Re: [ietf-dkim] DKIM Key Sizes
Peter Goldstein <peter@valimail.com> Sun, 30 October 2016 21:39 UTC
Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA90D12946D for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sun, 30 Oct 2016 14:39:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.809
X-Spam-Level:
X-Spam-Status: No, score=-0.809 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lCZpclYk9ys for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Sun, 30 Oct 2016 14:39:02 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E9221293FF for <ietf-dkim-archive@ietf.org>; Sun, 30 Oct 2016 14:39:02 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9ULcZb1032602; Sun, 30 Oct 2016 14:38:36 -0700
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=valimail.com header.i=@valimail.com header.b=LcNxglIC; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-qt0-f173.google.com (mail-qt0-f173.google.com [209.85.216.173]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u9ULcVDk032598 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Sun, 30 Oct 2016 14:38:33 -0700
Received: by mail-qt0-f173.google.com with SMTP id w33so22976834qtc.3 for <ietf-dkim@mipassoc.org>; Sun, 30 Oct 2016 14:37:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OlkMKUcBfDsLsgnGlDRDom8kyd/B4Rl1CVwIAdt8kuA=; b=LcNxglICLCeHX9YRVEjXnUecnoXw8WJ3Z5OjsOKuvsaHLsj7SU0x6E4V7eE07TjYPe Dgu+4CawCFES7ryu0bpgyWaubvg7ziyRsU1m0hcT4H8o8a9FKd0soxg5mmzTuttaA26r WgakEf5fSEcwDqBBkTvRL9gPGcwnKHGCkPc8AWkr0p944IgjgnnG4F4YY0E/4BwTzzx4 bb4w7HhrL9Hbzq7k1iLtNWcUXzJjynuSvZdyXIcnhNH8K/Gpv5IkPXkf5g7EDgumfTkr NNMjSqVC9mcM9oaIrRRwVTkAQn0MHRyZ9m0kT8wOj1HVKCvBkzJwO3ZoS18UmjgL0n00 OqnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OlkMKUcBfDsLsgnGlDRDom8kyd/B4Rl1CVwIAdt8kuA=; b=gJtqk+D7ocu7l8yf+s5pDqnbVH8WolNZ6W3bAgDcb09kp0VCtixrJ2esxcx8b0Q1CJ h2aSvtdv0k2lBnsoXJrzYntS5bSLzs47aUtU7TMQ6WtPUGSqjciDTtk4Y+b64Q3WyA+2 o7LCIiPCWK+Gp/Go8Vp4Qkj/lnUjbURkSX9ycej+SZZmnqASVe/I99lHL3YtVGoNS31D kvEwbIIBRaFoxvQ7Y56PoarclydZOLv2wP5C9gvAv1w2Y/iuDWhoEN9b+jaaxk2VAeF9 vwb36sq/vfGXz6b+INzc6GjWqTzmfvepMo0bW6ghr8O9fth5+Q0vHAsw/NBpezq20fZx aA6Q==
X-Gm-Message-State: ABUngvfqinDso3gDrZ88tGLXKHPdVqDwOJb2s4d1fR49C+/2svQiQE2Fyn6eRKpbZkp+TjYnkxbAUPpD05ThHQ==
X-Received: by 10.237.59.28 with SMTP id p28mr22266081qte.62.1477863459270; Sun, 30 Oct 2016 14:37:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.161.132 with HTTP; Sun, 30 Oct 2016 14:37:38 -0700 (PDT)
In-Reply-To: <20161029192601.GA3159@lapsedordinary.net>
References: <CAOj=BA3TFzxnHHZ+-tpoMCWxhaGvOg0RREbcYbpzS9g3g8i=Qg@mail.gmail.com> <33093A9D-5406-4BEF-AE65-66696B664593@callas.org> <fc07cb56-ed9b-273d-54c1-0c6e67a7fe16@cs.tcd.ie> <20161029192601.GA3159@lapsedordinary.net>
From: Peter Goldstein <peter@valimail.com>
Date: Sun, 30 Oct 2016 22:37:38 +0100
Message-ID: <CAOj=BA0PSQC4gQpdqEs1GnoWMurjFtdM1AzpyP-cCo9Z7kLmHQ@mail.gmail.com>
To: Martijn Grooten <martijn@lapsedordinary.net>
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] DKIM Key Sizes
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4903842551435007825=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>
> > As for the original question, I agree that longer keys should be > supported as a matter of principle. But before we end up with an RFC > that makes implicit promises about what receivers can handle that don't > match reality, does anyone have an idea whether receivers can handle > key sizes larger than 2048 bits in practice? (I know the maths is the > same, but it'd make sense to set some kind of upper limit to avoid > getting DoS'ed and for all I know, people may have set that limit to be > 2048 bits.) This is certainly a fair point. I raised the issue with representatives of one of the big U.S.-based receivers, and they indicated that they can accept keys at least up to 4096 bits. But it's probably worth setting up a test mail server and validating the behavior with assorted receivers. I can look into doing that. It's also probably worth ensuring that the major open source DKIM implementations support both signing and verifying with 4096-bit keys. Aside from OpenDKIM and dkimpy, are there any others that should be checked? Best, Peter On Sat, Oct 29, 2016 at 9:26 PM, Martijn Grooten <martijn@lapsedordinary.net > wrote: > On Fri, Oct 28, 2016 at 11:06:34AM +0100, Stephen Farrell wrote: > > Instead, I'd point out that this can be handled, even now, > > by simply rolling to a new key and then shortly publishing > > the private key used to sign the messages. That way Podesta > > could deny the content once more, at least at the crypto > > level. > > (...) > > > I could imagine us writing an RFC about why and how to do > > DKIM signature key rollover and private key publication and > > would be happy to help if there were a chance it'd get some > > traction. > > I think this is a really neat solution and I'd love to see an RFC like > this. In theory, that is. > > In practice, I think that plausible deniability is something that > concerns very few people outside the crypto community. Maybe there is a > need for such an RFC among the modern day Lavabits, and if that is the > case it would be great if we could contribute, but I would expect people > running such services to understand their complex threat models quite > well already. > > As for the original question, I agree that longer keys should be > supported as a matter of principle. But before we end up with an RFC > that makes implicit promises about what receivers can handle that don't > match reality, does anyone have an idea whether receivers can handle > key sizes larger than 2048 bits in practice? (I know the maths is the > same, but it'd make sense to set some kind of upper limit to avoid > getting DoS'ed and for all I know, people may have set that limit to be > 2048 bits.) > > Martijn. > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJYFPfJAAoJEI5dMs9dIv8Z/SUH/jAe2uvRQ26D+/rEAMLRbsKP > Bc8/SPsYH2lEKEf9w2xljTbRyP6M6puUFZsciPTq7v44L7Giov0gvdcDzDVVfL/A > 71yZD7abViSqIbIvcAvh0yWtWF8oRv8oOfivcGdoOaDec+zTgS0FnEyBhyA70lJC > W0pbIm8RvFCwKPjVMuFQ1mElFnSPoi0PPwP6HEpFXdtnqwfVOPWfcMfnBns6HlnR > ymwCkiYL1z/i/A5P8Gj3VknwtwJxvuOQUYjB+iZVaHDiANlSAnU0MdTSkVenKeBH > FYe8l3sEYk8NTxoJK+Z1iJ+LwasOg8qztZOimP4MMrED+5RnLfdwMQk5bDzClJw= > =3yQ1 > -----END PGP SIGNATURE----- > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > -- [image: logo for sig file.png] Bringing Trust to Email Peter Goldstein | CTO & Co-Founder peter@valimail.com +1.415.793.5783
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] DKIM Key Sizes Peter Goldstein
- Re: [ietf-dkim] DKIM Key Sizes Jon Callas
- Re: [ietf-dkim] Smaller keys/Bigger privacy (was:… Jon Callas
- Re: [ietf-dkim] DKIM Key Sizes Stephen Farrell
- Re: [ietf-dkim] DKIM Key Sizes Eliot Lear
- Re: [ietf-dkim] DKIM Key Sizes Rolf E. Sonneveld
- Re: [ietf-dkim] DKIM Key Sizes Eliot Lear
- Re: [ietf-dkim] DKIM Key Sizes Eliot Lear
- Re: [ietf-dkim] DKIM Key Sizes John R. Levine
- Re: [ietf-dkim] DKIM Key Sizes Martijn Grooten
- Re: [ietf-dkim] DKIM Key Sizes Roland Turner
- Re: [ietf-dkim] DKIM Key Sizes Peter Goldstein
- Re: [ietf-dkim] DKIM Key Sizes John R. Levine
- Re: [ietf-dkim] DKIM Key Sizes Jon Callas
- Re: [ietf-dkim] DKIM Key Sizes Scott Kitterman
- Re: [ietf-dkim] DKIM Key Sizes Jim Fenton
- Re: [ietf-dkim] DKIM Key Sizes Eliot Lear
- Re: [ietf-dkim] DKIM Key Sizes Brandon Long