IETF Logo Mail Archive

Re: [ietf-dkim] DKIM Key Sizes

Martijn Grooten <martijn@lapsedordinary.net> Sat, 29 October 2016 19:27 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C0FD1295C6 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sat, 29 Oct 2016 12:27:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lapsedordinary.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZ63iuFMCjXg for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sat, 29 Oct 2016 12:27:11 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BFB1129593 for <ietf-dkim-archive@ietf.org>; Sat, 29 Oct 2016 12:27:10 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9TJQr79013635; Sat, 29 Oct 2016 12:26:57 -0700
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=lapsedordinary.net header.i=@lapsedordinary.net header.b=aU85XIz1; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail.lapsedordinary.net (thinksmall.vps.bitfolk.com [85.119.83.85]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9TJQp9R013631 for <ietf-dkim@mipassoc.org>; Sat, 29 Oct 2016 12:26:52 -0700
Received: by mail.lapsedordinary.net (Postfix, from userid 1000) id 139C534044; Sat, 29 Oct 2016 19:26:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1477769161; bh=w0nuMCiYLKYpNBRTFmM33GEiGNxaErABsQrPMOdFrpM=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=aU85XIz1xRnNLluAIizp2/RE9c+/nAsZZeZjXX0jvSWH3KwWkZOvEDHQvky91wabI wCb8oAvr43CBQI0929sEvJ2sv98HPnORbNkrqO3meOrV5qiwrXk4X6RGuzZJLy5+WB 7HEpxMapFTCHcaAdumZZJyxhCrk2pJCxwYJGEeWk=
Date: Sat, 29 Oct 2016 19:26:01 +0000
From: Martijn Grooten <martijn@lapsedordinary.net>
To: ietf-dkim@mipassoc.org
Message-ID: <20161029192601.GA3159@lapsedordinary.net>
References: <CAOj=BA3TFzxnHHZ+-tpoMCWxhaGvOg0RREbcYbpzS9g3g8i=Qg@mail.gmail.com> <33093A9D-5406-4BEF-AE65-66696B664593@callas.org> <fc07cb56-ed9b-273d-54c1-0c6e67a7fe16@cs.tcd.ie>
MIME-Version: 1.0
In-Reply-To: <fc07cb56-ed9b-273d-54c1-0c6e67a7fe16@cs.tcd.ie>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [ietf-dkim] DKIM Key Sizes
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7298429996366533925=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On Fri, Oct 28, 2016 at 11:06:34AM +0100, Stephen Farrell wrote:
> Instead, I'd point out that this can be handled, even now,
> by simply rolling to a new key and then shortly publishing
> the private key used to sign the messages. That way Podesta
> could deny the content once more, at least at the crypto
> level.

(...) 

> I could imagine us writing an RFC about why and how to do
> DKIM signature key rollover and private key publication and
> would be happy to help if there were a chance it'd get some
> traction.

I think this is a really neat solution and I'd love to see an RFC like
this. In theory, that is.

In practice, I think that plausible deniability is something that
concerns very few people outside the crypto community. Maybe there is a
need for such an RFC among the modern day Lavabits, and if that is the
case it would be great if we could contribute, but I would expect people
running such services to understand their complex threat models quite
well already.

As for the original question, I agree that longer keys should be
supported as a matter of principle. But before we end up with an RFC
that makes implicit promises about what receivers can handle that don't
match reality, does anyone have an idea whether receivers can handle
key sizes larger than 2048 bits in practice? (I know the maths is the
same, but it'd make sense to set some kind of upper limit to avoid
getting DoS'ed and for all I know, people may have set that limit to be
2048 bits.)

Martijn.




_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email