Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
Scott Kitterman <sklist@kitterman.com> Fri, 19 May 2017 14:42 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F3D3128B51 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.103
X-Spam-Level:
X-Spam-Status: No, score=-0.103 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sbz0WoNk3OnY for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:42:57 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B117128959 for <dcrup@ietf.org>; Fri, 19 May 2017 07:42:57 -0700 (PDT)
Received: from [10.251.120.224] (mobile-166-170-32-163.mycingular.net [166.170.32.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id F1839C4034A; Fri, 19 May 2017 09:42:55 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1495204976; bh=47AIBrOrQlIehyk1tm4OvcPxytxu7BzzvoHdD8XDFyE=; h=Date:In-Reply-To:References:Subject:To:From:From; b=f2WPFJSbxqGWijB9L8yPl55kswMcc5rXZUKK/XlPGU6IVfg32+384jOORpUKWMC4+ ryHUFtqcFJfPWTVsiZi1zRklY4yDnnoaA7enLA7zrQ6a41Fr69OLTcye128xfVchXO 7DoMCapQMgoMVX04ciZvagkD1Y3ayJ5Gdf6/V+Lg=
Date: Fri, 19 May 2017 14:41:51 +0000
In-Reply-To: <20170519143049.4908.qmail@ary.lan>
References: <20170519143049.4908.qmail@ary.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: dcrup@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <B0689C30-3B55-49AB-892D-D0923831961D@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/b1NC2I1ZLebnNMTm7wmpWTz0P5o>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 14:42:58 -0000
On May 19, 2017 10:30:49 AM EDT, John Levine <johnl@taugh.com> wrote: >In article <B9568799-562D-467F-A9B6-683D5E8E7F58@kitterman.com> you >write: >> >> >>On May 19, 2017 7:51:47 AM EDT, "Mark D. Baushke" <mdb@juniper.net> >wrote: >>>Hi, >>> >>>I suggest that 2048 bit RSA be considered the minimum key size. >>>Smaller sizes are not really safe these days. >> >>2048 bit keys present operational problems in common DNS provisioning >systems. What advice >>should we offer those not currently able to publish a TXT record long >enough for 2048? > >Perhaps to read section 4 of the draft? What currently available DKIM software supports that approach? I don't think any, so I believe that the question of what operators should do until new software can be developed and deployed is still open. Until new signing key management/publishing or crypto achieve similar successful verification rates to what's currently fielded, they aren't suitable replacements. For anything that requires code changes on the part of verifiers, it's going to take years before enough support new functionality that the d can be dropped. What do people do in the meantime? Scott K
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein