Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
Scott Kitterman <sklist@kitterman.com> Fri, 19 May 2017 14:24 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F74C127419 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:24:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5v3XED3wnNKd for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:24:54 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA45B1270B4 for <dcrup@ietf.org>; Fri, 19 May 2017 07:24:54 -0700 (PDT)
Received: from [10.251.120.224] (mobile-166-170-32-163.mycingular.net [166.170.32.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id B05BEC4034A; Fri, 19 May 2017 09:24:51 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1495203891; bh=0Z+9l/yYgr5rbNvl4BSC0yO/B28GBIQqObF0kiZv/4c=; h=Date:In-Reply-To:References:Subject:To:From:From; b=LzmhzUssoJ06fdBd/p0NIMT/+Mo3jDfg4pqA3AF+dpMKhjhP8pi/zZhZaagwZkghO KJ1+vAh+k/yYyTCrLsBN0Q/IkTYy1IhQeYm8vkb9ea4OlnD6z/qd/5UqCH8aG8Utif J2Z7DQYB9OE/dBovvxV6MyY0XAgyGwjx/2YiWP/k=
Date: Fri, 19 May 2017 14:24:38 +0000
In-Reply-To: <85f7bdf177024c2b98fcd5ef136141bf@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <71169.1495194707@eng-mail01.juniper.net> <B9568799-562D-467F-A9B6-683D5E8E7F58@kitterman.com> <85f7bdf177024c2b98fcd5ef136141bf@usma1ex-dag1mb1.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dcrup@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <BAA8B7C5-77E6-4810-A70B-9A4DEA9EDF02@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/FUcEn_Q1HJ_mIFRM8IR3jyvZ-Q0>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 14:24:56 -0000
On May 19, 2017 9:48:36 AM EDT, "Salz, Rich" <rsalz@akamai.com> wrote: >> 2048 bit keys present operational problems in common DNS provisioning >> systems. What advice should we offer those not currently able to >publish a >> TXT record long enough for 2048? > >Move to ECC which has much shorter keys with equivalent strength? Eventually, sure, but sha-1 and sha-256 are what DKIM libraries support today. The WG does need to answer questions about the future when new software can be developed and deployed, but IMO improved guidance for today's systems is much more urgent. Keep in mind the current minimum is 512. If we could spit out a document that says nothing more than: MUST NOT sign/verify sha-1 MUST sign/verify sha-256 Key size MUST be 1024 and SHOULD be 2048 it would be an easy, quick win while we work on consensus about the next algorithm that should be added. I volunteer to draft it if there's interest. Scott K
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein