IETF Logo Mail Archive

Re: [dispatch] Updating DKIM for stronger crypto

Martin Thomson <martin.thomson@gmail.com> Tue, 21 March 2017 08:51 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9451296A5 for <dispatch@ietfa.amsl.com>; Tue, 21 Mar 2017 01:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xjVGa0BYQS0 for <dispatch@ietfa.amsl.com>; Tue, 21 Mar 2017 01:51:18 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB6D1296A0 for <dispatch@ietf.org>; Tue, 21 Mar 2017 01:51:18 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id p64so129783859qke.1 for <dispatch@ietf.org>; Tue, 21 Mar 2017 01:51:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hX6QFo6vR30EzKhgoRkWN3QemTaeKAvGyO5C0LjcRXA=; b=upR9TfltRXuUfq9n/bXcDcqQGz05S4o+aPq8Ycdy/EEPaKDFFPLYZ6npbrvPWbLkga SVnsb+tteHPz8lGcgGkEQeF+fwLKMgvsfQTsglZ4mtwHgAX+5jQLE9qBcmG4T6sg06ju lFCHe7wPeG6fEkM6Opi612CTkshx3VGwBKpeorEd/6rKtt8VA0zGNb9BL3grFzf39Ybz jKJRmtWnV7j+pG2Iq+z4UIR/K/RsHZ30jY4IBlCnlI8dX/+XvZBhyE6feJNVh73DZ2Ym v43/vGMQIpwpbXDLW1Dt4ZEKOUo21x31ieBcx8Yfp8zWkpPIGARSPUizEbqA5KedBY4C 6z5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hX6QFo6vR30EzKhgoRkWN3QemTaeKAvGyO5C0LjcRXA=; b=FYmJZWUsP/S99+Xu8EkiLWuXYYTaw22cLG+vX/nHY2dqu3EBpab5KvUuWHi4/3ecVz 2+hF8//g6JRhIWn3MzfwLu1Sdn7P6qWh1i3Y/+f7S1D1/kIJGXoeTIl/SVEgkd9BhxwQ g+IHBNe0du1usX/Z+pyhHaSsGRcW63UKw3xbtf6cWBpELghyrNrx9NkdoGLoUSReG/DR 4vb4M9m92LbQtgt1lNE1u58kdg8Zjpp5mhNCXQj2usZ06VLh3cAz/t7iM7FwNQZXainF cXilMkp509DZMbhMSt/siRFa1IXCHjojc3xVPUlUpOPiV7FLsBXVZor8Q9UnrFvpnlVT g3HQ==
X-Gm-Message-State: AFeK/H3BQ5J9hS1FO50k6aU2lbAa93+65g+jtJK/N5Z/vdUIVi68yzMafNSnvd4DhjmoFfj64HBYkK5KVuNbEQ==
X-Received: by 10.55.43.23 with SMTP id r23mr1995576qkh.147.1490086277932; Tue, 21 Mar 2017 01:51:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.27.194 with HTTP; Tue, 21 Mar 2017 01:51:17 -0700 (PDT)
Received: by 10.140.27.194 with HTTP; Tue, 21 Mar 2017 01:51:17 -0700 (PDT)
In-Reply-To: <alpine.OSX.2.20.1703202359540.21973@ary.qy>
References: <20170206020826.1108.qmail@ary.lan> <29F6F66C-F14F-402A-83D4-CAC70841667E@iii.ca> <CABkgnnVX3rgMY0ZGmf_xcQ+zgGtCMaZcsymyW2BCWBeAKm_CqQ@mail.gmail.com> <alpine.OSX.2.20.1703202359540.21973@ary.qy>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 21 Mar 2017 19:51:17 +1100
Message-ID: <CABkgnnWJ5O7v_en3YiB0eGdSRZmAyGahm1bUZ0j7XYvkok83sQ@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: DISPATCH <dispatch@ietf.org>
Content-Type: multipart/alternative; boundary="001a11493f9a47ed54054b39bfb9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/aEurgM0dych2TDUbcDJjw0S441Q>
Subject: Re: [dispatch] Updating DKIM for stronger crypto
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 08:51:20 -0000

On 21 Mar. 2017 15:01, "John R Levine" <johnl@taugh.com> wrote:

In looking at this, we should probably dispatch this cross-area to
> CURDLE.
>

Please, no.  There's nothing interesting about the choice of algorithms,
only about how to update the DKIM spec to say what to do.


That doesn't seem like a good reason. I just spent a few minutes with RFC
6376 and it seems obvious that the changes required are minimal as long as
you can conform to the well-established signing API that everyone -
including DKIM - uses. You write a new draft that defines a new codepoint
and the algorithms that the codepoint represents and that is it.

That describes exactly what CURDLE does.  Frankly, the process is pretty
mechanical, if you want to pad a resume with RFCs, it is a good way to get
started.

If there is some way in which DKIM really *is* special despite outward
appearances, I'd be very interested in hearing about it. Requiring a small
public key representation isn't especially interesting or challenging.

v2.23.0 | Report a Bug | By Email