| draft-ietf-dcrup-dkim-usage-00.txt | draft-ietf-dcrup-dkim-usage.txt | |||
|---|---|---|---|---|
| Network Working Group S. Kitterman | Network Working Group S. Kitterman | |||
| Internet-Draft Kitterman Technical Services | Internet-Draft Kitterman Technical Services | |||
| Updates: 6376 (if approved) May 30, 2017 | Updates: 6376 (if approved) June 3, 2017 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: December 1, 2017 | Expires: December 5, 2017 | |||
| Cryptographic Algorithm and Key Usage to DKIM | Cryptographic Algorithm and Key Usage to DKIM | |||
| draft-ietf-dcrup-dkim-usage-00 | draft-ietf-dcrup-dkim-usage-01 | |||
| Abstract | Abstract | |||
| The cryptographic algorithm and key size requirements included when | The cryptographic algorithm and key size requirements included when | |||
| DKIM was designed in the last decade are functionally obsolete and in | DKIM was designed in the last decade are functionally obsolete and in | |||
| need of immediate revision. This document updates DKIM requirements | need of immediate revision. This document updates DKIM requirements | |||
| to those minimaly suitable for operation with currently specified | to those minimaly suitable for operation with currently specified | |||
| algorithms. This document updates RFC 6376. | algorithms. This document updates RFC 6376. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 35 | skipping to change at page 1, line 35 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 1, 2017. | This Internet-Draft will expire on December 5, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 24 | skipping to change at page 2, line 24 | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 | 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 | |||
| 3. DKIM Signing and Verification Algorithms . . . . . . . . . . 3 | 3. DKIM Signing and Verification Algorithms . . . . . . . . . . 3 | |||
| 3.1. The rsa-sha1 Signing Algorithm . . . . . . . . . . . . . 3 | 3.1. The rsa-sha1 Signing Algorithm . . . . . . . . . . . . . 3 | |||
| 3.2. The rsa-sha256 Signing Algorithm . . . . . . . . . . . . 3 | 3.2. The rsa-sha256 Signing Algorithm . . . . . . . . . . . . 3 | |||
| 3.3. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.3. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.4. Other Algorithms . . . . . . . . . . . . . . . . . . . . 4 | 3.4. Other Algorithms . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 4. The DKIM-Signature Header Field . . . . . . . . . . . . . . . 4 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | 5. Key Management and Representation . . . . . . . . . . . . . . 4 | |||
| 5.1. DKIM Hash Algorithms . . . . . . . . . . . . . . . . . . 4 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Normative References . . . . . . . . . . . . . . . . . . . . 4 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 | 7.1. DKIM Hash Algorithms . . . . . . . . . . . . . . . . . . 5 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 5 | ||||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 5 | ||||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 6 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| Discussion Venue: Discussion about this draft is directed to the | Discussion Venue: Discussion about this draft is directed to the | |||
| dcrup@ietf.org [1] mailing list. | dcrup@ietf.org [1] mailing list. | |||
| DKIM [RFC6376] signs e-mail messages, by creating hashes of the | DKIM [RFC6376] signs e-mail messages, by creating hashes of the | |||
| message headers and content and signing the header hash with a | message headers and content and signing the header hash with a | |||
| digital signature. Message recipients fetch the signature | digital signature. Message recipients fetch the signature | |||
| verification key from the DNS where it is stored in a TXT record. | verification key from the DNS where it is stored in a TXT record. | |||
| The defining documents specify a single signing algorithm, RSA | The defining documents specify a single signing algorithm, RSA | |||
| [RFC8017], and recommends key sizes of 1024 to 2048 bits (but require | [RFC8017], and recommends key sizes of 1024 to 2048 bits (but require | |||
| verification of 512 bit keys). While 1024 bit signatures are common, | verification of 512 bit keys). As discussed in US-CERT VU#268267 | |||
| stronger signatures are not. Widely used DNS configuration software | [VULNOTE], the operational community has recognized that shorter keys | |||
| places a practical limit on key sizes, because the software only | compromise the effectiveness of DKIM. While 1024 bit signatures are | |||
| handles a single 256 octet string in a TXT record, and RSA keys | common, stronger signatures are not. Widely used DNS configuration | |||
| software places a practical limit on key sizes, because the software | ||||
| only handles a single 256 octet string in a TXT record, and RSA keys | ||||
| longer than 1024 bits don't fit in 256 octets. | longer than 1024 bits don't fit in 256 octets. | |||
| 2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
| The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", | The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", | |||
| "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and | "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 3. DKIM Signing and Verification Algorithms | 3. DKIM Signing and Verification Algorithms | |||
| skipping to change at page 4, line 23 | skipping to change at page 4, line 23 | |||
| o The security goals of DKIM,[RFC6376], are modest compared to | o The security goals of DKIM,[RFC6376], are modest compared to | |||
| typical goals of other systems that employ digital signatures | typical goals of other systems that employ digital signatures | |||
| See [RFC3766] for further discussion on selecting key sizes. | See [RFC3766] for further discussion on selecting key sizes. | |||
| 3.4. Other Algorithms | 3.4. Other Algorithms | |||
| Other algorithms will be defined in the future. Verifiers MUST | Other algorithms will be defined in the future. Verifiers MUST | |||
| ignore any signatures using algorithms that they do not implement. | ignore any signatures using algorithms that they do not implement. | |||
| 4. Security Considerations | 4. The DKIM-Signature Header Field | |||
| This section updates the a= tag in [RFC6376] Section 3.5. | ||||
| The text description of the tag is now: | ||||
| a= The algorithm used to generate the signature (plain-text; | ||||
| REQUIRED). Verifiers MUST support "rsa-sha256"; Signers MUST | ||||
| sign using "rsa-sha256". See [RFC6376] Section 3.3 (as updated | ||||
| by this document) for a description of the algorithms. | ||||
| The following ABNF element is updated: | ||||
| ABNF: | ||||
| sig-a-tag-h = "sha256" / x-sig-a-tag-h | ||||
| 5. Key Management and Representation | ||||
| This section updates the h= tag in [RFC6376] Section 3.6.1. | ||||
| The following ABNF element is updated: | ||||
| ABNF: | ||||
| key-h-tag-alg = "sha256" / x-key-h-tag-alg | ||||
| 6. Security Considerations | ||||
| This document does not change the Security Considerations of | This document does not change the Security Considerations of | |||
| [RFC6376]. It reduces the risk of signature compromise due to weak | [RFC6376]. It reduces the risk of signature compromise due to weak | |||
| cryptography. | cryptography. | |||
| 5. IANA Considerations | 7. IANA Considerations | |||
| IANA is requested to update registries as follows. | IANA is requested to update registries as follows. | |||
| 5.1. DKIM Hash Algorithms | 7.1. DKIM Hash Algorithms | |||
| The following value is changed in the DKIM Hash Algorithms | The following value is changed in the DKIM Hash Algorithms | |||
| +------+-----------------+----------+ | +------+-----------------+----------+ | |||
| | TYPE | REFERENCE | STATUS | | | TYPE | REFERENCE | STATUS | | |||
| +------+-----------------+----------+ | +------+-----------------+----------+ | |||
| | sha1 | (this document) | obsolete | | | sha1 | (this document) | obsolete | | |||
| +------+-----------------+----------+ | +------+-----------------+----------+ | |||
| Table 1: DKIM Hash Algorithms Changed Value | Table 1: DKIM Hash Algorithms Changed Value | |||
| 6. Normative References | 8. References | |||
| 8.1. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | |||
| RFC2119, March 1997, | RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3766] Orman, H. and P. Hoffman, "Determining Strengths For | [RFC3766] Orman, H. and P. Hoffman, "Determining Strengths For | |||
| Public Keys Used For Exchanging Symmetric Keys", BCP 86, | Public Keys Used For Exchanging Symmetric Keys", BCP 86, | |||
| RFC 3766, DOI 10.17487/RFC3766, April 2004, | RFC 3766, DOI 10.17487/RFC3766, April 2004, | |||
| <http://www.rfc-editor.org/info/rfc3766>. | <http://www.rfc-editor.org/info/rfc3766>. | |||
| skipping to change at page 5, line 20 | skipping to change at page 5, line 48 | |||
| [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., | [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., | |||
| "DomainKeys Identified Mail (DKIM) Signatures", STD 76, | "DomainKeys Identified Mail (DKIM) Signatures", STD 76, | |||
| RFC 6376, DOI 10.17487/RFC6376, September 2011, | RFC 6376, DOI 10.17487/RFC6376, September 2011, | |||
| <http://www.rfc-editor.org/info/rfc6376>. | <http://www.rfc-editor.org/info/rfc6376>. | |||
| [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, | [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, | |||
| "PKCS #1: RSA Cryptography Specifications Version 2.2", | "PKCS #1: RSA Cryptography Specifications Version 2.2", | |||
| RFC 8017, DOI 10.17487/RFC8017, November 2016, | RFC 8017, DOI 10.17487/RFC8017, November 2016, | |||
| <http://www.rfc-editor.org/info/rfc8017>. | <http://www.rfc-editor.org/info/rfc8017>. | |||
| 8.2. Informative References | ||||
| [VULNOTE] US-CERT, "Vulnerability Note VU#268267, DomainKeys | ||||
| Identified Mail (DKIM) Verifiers may inappropriately | ||||
| convey message trust", October 2012. | ||||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| The author wishes to acknowledge the following for their review and | The author wishes to acknowledge the following for their review and | |||
| constructive criticism of this proposal: TBD (surely there will be | constructive criticism of this proposal: TBD (surely there will be | |||
| someone). | someone). | |||
| Thanks to John Levine for draft-ietf-dcrup-dkim-crypto-00, which was | Thanks to John Levine for draft-ietf-dcrup-dkim-crypto-00, which was | |||
| the source for much of the introductory material in this draft. | the source for much of the introductory material in this draft. | |||
| Author's Address | Author's Address | |||
| End of changes. 12 change blocks. | ||||
| 18 lines changed or deleted | 58 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||