Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
Russ Housley <housley@vigilsec.com> Fri, 19 May 2017 17:02 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93908129526 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYQMrchJGAJ3 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:02:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AB3A12954E for <dcrup@ietf.org>; Fri, 19 May 2017 10:02:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E7C3230056B for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JWz4tFBf8McB for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:30 -0400 (EDT)
Received: from [5.5.33.165] (vpn.snozzages.com [204.42.252.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 040773004CE for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:29 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 19 May 2017 13:02:27 -0400
References: <20170519144243.4945.qmail@ary.lan>
To: dcrup@ietf.org
In-Reply-To: <20170519144243.4945.qmail@ary.lan>
Message-Id: <360CB42F-6B1A-4A6F-95D2-EFF36C449EBB@vigilsec.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/myB64mvFSD-x3G_A51GHLauOIBU>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:02:33 -0000
>> I suggest that 2048 bit RSA be considered the minimum key size. >> Samller sizes are not really safe these days. > I'm surprised to hear this. Remember that DKIM signatures are > relatively low value and not intended to be archival. They're > typically verified within a day of being signed, and the design > encourages key rotation (although I admit that in practice most people > don't rotate very often.) > > How much effort does it take to crack a 1k signature? NIST has told everyone to move away from SHA-1 for for all uses except HMAC-SHA-1. NIST has told everyone to move toward RSA with 2048 bit keys, even for entity authentication applications like DKIM. If RSA keys of that size are a problem, then it it time to start the transition to Elliptic Curve. We know it will not happen the day the RFC gets published. Russ
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein