Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
Jim Fenton <fenton@bluepopcorn.net> Fri, 19 May 2017 14:56 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6421C128C81 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AT48HP1X6HSU for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 07:56:05 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 082C5128B91 for <dcrup@ietf.org>; Fri, 19 May 2017 07:56:04 -0700 (PDT)
Received: from splunge.local (c-67-187-243-206.hsd1.ca.comcast.net [67.187.243.206]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v4JEu2XJ004603 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dcrup@ietf.org>; Fri, 19 May 2017 07:56:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1495205764; bh=jy1UhUGXHy1rqZYEj91dINybEmy4LcFqYtQYDO/Yj58=; h=Subject:To:References:From:Date:In-Reply-To; b=sC6cvi2HbMSgl2Q3VGsp2SgPhosEWgWdUMSHUp7WLhxPSMhLy9inDxMvxT+lAyCSm A4KYNuolESd1WBLyszCeEXImeSxBXMd88RGpXW4sE+pRAsh+yUacwbZBAl3fjha7aV YWf8ZesAABeIR9Zyw+lSbiGwd0hWZC85N4lETNOo=
To: dcrup@ietf.org
References: <20170519144243.4945.qmail@ary.lan>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <dd14eebb-a481-0d09-5d29-a245748ac700@bluepopcorn.net>
Date: Fri, 19 May 2017 07:55:59 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170519144243.4945.qmail@ary.lan>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/ejiU0_c0aGrVDqzRQxlY9I5n5fU>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 14:56:06 -0000
On 5/19/17 7:42 AM, John Levine wrote: > In article <71169.1495194707@eng-mail01.juniper.net> you write: >> Hi, >> >> I suggest that 2048 bit RSA be considered the minimum key size. >> Samller sizes are not really safe these days. > I'm surprised to hear this. Remember that DKIM signatures are > relatively low value and not intended to be archival. They're > typically verified within a day of being signed, and the design > encourages key rotation (although I admit that in practice most people > don't rotate very often.) Factoring a key gives the attacker the ability to sign messages, so how quickly the signature is verified and its not being intended to be archival is not relevant. Frequency of key rotation is the only thing that matters (along with the value of the signature). > > How much effort does it take to crack a 1k signature? From 2012: https://www.wired.com/2012/10/dkim-vulnerability-widespread/ tl;dr: factored a 512-bit key on AWS in 72 hours for $75. But that was 5 years ago. I haven't extrapolated to current compute costs/speeds or the longer key. -Jim
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein