion, in retrospect, > is where RFC 8301 reads, "Two algorithms are defined by this > specification at this time: rsa-sha1 and rsa-sha256." This is, of > course, correct, but, in theory, in the not-too-distant future, > someone modifying an implementation could be up late one night and go, > "Oh. It says 'January 2018' and 'at this time', so I'm good," without > checking to see if anything else updates 6376. > > This, however, doesn't change the fact that you're supposed to check > each RFC to see if something else updates it. Which is why I don't > buy Hector's argument. > > > Stan > >> As I recall, 8301 updated 6376 to specifically deprecate a practice >> the community believes is insecure. Adding a new algorithm is a >> step in the opposite direction, so I think adding ed25519 as a key >> type just requires IANA actions and the appropriate documentation, >> which I believe is what our remaining document already does. >> >> What am I missing? >> >> -MSK >> _______________________________________________ >> Dcrup mailing list >> Dcrup@ietf.org >> https://www.ietf.org/mailman/listinfo/dcrup > > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > -- HLS From nobody Sun Feb 25 21:53:01 2018 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AED5128C0A for ; Sun, 25 Feb 2018 21:53:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUjzs-4k3Z_d for ; Sun, 25 Feb 2018 21:52:58 -0800 (PST) Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85FB8126C0F for ; Sun, 25 Feb 2018 21:52:58 -0800 (PST) Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 5494CC401E9 for ; Sun, 25 Feb 2018 23:52:57 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1519624377; bh=dFG17AsfRdrcUimGmaGRSqhCGfUunyiE/ptXXSux2hk=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ZY6w8RMmxOsXf9dq46FCoqmWl1ZMVPLFT8WMAugSPublaONL0CVG3YffG8+eFMqu4 LHuE7LqmHP7tNOlWDCOkOELJM9FEJozAEgkBV1qQl8wo/oa/i/zVsWzRS/aRYF3Erm Vn2SHtLRqoUe6/gArbqz82ngoHa68g2/zXjXxdoQ= From: Scott Kitterman To: dcrup@ietf.org Date: Mon, 26 Feb 2018 00:52:56 -0500 Message-ID: <4914167.fee8KLkeOb@kitterma-e6430> User-Agent: KMail/4.13.3 (Linux/3.13.0-139-generic; KDE/4.13.3; x86_64; ; ) In-Reply-To: <5A9387F6.8060609@isdg.net> References: <20180221003615.9BEBD1C2E8DA@ary.local> <5A9387F6.8060609@isdg.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Progress Evaluating DCRUP X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 05:53:00 -0000 So you think that ed25529 only signing is a good strategy now? Scott K On Sunday, February 25, 2018 11:07:18 PM Hector Santos wrote: > That includes the DROP author who is fully aware of RFC8301 and it > "should" make a reference in order to relax the sha256 mandate imposed > by RFC8301. > > It can't ignorant of the STD76+RFC8301 update. > > My opinion. > > On 2/25/2018 10:17 PM, Stan Kalisch wrote: > > On Feb 25, 2018, at 3:30 AM, Murray S. Kucherawy > > > > wrote: > >> On Tue, Feb 20, 2018 at 6:54 PM, Salz, Rich >> > >> > wrote: > >> > DRUP will need to update STD76-RFC8301 again to allow signers > >> > to use > >> > >> ed25519-sha256. > >> > >> Will we? Our intent was to shut down after this last draft is > >> published. Is there more to do? Let's get that on the table, > >> if so. Aleksey, your thoughts? > >> > >> I don't think that's strictly necessary. > > > > I don't think it is, either. To play devil's advocate, the only thing > > that I see that potentially facilitates mild confusion, in retrospect, > > is where RFC 8301 reads, "Two algorithms are defined by this > > specification at this time: rsa-sha1 and rsa-sha256." This is, of > > course, correct, but, in theory, in the not-too-distant future, > > someone modifying an implementation could be up late one night and go, > > "Oh. It says 'January 2018' and 'at this time', so I'm good," without > > checking to see if anything else updates 6376. > > > > This, however, doesn't change the fact that you're supposed to check > > each RFC to see if something else updates it. Which is why I don't > > buy Hector's argument. > > > > > > Stan > > > >> As I recall, 8301 updated 6376 to specifically deprecate a practice > >> the community believes is insecure. Adding a new algorithm is a > >> step in the opposite direction, so I think adding ed25519 as a key > >> type just requires IANA actions and the appropriate documentation, > >> which I believe is what our remaining document already does. > >> > >> What am I missing? > >> > >> -MSK > >> _______________________________________________ > >> Dcrup mailing list > >> Dcrup@ietf.org > >> https://www.ietf.org/mailman/listinfo/dcrup > > > > _______________________________________________ > > Dcrup mailing list > > Dcrup@ietf.org > > https://www.ietf.org/mailman/listinfo/dcrup