Discussion about Cancel-Lock support
Julien ÉLIE
julien at trigofacile.com
Mon Dec 7 20:07:15 UTC 2020
Hi Russ,
>>> My inclination would be to support all of the non-MD5 algorithms for
>>> verification but only generate SHA-256. I don't think there's much
>>> gained by using the other algorithms.
>
>>> It looks like Gnus still only supports SHA-1.
>
>> For interoperability reasons, it seems that we'll have to handle a
>> transition period, and generate two hashes for each message (SHA-1 and
>> SHA-256). And support all of the non-MD5 algorithms to verify cancel
>> keys.
>
> On the generate side, I think it only matters what other servers support,
> and I have no feel for what server support is out there and thus whether
> we need a transition period for that part.
When Michael wrote RFC 8315 (Cancel-Key), he did the analysis and found
out that not all servers know other algorithms than sha1.
The previous draft (from the USEFOR WG), written two decades ago, only
defined sha1; so implementations only used that.
Implementations of earlier draft versions of this specification
defined a different value for <scheme> than this version. The
following value for <scheme> is now deprecated and SHOULD NOT be
generated anymore. Serving agents SHOULD still accept it for a
transition period as long as the corresponding hash function is not
considered unsafe (see Section 7 for details) or already marked as
OBSOLETE in the "Netnews Cancel-Lock Hash Algorithms" registry
(Section 8.3).
obs-scheme = "sha1"
It is important for backward compatibility that the deprecated value
for <scheme> is not phased out too early. Security and compatibility
concerns should be carefully weighed before choosing to remove
<obs-scheme> from existing implementations (or not implementing it in
new ones).
=> in the IANA registry related to Cancel-Lock, sha1 is of LIMITED USE
(still not OBSOLETE)
=> SHA-1 is still not deprecated (unless for signature hashes in TLS 1.2
through draft-ietf-tls-md5-sha1-deprecate-04 in the process of becoming
a proposed standard)
> (What we generate won't matter
> for Gnus, since it won't have the secret keys for those hashes anyway.)
Yes, exactly! A posting agent does not verify these keys.
--
Julien ÉLIE
« La femme est beaucoup plus portée que l'homme aux actes imprudents et
irréfléchis. » (Démocrite)
More information about the inn-workers
mailing list