DKIM Crypto Update
charter-ietf-dcrup-02
Yes
No Objection
(Alia Atlas)
(Deborah Brungard)
(Mirja Kühlewind)
(Terry Manderson)
Note: This ballot was opened for revision 01-00 and is now closed.
Ballot question: "Is this charter ready for external review? Is this charter ready for approval without external review?"
Warren Kumari
No Objection
Comment
(2017-07-12 for -01-00)
Unknown
Editorial comments only: 1: Original: DCRUP will consider four types of changes to DKIM: additional signing algorithms such as those based on elliptic curves, changes to key strength advice and requirements, deprecating the use of SHA1, and new public key forms, such as putting the public key in the signature and a hash of the key in the DNS to bypass bugs in DNS provisioning software that prevent publishing longer keys as DNS TXT records. This sentence is really long, and I got lost in it. It says that there are 4 changes, but the wording makes it hard to figure out which they are. Proposed (semi-colons to separate from the "such as"). Or, perhaps make this bullets instead?: DCRUP will consider four types of changes to DKIM: additional signing algorithms such as those based on elliptic curves; changes to key strength advice and requirements; deprecating the use of SHA1; and new public key forms, such as putting the public key in the signature and a hash of the key in the DNS to bypass bugs in DNS provisioning software that prevent publishing longer keys as DNS TXT records. 2: "It will limit itself to existing implemented algorithms and key forms." The "it will limit itself" sounds odd in a charter; I'd suggest "It will be limited to..." or something similar (otherwise it sounds like this is an internal decision)
Alexey Melnikov Former IESG member
Yes
Yes
(2017-08-01 for -01-02)
Unknown
I think I addressed comments from Warren and Spencer.
Ben Campbell Former IESG member
Yes
Yes
(2017-08-02 for -01-02)
Unknown
I'm fine skipping the external review.
Alia Atlas Former IESG member
No Objection
No Objection
(for -01-02)
Unknown
Deborah Brungard Former IESG member
No Objection
No Objection
(for -01-02)
Unknown
Kathleen Moriarty Former IESG member
No Objection
No Objection
(2017-08-02 for -01-02)
Unknown
I'm glad to see this work going forward and am also fine with skipping external review.
Mirja Kühlewind Former IESG member
No Objection
No Objection
(for -01-02)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(2017-07-12 for -01-00)
Unknown
I'm fine with doing this, without external review.
I'm a Yes for this one, but Alexey needs to be a Yes before it's approved, of course. But definitely the right thing to do.
I did see
DKIM also currently supports use of SHA1 coupled with RSA. SHA1 has been
formally deprecated due to weakness especially when used in the context
transport security, though the risk of a successful preimage attack is
I may be unaware of a well-known term of art, but I'm guessing "context transport security" is missing "of" (so, "context of transport security")?
less severe. Still, the community wishes to discourage its continued use
in the DKIM context.
Suresh Krishnan Former IESG member
No Objection
No Objection
(2017-08-02 for -01-02)
Unknown
Looks fine to me. Have no strong feelings about external review.
Terry Manderson Former IESG member
No Objection
No Objection
(for -01-02)
Unknown