IETF Logo Mail Archive

Re: [Ietf-dkim] DKIM key rotation best practice

Jon Callas <jon@callas.org> Tue, 11 August 2020 22:25 UTC

Return-Path: <jon@callas.org>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE933A0D4F for <ietf-dkim@ietfa.amsl.com>; Tue, 11 Aug 2020 15:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=callas.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8FBGYq2r0ld for <ietf-dkim@ietfa.amsl.com>; Tue, 11 Aug 2020 15:25:53 -0700 (PDT)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0A163A0D49 for <ietf-dkim@ietf.org>; Tue, 11 Aug 2020 15:25:52 -0700 (PDT)
Received: by mail-pl1-x630.google.com with SMTP id u10so195846plr.7 for <ietf-dkim@ietf.org>; Tue, 11 Aug 2020 15:25:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=callas.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8XdFJm4DCntesfL1xrInPni8qd73BjTqCk3eHxuNlnU=; b=K2h64Pc6sJyrSqrJKX67A6O0jOu3fV0FivVWBh27GCB9gL2Bg74Xf70lbcC5Aq4pKe h+Dp1R6yMXVPjsPM5Yre2OsQBg8X6m7/ZhqL4yByMdVvdSwKw39s6+TLXpLJmA/cAr/x vprr/YVNkc9WTQV0d/0lq9K4AVa4yjR+Mnv7IpsaZlkZC4/7Pel5bGwYIvoJ8Z+Fjcdm Fz9TXcLsZKazTaMo7wz+RM+m2JRW4lxUMDeR1hdjom/yuSnF51VCQEbqOXoEYbfDmt7o jeDMZ9Wc1Lp4nAVj53B2GU2nPTcj7PveevmG31EMN5D9CLqB2Se8OawbM+cpM4/vMk5u B6yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8XdFJm4DCntesfL1xrInPni8qd73BjTqCk3eHxuNlnU=; b=PQRVapYXGdDr3EGu6mUpcyTupmRZhzDezUd9w9svdhoJiBjXRztWAj3SsoDyab3lVD Phy3X8wR5aMDd/X9L4v2PYjnVFVUZV7bSZeVEpfNNt0ebR8pvYfO7tY5aZJqtkId98Lm VansUDJsn6VIsk+OWOdLRgRXdWlxz+fbKckV0MZn5UMncOJNKUrgY/30qNpBOVnG2D5j LHvqLIGtDFOcyHSjHBQxPUH6F5WmxnBYHYs3LZzgXRUsUC7c8f6lGcpxE3ukoqoPHQA2 ZxEhSR78K3isgitj7NyBwUdyrnj4V4lEQABVm079HBIm+gSjH9nBYTIGJa4CXTw1Su5q 4BiQ==
X-Gm-Message-State: AOAM533g8RndWeTsNIs65rtxX8XvVeImCbmWrmpDoM7NFl/pnoJJjYF4 zNYCKOBIRP4TuY7+0sfXBxSLKbBb8jz0OA==
X-Google-Smtp-Source: ABdhPJzHAuokap655G7l75y18RAxFK6ZXFU24ea9VFM4b9W1QGUweXUgoJJ+0MjCdxJVhJLpRFNyBw==
X-Received: by 2002:a17:90a:d78f:: with SMTP id z15mr3252856pju.9.1597184752279; Tue, 11 Aug 2020 15:25:52 -0700 (PDT)
Received: from ?IPv6:2600:1700:38c4:12bf:70d6:8744:d525:456b? ([2600:1700:38c4:12bf:70d6:8744:d525:456b]) by smtp.gmail.com with ESMTPSA id b13sm181422pgd.36.2020.08.11.15.25.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Aug 2020 15:25:51 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <BYAPR15MB25670F15F55200ED4145124AEC480@BYAPR15MB2567.namprd15.prod.outlook.com>
Date: Tue, 11 Aug 2020 15:25:51 -0700
Cc: Jon Callas <jon@callas.org>, "ietf-dkim@ietf.org" <ietf-dkim@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <45C937B6-7C09-4E0C-BB94-02CCF102FE42@callas.org>
References: <BYAPR15MB25670F15F55200ED4145124AEC480@BYAPR15MB2567.namprd15.prod.outlook.com>
To: Shana Bagherian <Shana.Bagherian@tridengroup.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/uxjvOlaE9Ho3KyfYVEZDxBgVJVE>
Subject: Re: [Ietf-dkim] DKIM key rotation best practice
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 22:25:56 -0000


> On Aug 6, 2020, at 3:42 PM, Shana Bagherian <Shana.Bagherian@tridengroup.com> wrote:
> 
> I was looking over rfc 4871 and emailed Eric who suggested I ask the question of you all on this DL.  So, I was wondering if any of the RCSs related to DKIM list a best practice, or if some other authority has given a best practice, regarding how often the keys should be changed?  It seems that best practice is
> every 6 months, but it would be nice for an authority to state so.  Of course, an acceptable answer is ‘it depends’ upon the security needs to the organization, but is if that is the answer – it depends – is there a minimum time frame for generating new keys?
>  

I apologize for being late to this party. As another of the authors of 4871 -- and one who is known to have opinions on key lifetimes -- I feel I should chime in.

DKIM protects an email in transit. Once it's been delivered, the key/signature's job is complete. Typically, this is a matter of seconds or minutes. If retries are needed, most servers stop after four or five days. If we wave our hands and say two weeks, that would cover nearly everything.

Moreover, if a DKIM key vanishes, then the receiver is supposed to process it like it would without DKIM, and typically that is that the content-based spam filtering would kick in. Thus, there's no real need to keep one around for two weeks, and if you then made it be thirty days, it's utter overkill.

If I were building an infrastructure for DKIM, my first approximation would be that there would be a key per day. I'd have a job make sure that there's a key for seven days in the future and delete keys older than 14 days ago. I'd see what my stakeholders said. I would object to keeping them around longer than fourteen days, but would only argue a little bit about thirty days. I'd be adamant it would not be longer than sixty. As Mark Delany pointed out, the Web PKI people are replacing keys for TLS every ninety days, and there's utterly no reason for longer than that. As Dave Crocker points out, DKIM is not data at rest and so it doesn't need anything fancy. 

Summarizing, some job should make sure there are keys for seven days in the future, N days in the past, with 14 being a really good value of N, 30 being meh, and anything longer than 60 utterly overkill.

An alternate strategy would be a Key Of The Month, and do one month ahead and one behind.

Lastly, I'm a huge fan of Michael Specter's paper, and would love it if someone implemented that -- it's a better solution to key retirement for DKIM than gonzo things I've suggested. It's also not germane to your issue.

	Jon

v2.23.0 | Report a Bug | By Email