IETF Logo Mail Archive

Re: [Dcrup] New algorithm availability was: Re: draft-ietf-dcrup-dkim-crypto-00

"John Levine" <johnl@taugh.com> Fri, 19 May 2017 17:42 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 801C3129789 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:42:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.579
X-Spam-Level: *
X-Spam-Status: No, score=1.579 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZiEJFTINyMm for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:42:31 -0700 (PDT)
Received: from miucha.iecc.com (www.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E0711287A7 for <dcrup@ietf.org>; Fri, 19 May 2017 10:42:30 -0700 (PDT)
Received: (qmail 95540 invoked from network); 19 May 2017 17:42:29 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 19 May 2017 17:42:29 -0000
Date: Fri, 19 May 2017 17:42:07 -0000
Message-ID: <20170519174207.5556.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dcrup@ietf.org
Cc: rsalz@akamai.com
In-Reply-To: <4ff2a3a3ce94418489111c61aea21489@usma1ex-dag1mb1.msg.corp.akamai.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/9qVc35pNcgG24rWdMwManOvLLN0>
Subject: Re: [Dcrup] New algorithm availability was: Re: draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:42:32 -0000

In article <4ff2a3a3ce94418489111c61aea21489@usma1ex-dag1mb1.msg.corp.akamai.com> you write:
>> Generally, yes, but DKIM verifiers don't support it currently, so for this
>> purpose, not yet.
>
>This issue of "we need to move forward; we have an installed base" is not new.  RSA2K doesn't fit in many DNS TXT
>records, so I think that will be an additional driver to upgrade.  You may disagree.

Just to make it clear, 2K keys fit in TXT records just fine.  The
problem is provisioning crudware that can't handle TXT records with
more than one string.  This is a really stupid problem, but it's one
that is not going away any time soon, hence the two approaches to
putting shorter keys or key hashes in the DNS.

R's,
John

v2.23.0 | Report a Bug | By Email