IETF Logo Mail Archive

Re: [ietf-dkim] DKIM Key Sizes

Eliot Lear <lear@cisco.com> Fri, 28 October 2016 13:38 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0571129A91 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 28 Oct 2016 06:38:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EV9X_TgfQjyP for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 28 Oct 2016 06:38:43 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 991F91294E3 for <ietf-dkim-archive@ietf.org>; Fri, 28 Oct 2016 06:38:43 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9SDcVQ1006108; Fri, 28 Oct 2016 06:38:32 -0700
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=cisco.com header.i=@cisco.com header.b=FYavc98p; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9SDcQP6006092 (version=TLSv1/SSLv3 cipher=DHE-RSA-SEED-SHA bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Fri, 28 Oct 2016 06:38:28 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4968; q=dns/txt; s=iport; t=1477661863; x=1478871463; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=xBOnCh24uX87Ll+kqGaPGY0yv3nP8SrO/uOLrQ7L5cI=; b=FYavc98pHpGAH+ckpPjHuR6L6PGoUXiTHjZoIgfiEQ0bOEs/OfZX/dWc Zd3AVEdkj3aNFigDfICQmQL18321NpSoss7vLHMQGlEJDhrWU+puPy4/n PaoNOrA0AtC+hZNTV7qxTFRA9LSIq+4hkK1gG0OulXKZ/fqHx80HscGSP g=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BvAQBSVBNY/xbLJq1SCRkBAQEBAQEBAQEBAQcBAQEBAYMqAQEBAQGBIY4Jln+SMIIPggeGIwKCNxQBAgEBAQEBAQFiKIRjAQEEI1YQCxgqAgJXBgEMCAEBiFCxPIxyAQEBAQEBAQEBAQEBAQEBAQEBEQ6IOoJYhCCDK4JbAQSaGINDgXmKa4lyhhKND4QBHjYtJAYIgxscgVU8hXErggsBAQE
X-IronPort-AV: E=Sophos;i="5.31,410,1473120000"; d="asc'?scan'208";a="647711031"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Oct 2016 13:37:33 +0000
Received: from [10.61.105.101] (dhcp-10-61-105-101.cisco.com [10.61.105.101]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u9SDbXME032446; Fri, 28 Oct 2016 13:37:33 GMT
To: dcrocker@bbiw.net, "Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl>, Jon Callas <jon@callas.org>, Peter Goldstein <peter@valimail.com>
References: <CAOj=BA3TFzxnHHZ+-tpoMCWxhaGvOg0RREbcYbpzS9g3g8i=Qg@mail.gmail.com> <33093A9D-5406-4BEF-AE65-66696B664593@callas.org> <041f61a9-df5a-5c67-6640-6b1c05bf6c9f@cisco.com> <472e8870-b2b8-c42e-2146-ad45750e2474@sonnection.nl> <1a80d63a-4539-1fc4-9e5a-47a3d92ce89e@cisco.com> <9709551e-8158-b347-73c1-acb93e8c25a1@dcrocker.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <af9f2021-ada8-5bc6-be9f-402088465adc@cisco.com>
Date: Fri, 28 Oct 2016 15:37:32 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <9709551e-8158-b347-73c1-acb93e8c25a1@dcrocker.net>
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] DKIM Key Sizes
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============6448423478848302494=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

Hi Dave,

I understand your despair, but even at the time we allowed for varying
key sizes precisely because we really didn't know how long people would
want to validate for, and we also didn't realize how real a crypto
attack on a dkim signature would be (Google found this problem out the
hard way).  You're precisely correct that when we see people saying that
somehow "John Podesta sent X" means "John Podesta said X" is not
something that DKIM was out to solve.  DKIM CAN'T solve that problem,
and if we attempt to architect it to do so, I'd recommend calling it
something else, because it surely will have very little to do with
Domain-based authentication.

For what it does, if people want to verify that the message came from a
given domain and the key remains valid, so long as the key size is
reasonable, there is some confidence that it will not have been hacked. 
Whether there is value in that is not a question we should even attempt
to answer, but if someone wants to produce keys of a larger length, so
long as it does not cause processing problems on the recipient end, I
don't see a problem.

Eliot


On 10/28/16 2:46 PM, Dave Crocker wrote:
> On 10/28/2016 2:37 PM, Eliot Lear wrote:
>> Hi Rolf,
>>
>>
>> On 10/28/16 2:28 PM, Rolf E. Sonneveld wrote:
>>
>>> An end user often cannot choose to sign or not to sign. The end user
>>> is dependent on what the ESP or the employers organization configures.
>>> Well, of course one could change ESP... But changing employer is quite
>>> a step ;-)
>>
>> The question then becomes this: what is the purpose of that signature?
>> How long should accountability last?  There is also the minor matter of
>> the operational complexity of rotating keys.
>
>
> Just to pour some salt into the wound of this topic:
>
>    DKIM is formally for the very narrow purpose of affixing an
> accountable identity/identifier to a message, where the proffered
> accountability is intentionally quite weak.  It doesn't claim to prove
> anything else.
>
>    It uses authentication crypto to do the affixing, and therefore it
> gets some data integrity as a side-benefit; it's meant to be
> short-term, but as long as the public key stays available, apparently
> it can work for longer-term, as we are seeing.  But really, it's
> purpose is not for the usual array of benefits that accrue with object
> signing.
>
>    However, we are consistently seeing people -- including folk
> attempting to offer technical guidance -- claim that DKIM does offer
> classic authentication benefits.  So, proof of data integrity; proof
> that the message came from the signer; and even proof that the
> contents are 'valid'.
>
>    Trying to educate people into the nuances of DKIM semantics has
> been almost completely useless, although some of us have been making
> vigorous efforts for 10 years.
>
>    I'm coming to think that we probably should stop fighting that
> battle and should, instead, make sure DKIM is does a worthy job of
> performing the functions people tend to assume it does.
>
> sigh.
>
> d/



_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email