IETF Logo Mail Archive

Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00

Russ Housley <housley@vigilsec.com> Fri, 19 May 2017 17:02 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93908129526 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYQMrchJGAJ3 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:02:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AB3A12954E for <dcrup@ietf.org>; Fri, 19 May 2017 10:02:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E7C3230056B for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JWz4tFBf8McB for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:30 -0400 (EDT)
Received: from [5.5.33.165] (vpn.snozzages.com [204.42.252.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 040773004CE for <dcrup@ietf.org>; Fri, 19 May 2017 13:02:29 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 19 May 2017 13:02:27 -0400
References: <20170519144243.4945.qmail@ary.lan>
To: dcrup@ietf.org
In-Reply-To: <20170519144243.4945.qmail@ary.lan>
Message-Id: <360CB42F-6B1A-4A6F-95D2-EFF36C449EBB@vigilsec.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/myB64mvFSD-x3G_A51GHLauOIBU>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:02:33 -0000

>> I suggest that 2048 bit RSA be considered the minimum key size.
>> Samller sizes are not really safe these days.
> I'm surprised to hear this.  Remember that DKIM signatures are
> relatively low value and not intended to be archival.  They're
> typically verified within a day of being signed, and the design
> encourages key rotation (although I admit that in practice most people
> don't rotate very often.)
> 
> How much effort does it take to crack a 1k signature?

NIST has told everyone to move away from SHA-1 for for all uses except HMAC-SHA-1.

NIST has told everyone to move toward RSA with 2048 bit keys, even for entity authentication applications like DKIM.

If RSA keys of that size are a problem, then it it time to start the transition to Elliptic Curve.  We know it will not happen the day the RFC gets published.

Russ

v2.23.0 | Report a Bug | By Email