Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
Peter Goldstein <peter@valimail.com> Fri, 19 May 2017 17:40 UTC
Return-Path: <peter@valimail.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6934B129A99 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:40:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.381
X-Spam-Level:
X-Spam-Status: No, score=0.381 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c5f7pBfRzLxc for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 10:40:12 -0700 (PDT)
Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0369B1287A7 for <dcrup@ietf.org>; Fri, 19 May 2017 10:40:11 -0700 (PDT)
Received: by mail-qt0-x235.google.com with SMTP id c13so63722155qtc.1 for <dcrup@ietf.org>; Fri, 19 May 2017 10:40:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6qoslcEAaoHuMT4cqcg1jS8hg7RGWr0rg8ntZpUvdcs=; b=E1DicSkgOOTdvp5fNhZL7hyU4bTpXrW17zkJO2+UQg8uwRpd/qjd7Y6yaOLaFOUO3M 4fFFkbnaImojuz2djZJJUkOSawqh63IpQIJ4Wu/XYpNz3b4R/C9y8BdJpQb9S9WjGgFM Byfus+7jfgfpdWZubyzuMOLaYRgPBKnN3vyzsZAwKHIbUy/yGVzvpUU35/e2AJI/vlSf gWQYXIsAEg3YpYXrX0htezNAdIS9omlSwg1J+9clLpi7O4WhiqrddyjTVJJ2bNeJzYOa G69f+9RZfq8i83+4vwBi21AubCcOPXKII0Pz+q6OgpG06YaB6CZdD11Fi/UXcx5RzOAA UKNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6qoslcEAaoHuMT4cqcg1jS8hg7RGWr0rg8ntZpUvdcs=; b=XR1mXq8kIzj/gWbie4a0aRey6BTk/hYED1qObk1d/s1L06IYt4vSb33lhmHxYSJA0m UG+CvPX4bwYciqshhu0+x18VXUSL33/hTrHGMd7J9iE1RlBzEm76cr0jlJOdkFAnI3JA qoCoNhzW3PDb3E6EoHChr/JexWi+5bUN8vufFd77tW7qhpCv1XdWn2ygy1ONriChtK8x gOiDdYk4Hqd/lwJfkZkm3zx9UHeuHLT8mK0iwPSrJ4BfNF+MdnFSnygWHnfsNl02wM8O CN/d7W2+zbyvctoUUgAsPlZFNl8HBtKSKJM7vjLmKegpSmALe5lq7pPJPx6UQwKUmkjI KK+A==
X-Gm-Message-State: AODbwcDcSXwIJ+uRZRbT3/R9p/hhZ9P5UX9IbfgESzgdV270YX2D1Rqw Pf5xT4uhACb350yC7pCCGjESsmLUxKaIsx0=
X-Received: by 10.200.55.6 with SMTP id o6mr9949936qtb.236.1495215611092; Fri, 19 May 2017 10:40:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.185.152 with HTTP; Fri, 19 May 2017 10:40:10 -0700 (PDT)
In-Reply-To: <360CB42F-6B1A-4A6F-95D2-EFF36C449EBB@vigilsec.com>
References: <20170519144243.4945.qmail@ary.lan> <360CB42F-6B1A-4A6F-95D2-EFF36C449EBB@vigilsec.com>
From: Peter Goldstein <peter@valimail.com>
Date: Fri, 19 May 2017 10:40:10 -0700
Message-ID: <CAOj=BA0gKP9x5jgkZEUJD-EJvRSwC0dgmijwbDirsCQT4z0E4Q@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: dcrup@ietf.org
Content-Type: multipart/alternative; boundary="001a1140a0b05cb4b1054fe40377"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/rs8PjrgvtdMQIvY-mjgApuRvMmQ>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 17:40:15 -0000
It's going to be hard to move straight to 2048 bit RSA as the minimum key size. The challenges with 2048 bit RSA are largely an issue of the limitations of the DNS infrastructure in use by the sending domain. In some DNS managers, the Web UIs (and occasionally the underlying infrastructure) don't allow domain owners to enter records that are larger than 512 octets. Users of these DNS managers generally cannot provision 2048 bit key DKIM TXT records. That's a problem for self-managed infrastrucutre and email services that provide TXT records for DKIM. Also, as far as I'm aware almost none of the existing email service providers offers the option of a 2048 bit DKIM key out of the box. For those systems that use CNAMEs, upgrading to 2048 bit keys will be relatively straightforward. But for those that distribute TXT records (most of them), they will face more of a challenge to upgrade their users to 2048 bit keys - both because of the above domain limitations and because they're going to need to get their customers to make DNS changes. Given the above, Scott's suggested approach for RSA sounds like the right one - especially if we can combine it with statements from the large receivers that they will plan to sunset support for 1024 bit keys (much as they did for 512 bit keys) at some point in the future. That will both incentivize domain owners and email services to upgrade their key size to 2048 and give the ecosystem time to adjust. That said, I think it's also important to start the process of transitioning to Elliptic Curve. Defining the updates to the spec, getting some software to support it (i.e. OpenDKIM), and working with the large receivers to get them onboard are all steps that can be taken in parallel with Scott's suggested approach for RSA keys. Best, Peter On Fri, May 19, 2017 at 10:02 AM, Russ Housley <housley@vigilsec.com> wrote: > >> I suggest that 2048 bit RSA be considered the minimum key size. > >> Samller sizes are not really safe these days. > > I'm surprised to hear this. Remember that DKIM signatures are > > relatively low value and not intended to be archival. They're > > typically verified within a day of being signed, and the design > > encourages key rotation (although I admit that in practice most people > > don't rotate very often.) > > > > How much effort does it take to crack a 1k signature? > > NIST has told everyone to move away from SHA-1 for for all uses except > HMAC-SHA-1. > > NIST has told everyone to move toward RSA with 2048 bit keys, even for > entity authentication applications like DKIM. > > If RSA keys of that size are a problem, then it it time to start the > transition to Elliptic Curve. We know it will not happen the day the RFC > gets published. > > Russ > > _______________________________________________ > Dcrup mailing list > Dcrup@ietf.org > https://www.ietf.org/mailman/listinfo/dcrup > -- [image: logo for sig file.png] Bringing Trust to Email Peter Goldstein | CTO & Co-Founder peter@valimail.com +1.415.793.5783
- [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Mark D. Baushke
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- [Dcrup] New algorithm availability was: Re: draft… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein
- Re: [Dcrup] New algorithm availability was: Re: d… John Levine
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] New algorithm availability was: Re: d… Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Steve Atkins
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Russ Housley
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Salz, Rich
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Jim Fenton
- Re: [Dcrup] New algorithm availability was: Re: d… Scott Kitterman
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 John R. Levine
- Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00 Peter Goldstein