From nobody Tue Jan 7 15:41:16 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D036120018 for ; Tue, 7 Jan 2020 15:41:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.6 X-Spam-Level: X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=IB1P5qqB; dkim=pass (2048-bit key) header.d=kitterman.com header.b=q15Yvx5l Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5u09dt7bjqV for ; Tue, 7 Jan 2020 15:41:12 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22108120020 for ; Tue, 7 Jan 2020 15:41:12 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id F0A61F802E9 for ; Tue, 7 Jan 2020 18:41:10 -0500 (EST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1578440470; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from; bh=jmTAnaHzJnvLZlz35nlkW3+fFajXAXBjgLKB719oRs4=; b=IB1P5qqByZHtGalM61iKmcql5HXsxlFSMS6/JN3OnDaHj7y4+fpMR72i QVfl8LpYLKt0KSyN5mcAJHG3Td2tBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1578440470; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from; bh=jmTAnaHzJnvLZlz35nlkW3+fFajXAXBjgLKB719oRs4=; b=q15Yvx5lt+kJISDQZgTiXZh1NtHmAmSOY8t+ERGoEDZ729C6oMCiXoLO 3rz8HlacRAWndIo0VYlUXbxoHCUILgC2ZUfiEqhi7y1Mc9soYPRhrJw8Ci t3OEybaCqL9PNazSGHX1BgHWGgD72tx6xoh3/srgjsndRhmSqtOkXOXtHR ksDIu/IEAMSPLPPlgbptV39ORLLAfJMw4zH+LopTg/hx5mH1a6h86eUUxW zUisdsSCDmMUTcxPRg3xltZ3bsZoLeJ594vIGWdA+/FLn6fvPI0wdtCwJC SzOsABrjwE8a4228F1OWMfUJ5LY2NiC+3NHv8x1r8t7/zvRvy1DVSQ== Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id B39ECF801A4 for ; Tue, 7 Jan 2020 18:41:10 -0500 (EST) From: Scott Kitterman To: dcrup@ietf.org Date: Tue, 07 Jan 2020 18:41:09 -0500 Message-ID: <1836468.B6t98xBJ9D@l5580> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jan 2020 23:41:14 -0000 https://sha-mbles.github.io/ If I'm reading this right, the last excuse that still trusting SHA-1 DKIM signatures is an OK thing to do is gone. Comments from anyone that really understands thus stuff would be appreciated. Thanks, Scott K From nobody Tue Jan 7 16:03:42 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 570D7120020 for ; Tue, 7 Jan 2020 16:03:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0iG3R7se5vPp for ; Tue, 7 Jan 2020 16:03:40 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6F22120018 for ; Tue, 7 Jan 2020 16:03:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 586A4300B36 for ; Tue, 7 Jan 2020 19:03:38 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6anzLnyq_1y8 for ; Tue, 7 Jan 2020 19:03:37 -0500 (EST) Received: from [5.5.33.18] (unknown [204.194.23.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 3447C30078C; Tue, 7 Jan 2020 19:03:37 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <1836468.B6t98xBJ9D@l5580> Date: Tue, 7 Jan 2020 19:03:37 -0500 Cc: dcrup@ietf.org Content-Transfer-Encoding: 7bit Message-Id: <4CDB0BF6-4341-47C0-B647-A9DC5E912195@vigilsec.com> References: <1836468.B6t98xBJ9D@l5580> To: Scott Kitterman X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2020 00:03:41 -0000 > https://sha-mbles.github.io/ > > If I'm reading this right, the last excuse that still trusting SHA-1 DKIM > signatures is an OK thing to do is gone. Comments from anyone that really > understands thus stuff would be appreciated. Here is the research paper: chttps://eprint.iacr.org/2020/014 Russ From nobody Tue Jan 7 16:46:45 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD87120077 for ; Tue, 7 Jan 2020 16:46:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uawJ6G5EIFml for ; Tue, 7 Jan 2020 16:46:41 -0800 (PST) Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64562120018 for ; Tue, 7 Jan 2020 16:46:41 -0800 (PST) Received: by straasha.imrryr.org (Postfix, from userid 1001) id 968532AE459; Tue, 7 Jan 2020 19:46:40 -0500 (EST) Date: Tue, 7 Jan 2020 19:46:40 -0500 From: Viktor Dukhovni To: dcrup@ietf.org Message-ID: <20200108004640.GJ73491@straasha.imrryr.org> Reply-To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1836468.B6t98xBJ9D@l5580> User-Agent: Mutt/1.12.2 (2019-09-21) Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2020 00:46:44 -0000 On Tue, Jan 07, 2020 at 06:41:09PM -0500, Scott Kitterman wrote: > https://sha-mbles.github.io/ > > If I'm reading this right, the last excuse that still trusting SHA-1 DKIM > signatures is an OK thing to do is gone. Comments from anyone that really > understands thus stuff would be appreciated. Well, weak DKIM signatures create the possibility of message forgery, where a signed message from the attacker can later be replaced by another signed message. But if the attacker can post messages via your server, he would in most cases just post the ultimately desired message. Supposing however that for some reason modified message replay is an appealing attack, then the attacker needs to be able to mount the SHA-1 chosen-prefix attack in the context of a line-oriented message transport where arbitrary binary data can be tricky to embed in the message. So I don't think there's a crisis that requires drop-everything urgent action, but indeed this would be a good time to start phasing out SHA-1 signatures, if you have not done so already. -- Viktor. From nobody Fri Jan 10 16:22:12 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8060120120 for ; Fri, 10 Jan 2020 16:22:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.648 X-Spam-Level: * X-Spam-Status: No, score=1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FSL_BULK_SIG=0.84, RAZOR2_CF_RANGE_51_100=1.886, RAZOR2_CHECK=0.922, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UilIB96GoPJa for ; Fri, 10 Jan 2020 16:22:07 -0800 (PST) Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8CC4120047 for ; Fri, 10 Jan 2020 16:22:07 -0800 (PST) Received: from steel.local (sfosf0017s350801.wiline.com [64.71.6.2] (may be forged)) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id 00B0M34R000453 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 10 Jan 2020 16:22:05 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1578702126; bh=erNOnxuKVkmNDFZkrz/o4f8724USeMHDz3lNOcS/VCk=; h=Subject:To:References:From:Date:In-Reply-To; b=kCb0yG5Cl9ql2e4+KTCkvj7zaLehCCkF9+ENXuJTfG6PsRwS6IA/g8JIEVffOHv6I x2a3RuFVFxuRBp3bOnz1k3RLojUcYIseYZw8NUpV/1q5EN3lKCyCiFfVzCt5+EXejI M/FltNxJgA3jzjm/pNqMZ7dGs/qT/hhsA10UoHr4= To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> From: Jim Fenton Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCXVD9ggUJDORhvgAKCRAbJaiwFdCf vgiSEACd3Nem63zL2C6daCFfRzOANkf30Q8AvaRVwhfdFxs+5vETCzbqctrtIAHeqncXjm9G uEJWxecAiHZXKoWUEFECMp3+Saznw0np+c722M4k9xI+mxqbcE0qgpYQgA8zbS/Lbds3f/bk /00jrQg4VMkumONlh+RZVwxAsnWp8efrJsNTn0QOPZavAkPEN59wfyWQ3O4pNY8i3zum8Wge 8NS4BBMyG0fmjWgUq0K2QrTD4AKBslM2IWCLECypP1AOfHKmmTACKFOnzJJ4KspUw3hdBnS1 fvudUC8u26Q3T6rHosRqxGmgW7sQWwAusgMSa/A6zxR6soEBSsMT5Tf+VHebuz1FWE4ogrvJ InvewfYSCYzOQamYYGArcBtAzU00pUzW2Or7SlwZPHHy2EfMd0zvT7mwSYLwwwcCsWc1O/CI xHGea7PBgO3TdR0Ex254yc+NTyxF3isBC/fodF9aNWF6x6SV3VKYJ3U2uqS9ga85dZz8Qeps MwlSEGRVhVVWGbSxy0GxV5Up0yX4vl0kI0c7Tt57JCOoRBpn/lTK/7IEtZK6/uiw98KCy+BM uF7HPsgXjd/AQjSsZIJgDyVY/y7niduqhW2izNEdhV77htVbKHRf2SfJQNudWOIcOhUTlddH kOSjet+MDso61JxrFV4j/8wFno7NwpPIhD//HvKAiLkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQIAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJdUP9SBQkM5GOPAAoJEBslqLAV0J++vZoP/1shJ+5iImGzvGUTTDJcAX6Wha+22QP0G51Z QGZbeB0gE+gDmRwd2yw0cO3y1sPoTJliUSuZ3DFIjv8CLBgDlrkUnijBWbi5YznsAZkH0vKG ESGzinJC6y/Nzf2TZokKiOaYrTYcZx8x2wxjNO+zsihm/rvhV/YnHEYd9dlV/MjAL3xtHU/9 fNcTDtF3RchADyVCxlqrRUkFj61dHxU+U5JRftyIliLltsy2Nlr4uAsxNX+tpAH2D2HLmjwx bV2fpTnFCVImtuo6ZqNZ8SMk1Xq0fBBdo3acBw42kL/qGIKS9x3NWEy8vsmQXn0QqNBd1Q62 9ghm82mHMTRKnOXqkMgICpZ0HffPf3p7zMkEqWptgEHxE6ZHm9hJMGEf8RED9DCYh+N1uFaM 7ndQPPFKlj80sGmNF9+01mO53hrxeL/WAdGox/STpTb2BDpiyrLdT/2R0vJNEfMxBBYlw1gc g8mPEwHwZ940/qql7e41TkDGUZa2a1WegKLj8hK1pgDDBptcdIvlvuk284jOZ2/jDyaBDsMf 310OoJchJ3977odtSCArybQIwMjTx0rv6dqjsuqP89jqlrGV6izqf1n4p4FNrBSWOSRGaoWD JJVHL4YUhP44G5xDBCtp3TqatLa5F2Rgxj50EFIzOuu9Pg1tBCPP1G+0EiikVTdDkC63X4RG Message-ID: <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> Date: Fri, 10 Jan 2020 16:21:58 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: <1836468.B6t98xBJ9D@l5580> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jan 2020 00:22:10 -0000 On 1/7/20 3:41 PM, Scott Kitterman wrote: > https://sha-mbles.github.io/ > > If I'm reading this right, the last excuse that still trusting SHA-1 DKIM > signatures is an OK thing to do is gone. Comments from anyone that really > understands thus stuff would be appreciated. I can't say that I fully understand how a chosen-prefix collision affects security of DKIM but... We've always asserted that DKIM provides limited security because of its dependence on DNS for publication of public keys. I don't think that this attack on SHA-1 changes that much. If someone wanted to spoof DKIM-signed messages from an arbitrary domain, they would probably look for a domain publishing a relatively short public key, expend the effort to factor it, and then they would be able to sign as much email from that domain as they want, until someone notices and revokes the key. Creating a new message that has a SHA-1 collision would only allow that specific message to be signed, and I'd expect it to look pretty strange. That said, we're in fairly good shape. DKIM has, from its initial publication, had SHA256 as mandatory-to-implement for both signers and verifiers. A very unscientific search of my inbox came up with with 8102 instances of SHA256 signatures and 548 instances of SHA-1 signatures (yes, I have a far too big inbox, and some messages were signed multiple times). But unfortunately the SHA-1 signatures probably come from a "long tail" of domains. Someone with access to a more comprehensive corpus of email than my home domain might want to catalog and try to contact domains using SHA-1, and encourage them to change: "some recipients may not trust your DKIM signatures any more". Some PR (magazine articles, etc.) might help, too. -Jim From nobody Fri Jan 10 17:08:55 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8BA120120 for ; Fri, 10 Jan 2020 17:08:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.399 X-Spam-Level: X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWQqb4ryCmid for ; Fri, 10 Jan 2020 17:08:53 -0800 (PST) Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com [209.85.167.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CED1512003E for ; Fri, 10 Jan 2020 17:08:53 -0800 (PST) Received: by mail-oi1-f180.google.com with SMTP id l9so3555683oii.5 for ; Fri, 10 Jan 2020 17:08:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r/EVNYg2710W8yOV1V1wVIW0A39NmkflnwR0wwJWU34=; b=tgcLtkcORX6+0f7NPGpEaods5Cde6hGZaJhvSMimBkmFlyuzAN+vHFkXCuf1+wZZgf t+s7tsl8smUCd34YJDXhv3j53Qdfe9Yck1nQI3TL108R9gF9HBkmX9NcZFirFq11N9Bq NEQRbpBDMtamYB6/NbDEwDtN7VRxPVGd7uMz6gpH5cc08V3splrMhLVM6TS7a4EAYJNR FguSErn7PPt2feNGSlbmKBovDjU1ZFtaNp40HmmsFsDOkSmD1N5Rqv4I5pY7+C1wOT+R KdFWEU3bNmIOx31zKKzfSyBwchadhYoX12fcUX8Cix79U3c0HSrEk4FyvxmkmwegiNmr 6MEg== X-Gm-Message-State: APjAAAXJZ5LA86kXvUW/+t0NFR7fKE16d7/BF6+5ldBDY90qDzJLaONI uKDE+oIxnsWfS2NswGTTOZU1Ys2Elgn0Wg14k+2HxAxF X-Google-Smtp-Source: APXvYqzKa8141mVozQiLB2HZJzhLCmPJauaP0iVDD+hI/DGdZbaihJl+ytDhNPRbdt4VTB3OcRNS1FJCwOXHTUF7Czs= X-Received: by 2002:a54:4f04:: with SMTP id e4mr4462128oiy.111.1578704933091; Fri, 10 Jan 2020 17:08:53 -0800 (PST) MIME-Version: 1.0 References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> In-Reply-To: <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> From: Phillip Hallam-Baker Date: Fri, 10 Jan 2020 20:08:41 -0500 Message-ID: To: Jim Fenton Cc: dcrup@ietf.org Content-Type: multipart/alternative; boundary="000000000000be0108059bd2e2fc" Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jan 2020 01:08:55 -0000 --000000000000be0108059bd2e2fc Content-Type: text/plain; charset="UTF-8" The attack cost $11K. Seems like that is a more than sufficient proof of work function to send a message... And what Jim said. There are some systems that are gonna be clobbered hard. All the ones that are using SHA-1 certs off delisted roots. But lets face it work factor of garage door openers is?? 2^20? 2^10 --000000000000be0108059bd2e2fc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The= attack cost $11K.

Seems = like that is a more than sufficient proof of work function to send a messag= e...

=
And what Jim said. T= here are some systems that are gonna be clobbered hard. All the ones that a= re using SHA-1 certs off delisted roots.=C2=A0

But lets face it work factor of garage door openers i= s?? 2^20? 2^10
--000000000000be0108059bd2e2fc-- From nobody Tue Jan 14 06:16:16 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 459D71200EC for ; Tue, 14 Jan 2020 06:16:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=NwwG6KAy; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Zx/612q4 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbE_nQYpzYCK for ; Tue, 14 Jan 2020 06:16:10 -0800 (PST) Received: from mail.winserver.com (ntbbs.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FE3D1200D7 for ; Tue, 14 Jan 2020 06:16:10 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2252; t=1579011360; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=ZH3iggoYUnerfuiEplQ0QzWUzVs=; b=NwwG6KAyQSS+/Kgr34qD1MWbuq51TigO4Lzu1et93jUoYQbz99gcQ9OKOqZmU1 lPAcw9VVUs49zO56+nybbbxQO/ihmN5Bd9WgCQtl2KCQiVLKxxPN9Pt5y/V7YiuL bKJ+BtmHvKklcuvYoBY8nZti8tAC0nwqCtvN7nOpe6QP8= Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:16:00 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2623715584.1.7824; Tue, 14 Jan 2020 09:15:59 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=2252; t=1579011166; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=R4+xwqv PB1v4mlJiKRJ8wKLClY6jEdPrOcLrwq5JIXI=; b=Zx/612q4lKzPlVJPp6FoUuR wv+oL3dfkmC8bfbVm4qooFOK4XQC4suwRGbG6CbBhRTtJHWdhZGbLzqjYUNj2Iv8 qnJ3TU9vDj0EawcAxBaaR3mE6fJjMOxHImcMMhqHxIQl4P9J0Qmr1L+ObhapVvUo lhzwoIMRIErzamjcm1p8= Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:12:46 -0500 Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3186347203.1.9296; Tue, 14 Jan 2020 09:12:46 -0500 Message-ID: <5E1DCD20.7070607@isdg.net> Date: Tue, 14 Jan 2020 09:16:00 -0500 From: Hector Santos Reply-To: hsantos@isdg.net Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> In-Reply-To: <1836468.B6t98xBJ9D@l5580> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:16:15 -0000 On 1/7/2020 6:41 PM, Scott Kitterman wrote: > https://sha-mbles.github.io/ > > If I'm reading this right, the last excuse that still trusting SHA-1 DKIM > signatures is an OK thing to do is gone. Comments from anyone that really > understands thus stuff would be appreciated. -1 to the subject question. Comments from implementators who only need to peripherally "understand" it, should be commenting. Did we want a discussion on theory? Despite the paper's claim for a clobbering technique, this is a time-shifted application problem -- replays after a secured message has been received and maybe not read yet. If read, expiration concepts should apply. In fact, we should probably be recommending x= expiration times. Right now, the default is off. x= Signature Expiration (plain-text unsigned decimal integer; RECOMMENDED, default is no expiration). The format is the same as in the "t=" tag, represented as an absolute date, not as a time delta from the signing timestamp. The value is expressed as an unsigned integer in decimal ASCII, with the same constraints on the value in the "t=" tag. Signatures MAY be considered invalid if the verification time at the Verifier is past the expiration date. The verification time should be the time that the message was first received at the administrative domain of the Verifier if that time is reliably available; otherwise, the current time should be used. The value of the "x=" tag MUST be greater than the value of the "t=" tag if both are present. But we have a higher potential, replay damage coming from allowing 5322.From Rewrites to have evolve among some packages. SHA1 usage is the least of my DKIM concerns. Nonetheless, we are already promoting verify only, not signing. Is that not enough? Or are we now promoting the suggestion to remove SHA1 from APIs and tools? I read a statement the OpenSSL folks were thinking about removing it. That would be a horrible decision and it just someone's belief, not the OpenSSL team because then we really create REAL damage by forcing SHA1 signatures fails which are otherwise secured right now. Lets fix the real Rewrite potential problems first before worrying about SHA1. -- HLS From nobody Tue Jan 14 06:44:28 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9AE12009E for ; Tue, 14 Jan 2020 06:44:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=UzZR/nOI; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=UeSgrdy5 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olf5iuyTm3_U for ; Tue, 14 Jan 2020 06:44:20 -0800 (PST) Received: from mail.winserver.com (pop3.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AD6E1200B4 for ; Tue, 14 Jan 2020 06:44:20 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1611; t=1579013050; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=OTztyqHPUjp32yDt8tZcEccgQRo=; b=UzZR/nOI7j3V735+TDnKKVcGgYSFwCfp5ugzqVY52UpmeoGrCxdew1Iq5pemD3 Ws/oqItpyNZSzuF5rYLhkV1LejYFyMSnfLmerKcHWE2pbzWi3rvWSdhhpDS9hIL5 YH1yqPrlHbXZPxr89wvyEMhxHHKED+yJPP8Im3iBVIxqI= Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:44:10 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2625405714.1.3320; Tue, 14 Jan 2020 09:44:09 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1611; t=1579012854; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=n6DDc4B OF5XB8/zmm28l4cpFWaQU4okoK3E4o5lmGyQ=; b=UeSgrdy5lk6Wo5mV5XpKkke 7rLwcDOzwiclqWYdx4TGY5yeyPaYX6aDKVD47jfuhe9PjWvexZ8HRJErJn7/PLA9 F8L/ul8qbrKNsVvGw1AGyOFxijGOlfYPVcaTCR2tIrhiC31CrZ+naZAIeled55/R d/dcEQIBIouuKendME2Y= Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 09:40:54 -0500 Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3188034656.1.10404; Tue, 14 Jan 2020 09:40:53 -0500 Message-ID: <5E1DD3B8.5030507@isdg.net> Date: Tue, 14 Jan 2020 09:44:08 -0500 From: Hector Santos Reply-To: hsantos@isdg.net Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> In-Reply-To: <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:44:26 -0000 On 1/10/2020 7:21 PM, Jim Fenton wrote: > Someone with access to a more comprehensive corpus of email than my home > domain might want to catalog and try to contact domains using SHA-1, and > encourage them to change: "some recipients may not trust your DKIM > signatures any more". Some PR (magazine articles, etc.) might help, too. I am not too keen with the false reporting and illusion of insecurity when it doesn't exist. Its would a lie to say, "Its not secured" and in fact, it is. As stated, DNS has a bigger potential is being a major problem for users. Putting all your faith in a BROWSER or a single vendor to "Trust Them" (but you have to pay them first) is a bigger risk. Whether SHA1 usage is 10%, 5% or 1%, we need to remember, it is still part of the protocol and DKIM Verifiers MUST be including SHA1 for verification purposes. https://tools.ietf.org/html/rfc6376#page-13 3.3. Signing and Verification Algorithms DKIM supports multiple digital signature algorithms. Two algorithms are defined by this specification at this time: rsa-sha1 and rsa- sha256. Signers MUST implement and SHOULD sign using rsa-sha256. Verifiers MUST implement both rsa-sha1 and rsa-sha256. INFORMATIVE NOTE: Although rsa-sha256 is strongly encouraged, some senders might prefer to use rsa-sha1 when balancing security strength against performance, complexity, or other needs. In general, however, rsa-sha256 should always be used whenever possible. Not having it (with suggestions or ideas to remove SHA1 from APIs, tools) WILL cause immediate problems. -- HLS From nobody Tue Jan 14 06:51:09 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D99251200F6 for ; Tue, 14 Jan 2020 06:51:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=vs9jZfdO; dkim=pass (2048-bit key) header.d=kitterman.com header.b=fEhbF7g+ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOL54tAGu7kL for ; Tue, 14 Jan 2020 06:51:01 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75E6012009E for ; Tue, 14 Jan 2020 06:51:01 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 7AAACF801CD for ; Tue, 14 Jan 2020 09:50:59 -0500 (EST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1579013459; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=gxQ5Cyv8Ei+BLmNTXo/2st1ZM1yJORAwYit8Tj1WDns=; b=vs9jZfdOyuXwOdr7+/ve0x5K3kSMbbDk9fra9qcM3e+3DlIub8Z0JWI7 Ll8YI5ICmUjltwAxVtyNsrH3+xJ+BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1579013459; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=gxQ5Cyv8Ei+BLmNTXo/2st1ZM1yJORAwYit8Tj1WDns=; b=fEhbF7g+Lz91sPS/0O+vAZxHfBUdiZ3JA0J4bY+SXv3wGKYSY3VB7rnt gxT30s0gzN3ENJILz9ocJCyCMSU1HQpc/CBlDEG9AhQwEg4Ph4NwtXGbpU U9R1N6lXpN4Qg4S/Um3Q8d1HNotvK/i1TiCYehgL3otD5gUXwkD0tspR1t c05lE7MHsUkfHYw1gGCrgOTkZX7wopJMkns0oLlx5rqEIwouAif2qUmIAc Fw9tPdBAXViGyrkiwT66gzjWn404f9sMbbwOYiG6Nceiq25InPe1TbLONs yVPFvDNf2xrjCZCj3intCkPQ6Au6Gna60msNvfFgOqdGtWIafKwXTA== Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 4D862F800F2 for ; Tue, 14 Jan 2020 09:50:59 -0500 (EST) From: Scott Kitterman To: dcrup@ietf.org Date: Tue, 14 Jan 2020 09:50:58 -0500 Message-ID: <2930903.4jkiU04MHV@l5580> In-Reply-To: <5E1DD3B8.5030507@isdg.net> References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> <5E1DD3B8.5030507@isdg.net> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:51:08 -0000 On Tuesday, January 14, 2020 9:44:08 AM EST Hector Santos wrote: > Whether SHA1 usage is 10%, 5% or 1%, we need to remember, it is still > part of the protocol and DKIM Verifiers MUST be including SHA1 for > verification purposes. No. It's not. Please review RFC 8301, which updates RFC 6376: > 3.1. Signing and Verification Algorithms > > DKIM supports multiple digital signature algorithms. Two algorithms > are defined by this specification at this time: rsa-sha1 and > rsa-sha256. Signers MUST sign using rsa-sha256. Verifiers MUST be > able to verify using rsa-sha256. rsa-sha1 MUST NOT be used for > signing or verifying. > > DKIM signatures identified as having been signed with historic > algorithms (currently, rsa-sha1) have permanently failed evaluation > as discussed in Section 3.9 of [RFC6376]. I know you know this, so please stop pretending it's not true. Scott K From nobody Tue Jan 14 06:58:37 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 845361200FD for ; Tue, 14 Jan 2020 06:58:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=hhD1xuUC; dkim=pass (2048-bit key) header.d=kitterman.com header.b=B8neRdin Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-D9Jckgswba for ; Tue, 14 Jan 2020 06:58:29 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E4941200FB for ; Tue, 14 Jan 2020 06:58:29 -0800 (PST) Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 97F6AF801CD for ; Tue, 14 Jan 2020 09:58:28 -0500 (EST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1579013908; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=ys3cGtiHQnYMegTVwj1J371Xy7yXLtbrdW8xB9+x+yc=; b=hhD1xuUC39dW7g78MrtXC7OYDfpEPGw9tgnM6RsyQ947va9bTFpcSW2W AHmIX8GjF8bT7EoCdw/Pz/r13JfgDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1579013908; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=ys3cGtiHQnYMegTVwj1J371Xy7yXLtbrdW8xB9+x+yc=; b=B8neRdinoDNGkwzp+lARyQBtAr1mAytQ8xI1T1tjtkdNtbbMhSDHbLl/ 3EDJynlRVlkzCsIjaLAefzcHypQ0EAjhxbgqWcZ8Or+oj1spLZ93dqCHN/ NmU4aisI+VVlXlY0fzDofVNnGR78rsJxOY/O/XZHa09HnElu8CnFc98GIl TWKdRYKn8GXhKyQgYK3+PFJh/YLkQdhUlKdFEyeHbicpII5oUYRVhkr7iK UdKCXD5C4j7647+Fq0sx9yndgKMKLPJn9h8Cz0it8gnRme6biYBPb+pExo rH64zz57WL5CXR0nM3D5LM3sOlsh+8Nacm//1ywHsIdZC4Bz8yQmgw== Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 612A5F800F2 for ; Tue, 14 Jan 2020 09:58:28 -0500 (EST) From: Scott Kitterman To: dcrup@ietf.org Date: Tue, 14 Jan 2020 09:58:27 -0500 Message-ID: <9344656.UHueZpf3bW@l5580> In-Reply-To: <2930903.4jkiU04MHV@l5580> References: <1836468.B6t98xBJ9D@l5580> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:58:35 -0000 On Tuesday, January 14, 2020 9:50:58 AM EST Scott Kitterman wrote: > On Tuesday, January 14, 2020 9:44:08 AM EST Hector Santos wrote: > > Whether SHA1 usage is 10%, 5% or 1%, we need to remember, it is still > > part of the protocol and DKIM Verifiers MUST be including SHA1 for > > verification purposes. > > No. It's not. Please review RFC 8301, which updates RFC 6376: > > 3.1. Signing and Verification Algorithms > > > > DKIM supports multiple digital signature algorithms. Two algorithms > > are defined by this specification at this time: rsa-sha1 and > > rsa-sha256. Signers MUST sign using rsa-sha256. Verifiers MUST be > > able to verify using rsa-sha256. rsa-sha1 MUST NOT be used for > > signing or verifying. > > > > DKIM signatures identified as having been signed with historic > > algorithms (currently, rsa-sha1) have permanently failed evaluation > > as discussed in Section 3.9 of [RFC6376]. > > I know you know this, so please stop pretending it's not true. At some point you are going to have to actually implement sha-256: DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; You're close to a decade and a half late. Scott K From nobody Tue Jan 14 08:27:21 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605CE12096F for ; Tue, 14 Jan 2020 08:27:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QHGe3RbMtpl for ; Tue, 14 Jan 2020 08:27:11 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBA80120971 for ; Tue, 14 Jan 2020 08:27:11 -0800 (PST) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 00EGNkhK031255; Tue, 14 Jan 2020 16:27:10 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=M5juOxNPXlKyiB5sKNhOXHPKrAOCX7RSP9wrRwwqn8o=; b=J9AomwYhNSykRNc4Xj61NaCqATGyNmnUkLzqO5IIn3RKs5aLK5NV0aHPrzrzKVNZFWCV 5UxRf63rASGLkqbWQbUCLCLoRQAAwCnXG5iaeGWJwkAQs8cYVLEospl4GjTbjE/BiCJv D2uJEZYfuciRESNiVtXSp52O0ewiseCLbB/d01orbJ2H0z2wkuxcfl3C7QfEaLLZ1zwW AliuiJU8jrLYmrOvcD8+wYhDSxHifpWCi+qu+7VJ+3hBp4rMx7RQV6rnoTlDt1gO5Wp3 H+nB93EwvkEy8kiVHCJe6Mpxh52JDuZE1guOlK+w+JEbGk6xaJTQgjF8nV9PoHAfSpu/ ew== Received: from prod-mail-ppoint7 (prod-mail-ppoint7.akamai.com [96.6.114.121] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2xf74k4nqr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2020 16:27:10 +0000 Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 00EGH5XI022379; Tue, 14 Jan 2020 11:27:09 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint7.akamai.com with ESMTP id 2xfak4vv45-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2020 11:27:05 -0500 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb5.msg.corp.akamai.com (172.27.123.55) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 11:26:57 -0500 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 11:26:57 -0500 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1473.005; Tue, 14 Jan 2020 11:26:56 -0500 From: "Salz, Rich" To: "dcrup@ietf.org" , "hsantos@isdg.net" Thread-Topic: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? Thread-Index: AQHVxbQLbHlVLrXFPk+NAxk5n8Hn1Kfk8q8AgAWn4QCAAAHpAP//xv4A Date: Tue, 14 Jan 2020 16:26:56 +0000 Message-ID: References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> In-Reply-To: <2930903.4jkiU04MHV@l5580> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.21.0.200104 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.117.13] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-01-14_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001140137 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-14_04:2020-01-14, 2020-01-14 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1011 priorityscore=1501 phishscore=0 mlxscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001140137 Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 16:27:19 -0000 QXMgSSByZWNhbGwsIHdlIGhhZCBleHRlbmRlZCBkaXNjdXNzaW9uIGFib3V0IE1VU1QgTk9UIFNI QTEgYW5kIEhlY3RvciB3YXMgdGhlIG9ubHkgb25lIG9wcG9zZWQgdG8gZHJvcHBpbmcgU0hBMS4g IFdlIGFsc28gZGlzY3Vzc2VkIGNoYW5naW5nIHRoZSB2ZXJzaW9uIG51bWJlciBiZWNhdXNlIG9m IGNoYW5naW5nIHRoZSAgY3J5cHRvLCBhbmQgd2hpbGUgdGhlcmUgd2VyZSBhIGNvdXBsZSBvZiBw ZW9wbGUgd2hvIHdlcmUgc3ltcGF0aGV0aWMgdG8gdGhlIHZpZXcsIHRoaXMgd2FzIG5vdCBkb25l Lg0KDQo+ICAgIEkga25vdyB5b3Uga25vdyB0aGlzLCBzbyBwbGVhc2Ugc3RvcCBwcmV0ZW5kaW5n IGl0J3Mgbm90IHRydWUuDQoNCkhlY3RvciwgSSBkbyBub3Qga25vdyB3aGF0IHlvdSBhY3R1YWxs eSBrbm93LCBidXQgcGxlYXNlIGtlZXAgdGhpcyByZW1pbmRlciwgYW5kIFNjb3R0J3MgaW4gbWlu ZC4gIFJlcGVhdGluZyAic2hhMSBpcyBzdGlsbCBpbiB0aGUgc3RhbmRhcmQiIGlzIHdyb25nLiAg QW5kIGlmIHlvdSBmb3Jnb3QsIG5vdyB5b3Uga25vdy4gIFBsZWFzZSBzdG9wLCB5b3UgYXJlIGh1 cnRpbmcgdGhlIEludGVybmV0IChhbmQgdGhvc2Ugd2hvIHJlYWQgbWFpbCBhcmNoaXZlcyB0byBz ZWUgd2hhdCdzIGdvaW5nIG9uKS4NCg0KCS9yJCwgY28tY2hhaXIuDQoNCg0KDQo= From nobody Tue Jan 14 09:29:45 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC352120A6B for ; Tue, 14 Jan 2020 09:29:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=RfZFo6uh; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=LdTPLvt/ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzHRuF3gndSb for ; Tue, 14 Jan 2020 09:29:41 -0800 (PST) Received: from mail.winserver.com (dkim.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624A5120A64 for ; Tue, 14 Jan 2020 09:29:41 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1802; t=1579022971; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=NHeqCSNbcHRPSF4Wx4uucVHQPZM=; b=RfZFo6uhjkxstxpxubg1h3jSnABzJr5VdIcB34scq3Rvp6+FmXexWIlk07rV44 kXN/KujfMuwiB6chnG/EJLbbBqUFndkg3b3D2Lxf7ZnFmaFFhg1y/Xxy5RAI59/2 QUBS5FNCOsSDmljbhGdWkSECz0DGpy8Dp8TkXBlmUCgAE= Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 12:29:31 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2635325896.1.3584; Tue, 14 Jan 2020 12:29:29 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1802; t=1579022773; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=JbznsPt qyNqv6WnDrGTS14du72LDAQOD20Rk2e4wFKA=; b=LdTPLvt/jaGVKtK6XB9Fnaj LgF/rq+ZVqhoQ0a9a3+LuY9VjB+X4+7cKugMxwzvZf6SsiHvHmYNA+Hc2a/jKFQP cxj5H2iF2onB9POlPbGRa3PYgi9AtKVFQda/27wCnlE64BPTBCAGJI+Zfmi1cTJI UpUaCyWHvw47tOFATNis= Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 12:26:13 -0500 Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3197953734.1.12156; Tue, 14 Jan 2020 12:26:12 -0500 Message-ID: <5E1DFA77.8070303@isdg.net> Date: Tue, 14 Jan 2020 12:29:27 -0500 From: Hector Santos Reply-To: hsantos@isdg.net Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 17:29:44 -0000 On 1/14/2020 11:26 AM, Salz, Rich wrote: > As I recall, we had extended discussion about MUST NOT SHA1 and Hector was the only one opposed to dropping SHA1. We also discussed changing the version number because of changing the crypto, and while there were a couple of people who were sympathetic to the view, this was not done. > >> I know you know this, so please stop pretending it's not true. > > Hector, I do not know what you actually know, but please keep this reminder, and Scott's in mind. Repeating "sha1 is still in the standard" is wrong. And if you forgot, now you know. Please stop, you are hurting the Internet (and those who read mail archives to see what's going on). > > /r$, co-chair. I am not "hurting the internet. You would be "hurting the internet" if you promoted the idea of pulling SHA1 from the tool set because you would be causing immediate fails where as today, there is no failure. And BTW, I was practically the only one who was advocating DKIM Policy since the beginning. It was a lonely world, trust me, and since I was the practically the only one, ADSP was abandoned only to be replaced with the same issue and problems, and its not even a proposed standard and look at the potential replay problems will can have with Rewrites. Today how much DKIM POLICY has grown and I always felt it would grow. So I don't buy "I am the only one." I may be the only one to dare speak up. So please don't get mad at me. my engineering and security position was clear than and it is clear now. It would be a mistake for SHA1 to be pulled from APIs and Tools. If you do it with OpenSSL, since you privy to the team, I think it would be YOU who would be hurting implementers, developers, products vendors, customers and the INTERNET. -- HLS From nobody Tue Jan 14 09:32:28 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77796120A8C for ; Tue, 14 Jan 2020 09:32:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDOSSU-pg-E3 for ; Tue, 14 Jan 2020 09:32:20 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2719120A84 for ; Tue, 14 Jan 2020 09:32:19 -0800 (PST) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00EHPAmX013188; Tue, 14 Jan 2020 17:32:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=73eqNWU2zl1aGRVDyFGeeEI9qDxuZ1KF0u2n1mHSjxE=; b=UaGqIpNore8BBzkOW3dAr7SiIXIqw9E8gBtcupVVqAu9VGl81UctnzBxlj1Y/cLGiEdh dbfmFlGpuGTxjGox/sbOc4DOhX3B74U3i+J+e6t+vW39Ykatps5CVz90Y4EMB6Zo//qh 3qxoisQSwh17df2wgwk37djEO/me6uDPT/gkunhkzSLoMaEpY7OlGdmy5xI+/2WqpsSj sci2IRX0Tvf7bH0ESx1ANBU31gi+ZK4Er6u8Gmu9zszyMvnRD5GUFWvZHOkcSg4svoqD Z3PZc3MzSkCYsxRXGWujqarzAtMeqqKfbSee4QWYmaICB3Z/SNAkAAgW+6sNevqJlr4g ug== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2xf7cxm372-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2020 17:32:18 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 00EHRDJU015992; Tue, 14 Jan 2020 12:32:17 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint2.akamai.com with ESMTP id 2xfajyn8v2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2020 12:32:16 -0500 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 14 Jan 2020 12:32:15 -0500 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1473.005; Tue, 14 Jan 2020 12:32:14 -0500 From: "Salz, Rich" To: "hsantos@isdg.net" , "dcrup@ietf.org" Thread-Topic: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? Thread-Index: AQHVxbQLbHlVLrXFPk+NAxk5n8Hn1Kfk8q8AgAWn4QCAAAHpAP//xv4AgABlSYD//6z2AA== Date: Tue, 14 Jan 2020 17:32:14 +0000 Message-ID: References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> <5E1DFA77.8070303@isdg.net> In-Reply-To: <5E1DFA77.8070303@isdg.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.21.0.200104 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.117.13] Content-Type: text/plain; charset="utf-8" Content-ID: <084D2F933E4BD04A8C90F1539CA4C7B0@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-01-14_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=753 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001140140 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-14_04:2020-01-14, 2020-01-14 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 mlxscore=0 impostorscore=0 suspectscore=0 spamscore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=725 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001140140 Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 17:32:26 -0000 SGVjdG9yLA0KDQpUaGFuayB5b3UgZm9yIHlvdXIgZWZmb3J0cy4NCg0KVGhlIFdHIGRlY2lkZWQg dGhhdCB0aGUgc3RhbmRhcmRzLXRyYWNrIGlzIHRvIG1vdmUgYXdheSBmcm9tIFNIQTEuICBTYXlp bmcgb3RoZXJ3aXNlIHNvd3MgY29uZnVzaW9uOyBwbGVhc2Ugc3RvcC4gDQoNCg== From nobody Tue Jan 14 09:44:04 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC7E41208E7 for ; Tue, 14 Jan 2020 09:44:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=QHNPsV3v; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=FhNM5vA9 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H2hOBSWGDOQ0 for ; Tue, 14 Jan 2020 09:44:01 -0800 (PST) Received: from mail.winserver.com (pop3.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BA291200EC for ; Tue, 14 Jan 2020 09:44:01 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=796; t=1579023830; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=li2MT5vfOkvoBCyD20BYJq7XOKQ=; b=QHNPsV3vEh70V8uglYVCzb8uqy8lQIZzV+Vc1uaAT61cJiydMYyLFc7rMPLBtk HanlYTygSekR0tqLpEmjsRD7kvxZbR4P+JiR/U6oljZAN6r8y+/Smkf0oCwZ7VXW 05StLpqeuEVTZ0Eh8KTSImyYZLbsQHO3yEPYCnLlTmihk= Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 12:43:50 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2636185929.1.2388; Tue, 14 Jan 2020 12:43:49 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=796; t=1579023633; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=bNrlyEw yfc39xBUQFtEoExN5y5h4UHEV2+GmAdLi1zY=; b=FhNM5vA9DMQbvGDyk5TkyGA Irde+VNq2GOYazXS/u5y0qT3TQG+6pLCIrgizuHeN56X64BnLfzZrlZ0A4jKX45W P3b1qlPgKYfeNOSsKopKLsETI8sImGrJSFSogjjON83x//nrvkVpcgRr80DatjpD jqO6IO66RPOFzB/O4+Ng= Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 12:40:33 -0500 Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3198813968.1.11196; Tue, 14 Jan 2020 12:40:33 -0500 Message-ID: <5E1DFDD3.5010600@isdg.net> Date: Tue, 14 Jan 2020 12:43:47 -0500 From: Hector Santos Reply-To: hsantos@isdg.net Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> <9344656.UHueZpf3bW@l5580> In-Reply-To: <9344656.UHueZpf3bW@l5580> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 17:44:03 -0000 On 1/14/2020 9:58 AM, Scott Kitterman wrote: > At some point you are going to have to actually implement sha-256: Our Wildcat! DKIM package included SHA256 since day one > DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; > > You're close to a decade and a half late. Hmmm, I believe you knew the above and the reasons why I have SHA1 here. SHA1 was intentional set for my isdg.net domain -- on purpose. I wanted to see where were these clobbering problems. Where is this SHA1 clobbering in the last 15 years? Use this this "new method" on my mail. Again, I always supported the deprecation - verify support. I don't support outright pulling of SHA1 from DKIM specification, nor APIs. OpenSSL would be making a major "internet hurting" mistake if they do. -- HLS From nobody Tue Jan 14 10:13:49 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F336D120B3F for ; Tue, 14 Jan 2020 10:13:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=QuPHnxI8; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=WaG8l6Tw Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CANCxSp3KN58 for ; Tue, 14 Jan 2020 10:13:42 -0800 (PST) Received: from mail.winserver.com (groups.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03F2A120AE2 for ; Tue, 14 Jan 2020 10:13:41 -0800 (PST) DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1795; t=1579025611; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=8Yi6ifM4WA5c0k8cs20o1OOIbf4=; b=QuPHnxI8/RtXjv6HlADze68lx/kvQtyQhlsYDZgsTLurzefUxttzEbira5nJzg NwXEHgtQOHmITfb+YwQ74bY4su1gZxMvukMqSSthlXnFbYio+qqHdI7c8U20eFkG 0f2CVaRhNA9oDbj7e2qmu37+9C6+5Y2K7ls8Otg3cpkhA= Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 13:13:31 -0500 Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer); Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2637966025.1.3044; Tue, 14 Jan 2020 13:13:30 -0500 DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1795; t=1579025414; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=7PYCpSP mD6j+PjiCy/HenI7LrSZMWSMSSpSWsEaKjng=; b=WaG8l6TwjhaSK0Rb27v2pNG ItqIyKBU0pdtc7ZitG2BtXfHD497vr9sAsgf5PvCmf+vukNk0WMSCL6QTrrBg9YX z7wNkHuGtBaXugByMNeXdTRDp/sdWZ0WUVDkrppf4nP9/kbTN4Yu7PJoUwuMnXon DsoKntkCL5ZIvICM4ivk= Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for dcrup@ietf.org; Tue, 14 Jan 2020 13:10:14 -0500 Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3200594375.1.11900; Tue, 14 Jan 2020 13:10:13 -0500 Message-ID: <5E1E04C8.2030408@isdg.net> Date: Tue, 14 Jan 2020 13:13:28 -0500 From: Hector Santos Reply-To: hsantos@isdg.net Organization: Santronics Software, Inc. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1 MIME-Version: 1.0 To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> <9c3b08b1-909c-197c-2c7a-1c7eff660202@bluepopcorn.net> <5E1DD3B8.5030507@isdg.net> <2930903.4jkiU04MHV@l5580> <5E1DFA77.8070303@isdg.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 18:13:48 -0000 On 1/14/2020 12:32 PM, Salz, Rich wrote: > Hector, > > Thank you for your efforts. > > The WG decided that the standards-track is to move away from SHA1. Saying otherwise sows confusion; please stop. Aw come on. Give people more credit, ok? I doubt it will confuse anyone but your reaction certainly is. I am not trying to resurrect SHA1. What was the point of this thread? No one every disputed SHA1 was potentially vulnerable. So was the question if this new method made a difference? Not to me. But if I read the article right, I read something about the OpenSSL team using the new clobber method as justification to remove it from the API. Was that the goal here? And for Developers to finally remove it from their implementations? If so, hear me now -- I strongly believe it would be mistake at multiple levels to pull SHA1 from DKIM and APIs. It will instantly cause problems -- immediately. That's "Hurting the Internet' so how dare you say I will be hurting the internet and confusion others. Even if it is pulled from OpenSSL, I will add it back in promoting API deviations which I hate to do. For this WG and in older DKIM WG, as I stated always, I supported the deprecation -- always day one, but not the removal. That is why the STD is written as it is-- it was the consensus. Today, nothing has changed but this WG wanted to do a new hash which loads high overhead on others, and also remove SHA1. You can mandate it with WG but I disagree with the idea of a complete removal. I am not about to remove sha1 from my package by virtual of a future OpenSSL removing it, and then have to endure immediate support issues and reports from a customer complaining about some new DKIM failure they never had before. I'm done with this one. -- HLS From nobody Tue Jan 14 14:26:19 2020 Return-Path: X-Original-To: dcrup@ietfa.amsl.com Delivered-To: dcrup@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14D2B120059 for ; Tue, 14 Jan 2020 14:26:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsB6ZzU776Uv for ; Tue, 14 Jan 2020 14:26:12 -0800 (PST) Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8755120046 for ; Tue, 14 Jan 2020 14:26:11 -0800 (PST) Received: by straasha.imrryr.org (Postfix, from userid 1001) id 7A3F839572; Tue, 14 Jan 2020 17:26:10 -0500 (EST) Date: Tue, 14 Jan 2020 17:26:10 -0500 From: Viktor Dukhovni To: dcrup@ietf.org Message-ID: <20200114222610.GE73491@straasha.imrryr.org> Reply-To: dcrup@ietf.org References: <1836468.B6t98xBJ9D@l5580> <5E1DCD20.7070607@isdg.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5E1DCD20.7070607@isdg.net> User-Agent: Mutt/1.12.2 (2019-09-21) Archived-At: Subject: Re: [Dcrup] Time For People To Really Stop Using SHA-1 Signatures? X-BeenThere: dcrup@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DKIM Crypto Update List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 22:26:18 -0000 On Tue, Jan 14, 2020 at 09:16:00AM -0500, Hector Santos wrote: > I read a statement the OpenSSL folks were thinking about removing it. There are no such plans. Rather, in some future releases the use of SHA-1 in digital signatures (whether in X.509, or in TLS handshake signatures) will probably only work at "security level 0". The default security level for TLS is level 1 (notionally 80 bits), which currently admits SHA-1. When/if SHA-1 is downgraded (not removed) X.509 certificates using SHA-1 will fail to validate at level 1, and TLS handshake signatures using SHA1, MD5 or SHA-1||MD5 will not be considered valid. That effectively rules out TLS 1.0 and TLS 1.1. So the change would need to made with care, giving the laggards some time to finally migrate to TLS 1.2. Non-TLS applications default to level 0 (no floor on algorithm strength), but can choose a stricter level for certificate verification. HMAC-SHA1 remains unbroken, and so there are no plans to deprecate SHA-1 ciphersuites from TLS, but these days you're more likely to negotiate an AEAD cipher. > That would be a horrible decision and it just someone's belief, not > the OpenSSL team because then we really create REAL damage by forcing > SHA1 signatures fails which are otherwise secured right now. Let's not fill the void with wild speculation. > Lets fix the real Rewrite potential problems first before worrying > about SHA1. This isn't an either/or choice, deprecate SHA1 signing, *and* other issues that warrant attention. -- Viktor.