IETF Logo Mail Archive

Re: [dispatch] Updating DKIM for stronger crypto

"John R Levine" <johnl@taugh.com> Tue, 21 March 2017 14:05 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5420112948B for <dispatch@ietfa.amsl.com>; Tue, 21 Mar 2017 07:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=w6icEkSf; dkim=pass (1536-bit key) header.d=taugh.com header.b=SeFWiqsy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uhMiopBpDIip for <dispatch@ietfa.amsl.com>; Tue, 21 Mar 2017 07:05:24 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89A7B1200C5 for <dispatch@ietf.org>; Tue, 21 Mar 2017 07:05:24 -0700 (PDT)
Received: (qmail 88478 invoked from network); 21 Mar 2017 14:05:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1599c.58d13323.k1703; bh=ZCGe9n0J9eHHbFMbnMFwr9BxMMhCVhZwQVUNhp9K9Vk=; b=w6icEkSfL+hjBrBMkeycL8tL1dmXTybfC3lmcTN0rbvL05uYGQagw1cM2GDxZTEgAXqEIepX1BAV/9fIRsK+LqG7NfWMMiR58eJAAY12YNmTzWF5ChWFUgkiZMPxhYYtrh798lNVpeyfFHA79d6ZFOYOGNucx4xUOeMBLUsl3g9Ixpzz+qDCMDl/LIbpoPsI4SZPS8eXxiYjcgDO3Af+e9JRO88CdL6hgF57gXbx5IAUJAJhtu7QWQt7q+0VMgzy
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1599c.58d13323.k1703; bh=ZCGe9n0J9eHHbFMbnMFwr9BxMMhCVhZwQVUNhp9K9Vk=; b=SeFWiqsyP1XkRZhoKztXbOa10AehmjVBGQr9LAjaNoKGQbnj5zmzx2MjotJfridpOkdmGOavNBftZrXIUl/vqvVXgiu9pirNLiZXF5b3f1ViOw4DO0zwnnN5UNRQRupDPUBPB/M2impac4Z95KfiEJCqsSJ4L1mfWivwz9GgG8zJwCVA1koiperz3Qoj2RBb9t5AgJk1NuegqVWQ7ygstFnLjEGyNPMYuzk6CTRGbgmn1nawVMtlQJNwYcfCvZ8V
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 21 Mar 2017 14:05:23 -0000
Date: Tue, 21 Mar 2017 10:05:22 -0400
Message-ID: <alpine.OSX.2.20.1703210930150.22945@ary.qy>
From: John R Levine <johnl@taugh.com>
To: DISPATCH list <dispatch@ietf.org>
In-Reply-To: <CABcZeBObvXkFd2G7st1iywMjVr-JWvzMrV46zCXZ251LHiddGA@mail.gmail.com>
References: <20170206020826.1108.qmail@ary.lan> <29F6F66C-F14F-402A-83D4-CAC70841667E@iii.ca> <CABkgnnVX3rgMY0ZGmf_xcQ+zgGtCMaZcsymyW2BCWBeAKm_CqQ@mail.gmail.com> <b7f8064f-d91d-6c16-b984-fd20014c7975@cs.tcd.ie> <CABcZeBObvXkFd2G7st1iywMjVr-JWvzMrV46zCXZ251LHiddGA@mail.gmail.com>
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/fl7TPtqFqV91NzSLp3T2CJDTg-c>
Subject: Re: [dispatch] Updating DKIM for stronger crypto
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 14:05:26 -0000

> Note that I have no particular axe to grind in favor of
> RSA, but to the extent to which your problem with RSA is merely the size of
> the key in the DNS, then this is the minimal change. In fact, I would argue
> that if you're going to bother to update the specs at all, you should stuff
> the hash in the DNS, not the key.

Given the difficulty of opening up specs, if we're going to do anything 
I'd like to both add the new algorithm and the option to publish key 
hashes.

>> Last year, we learned that DKIM signatures can survive exfiltration and 
>> other subsequent steps leading to publication via wikileaks and that 
>> the same public keys allowing verification were still in use.

This wasn't a surprise to people in the mail ops community.  Most signers, 
even big ones, never rotate their keys, so if you can find an old message, 
you can probably validate it.  Even for people like me who do rotate, 
large passive DNS databases probably have the old keys.  Also, it is my 
recollection that the signatures weren't so much ephemeral as that they 
were expected to be checked fairly soon after signing so long-term 
security wasn't part of the model.

If someone wanted to write something about key lifetimes with a way to 
poison keys by publishing them, that would be OK with me but I wouldn't 
want to put it into the DKIM spec.  Currently it offers no advice on key 
rotation beyond noting that it's possible, and no useful advice on key 
sizes.

R's,
John

v2.23.0 | Report a Bug | By Email