[Dcrup] DKIM algorithms
Jan Dušátko <jan@dusatko.org> Tue, 16 May 2023 15:15 UTC
Return-Path: <jan@dusatko.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10251C15108E for <dcrup@ietfa.amsl.com>; Tue, 16 May 2023 08:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dusatko.org header.b="ML+tvf7A"; dkim=pass (2048-bit key) header.d=dusatko.org header.b="k/4NXggy"; dkim=pass (2048-bit key) header.d=dusatko.org header.b="qpP7aSEA"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ASMjfXDZ7Kq for <dcrup@ietfa.amsl.com>; Tue, 16 May 2023 08:15:10 -0700 (PDT)
Received: from vhost.cz (hermes.vhost.cz [82.208.29.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3ACFC151092 for <dcrup@ietf.org>; Tue, 16 May 2023 08:15:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.vhost.cz (Postfix) with ESMTP id 2390B80425 for <dcrup@ietf.org>; Tue, 16 May 2023 17:15:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dusatko.org; s=key2048; t=1684250102; bh=4xsHGwIe7ClcWGC+7gMufycVRAAMmfictmFUTyL46SA=; h=Date:From:To:Subject:From; b=ML+tvf7AQ692TpzRTtV/FqYL74wuJvTm3EpNFrmnnTvhcp4Me2vlVoVJOkYCm3b0b oLIheyTmdgLRpWteSIVxk7bZ6oCqufQXdnGqZ/6znL0d2PPTp3KE8ryWSFsjqjBcT3 +LFz/BRuf0gqEn8AoixUYqWKRHLU+Z/8BlZwHovd2hhtRLHjXSZDOKS8xyJFN+YmlM r8owPSSyelgVC1cZ8a5c9a11ufs7NmsTCUQ+cyi5fwAoKY/EySnFweeZG6+OkMQwH9 n5E3znBajZP7r1QS2eG9VNJDAciFlBZnXyQ9wSWskQrmgMz+JWoNViL7xs2KlrMOmO SN3F4jHroGMAw==
X-Virus-Scanned: Debian amavisd-new at hermes.vhost.cz
Received: from vhost.cz ([127.0.0.1]) by localhost (hermes.vhost.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8nmK_61uZ19F for <dcrup@ietf.org>; Tue, 16 May 2023 17:14:56 +0200 (CEST)
Received: by hermes.vhost.cz (Postfix, from userid 115) id B962E8042D; Tue, 16 May 2023 17:14:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dusatko.org; s=key2048; t=1684250096; bh=4xsHGwIe7ClcWGC+7gMufycVRAAMmfictmFUTyL46SA=; h=Date:From:To:Subject:From; b=k/4NXggyLkWVWswKBxPflUSLqA5f5xeX9ClOCYgLVXLZLep0tiq7te/rtXWVZ0mOa TwBO4inlb8LtB32/cNbdqqSYbzoUQQmSyolPF3CHn2zZ4isTIywSz0HFD6Fo6FojFQ iUrs9MMfBx93WeQoyVPCKFCoYL9W7K6iWozI+hfILxNRm5302AYyGKSu2F7/BV1Q7j w0ViyQ3MbFZ+241qpHw3m9zF8KJeyQ/QbRE3ERRiZVnWjVnNRdqlWMXsds3Qamrwnh dKivOJaW1UK0Tfz1Vv6pCJW3XaIkUkS847iDjQ/AAToAXOTY8sAux9GUC4AFHnbTs/ f1LfmGULcw+ow==
X-Spam-Virus: Error (Cannot connect to unix socket '/var/run/clamdav/clamd.ctl': connect: No such file or directory)
X-Spam-Pyzor: Reported 0 times.
X-Spam-DCC: :
Received: from [192.168.1.50] (static-84-242-66-51.bb.vodafone.cz [84.242.66.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by hermes.vhost.cz (Postfix) with ESMTPSA id 2BF4880425 for <dcrup@ietf.org>; Tue, 16 May 2023 17:14:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dusatko.org; s=key2048; t=1684250094; bh=4xsHGwIe7ClcWGC+7gMufycVRAAMmfictmFUTyL46SA=; h=Date:From:To:Subject:From; b=qpP7aSEAZAXliPT7zpdNAVP78lWZr25xb8e5XRPZjI+U3Suf4lpBsjHvvGu96KF6U rp2lyb4NQcGP0+DqMvNGgdWYjrNQaZxEhZ5dIA1K7eLcHCz98bNC0Y91rpRy2BJ6AS n47Cg2KCIXh0iAwjAzv0ZhpvkKI4PgmD6hcP5rx1PzfPg1CVHaKXbQ3I6AwbFXxqdg pjeQ4PsWyhGpG+hl+lqv1O1AidUtoVGy1kBXsOfo7X1XfxdYRTIb2CIpcD4Y8Wbrej pokHw6DnQhDLAEaqX+ctyhZTXFJXlaVEnM8JMI3h+VwjmTKo8POlBUwjTtg8El+JAY b/uigZCgooKcQ==
Message-ID: <787bb47c-9773-e1de-ea02-bbb8a7c8db6b@dusatko.org>
Date: Tue, 16 May 2023 17:14:52 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
Content-Language: en-GB
From: Jan Dušátko <jan@dusatko.org>
To: dcrup@ietf.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/TigzRXnZtOYlhYERlCTIgcqDEQI>
Subject: [Dcrup] DKIM algorithms
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 15:15:16 -0000
Hi, I would like to ask about the near-term development of signature algorithms for DKIM. Currently, it is possible to use either RSA or Ed25519. When comparing their strength using the security equivalent, Ed25519 is on the edge (the recommended security equivalent is currently 128b). For RSA, it is possible to use a signature of size 3072b, which is still not widely supported. Most of solution still support keys with size of 2048b. 1) If I have studied RFC well, it is used for RSA signature PKCS#1 v 1.5, currently I find it more appropriate to use RSA-PSS, i.e. PKCS#2.2 (RFC 3447). Do I understand this well? Will be possible to allow RSA-PSS in such conditions? 2) Given the behavior of elliptic curves, I find it interesting to implement Ed448. It is a signature accepted by NIST, ENISA, the curve shown and the signature for authentication is also used in TLS 1.3. 3) I see interesting discussion about enforcing of use SHA256. I would like to agree, with one point. Implementation can be years after RFC advices, which mean that wise altitude to enter "h=sha256" in all DKIM keys. I understand, that implementation will take a long time, but will be usefull to use current cryptography and short key which can fit in the 512B. There are "raw estimation" of security equivalent. +-----------+---------------------+ | KEY SIZE | SECURITY EQUIVALENT | +-----------+---------------------+ | RSA 1024b | 96b | | RSA 2048b | 112b | | RSA 3072b | 128b | | RSA 4096b | 160b | | Ed25519 | 125b | | Ed448 | 224b | +-----------+---------------------+ And algorithm to hash relation, include obsolete SHA1 function. +-----------+-----------+ | ALGORITHM | HASH | +-----------+-----------+ | rsa | sha1 | | rsa | sha256 | | rsa | sha384 | | rsa | sha512 | | rsa-pss | sha256 | | rsa-pss | sha384 | | rsa-pss | sha512 | | ed25519 | sha256 | | ed448 | shake256 | +-----------+-----------+ National Institute of Standards and Technology, "Digital Signature Standard (DSS)", FIPS PUB 186-5, DOI 10.6028/NIST.FIPS.186-5, February 2023, <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf> ETSI, "Electronic Signatures and Infrastructures (ESI); Cryptographic Suites", ETSI TS 119 312 V1.4.1, August 2021, RTS/ESI0019312v141, <https://www.etsi.org/deliver/etsi_ts/119300_119399/119312/01.04.01_60/ts_119312v010401p.pdf> Regards Jan -- -- --- ----- - Jan Dušátko Tracker number: +420 602 427 840 e-mail: jan@dusatko.org GPG Signature: https://keys.dusatko.org/E535B585.asc GPG Encrypt: https://keys.dusatko.org/B76A1587.asc
- [Dcrup] DKIM algorithms Jan Dušátko