On Sun, Mar 23, 2014 at 09:00:08PM +0100, Peter Palfrader wrote:
> On Mon, 24 Mar 2014, Mark Andrews wrote:
>
> > > Site A only publishes SHA1 entries. Would rather do unauthenticated TLS
> > > than trust SHA1?
> >
> > You left out - report and refuse to send until fixed.
>
> No, that's not what the SMTP draft suggests. When DANE is not there,
> then servers just fall back to not authenticating a peer's cert, as they
> do nowadays.
Indeed if one simply considers (again hypothetically) SHA1 to be
"unusable", then with no "usable" TLSA records, the connection
would fall back to unauthenticated TLS.
To do what Mark suggests, we'd have to treat SHA1 as usable, but
always fails. That is new code to make SHA1 never match. And
still I don't see anyone shooting themselves in the foot with
self-imposed flag days for a long time after an algorithm becomes
suspect.
I sees that, the unstated objection must be a belief that SHA2-256
will never fail, and thus we're wasting time designing solutions
to a non-problem. While I don't believe in eternal unbounded
progress, and (barring a P=NP revolution) it is likely that at some
point we'll have algorithms that never need replacement, it is
perhaps premature to declare mission-complete with SHA2.
For if we are to take the threat of gradual degradation of our
confidence in SHA2 seriously, we need usable approaches for phasing
it out. Flag days don't look like usable approaches to me.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
