Your message dated Sun, 26 Apr 2015 15:01:09 -0400
with message-id <3473712.cWXA8ZFs7T@kitterma-e6430>
and subject line Re: opendkim: Set default MinimumKeyBits to 2048
has caused the Debian Bug report #751556,
regarding opendkim: Set default MinimumKeyBits to 2048
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
751556: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751556
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: opendkim
Version: 2.9.2-1
Severity: important
Hi,
It seems that the default MinimumKeyBits is still set to 1024.
Please change that to 2048. All certificates for server
authentication (what DKIM does) with RSA keys smaller than 2048
should either have expired before 2014 or should have been
revoked. There is no excuse for using RSA keys smaller than 2048
bit.
Kurt
--- End Message ---
--- Begin Message ---
On Friday, November 28, 2014 11:44:45 PM Kurt Roeckx wrote:
> On Fri, Nov 28, 2014 at 05:01:56PM -0500, Scott Kitterman wrote:
> > I did investigate this and there is a valid reason for this. There are
> > DNS
> > service providers that limit TXT records to a single 255 character string
> > (even though DNS has no such limit). 2048 bit key records won't fit.
>
> I could understand limiting to 512 byte for the whole packet.
> There should be enough space for 2048 bit. Larger than 512 byte
> _should_ work, but I know it breaks all over the place.
>
> That certain other software is broken is a stupid excuse for not
> having a sane default. Please don't let them hold back the rest
> of us.
>
> > DKIM is designed to give some minimal level of assurance the message
> > hasn't
> > been modified, as such, it's not likely to be a primary target of someone
> > seeking to factor 1024 bit keys (the same is not true of smaller keys
> > which
> > were successfully factored in the wild a few years ago).
> >
> > The generally recommended best practice for DKIM keys is to rotate them
> > regularly to mitigate risks like this.
>
> There are places that do recommended rotating it, but not all of
> them do. But they should be rotated if you use larger keys.
>
> I also don't understand why you think 512 would be bad but 1024
> not. You just need a larger budget.
512 was broken by someone in their house with a local computer who thought it
was a Google recruiting test. 1024 would take a substantial effort. DKIM keys
are intended only to provide ephemeral protection against spoofing. There
isn't the same potential benefit with breaking a DKIM key as with other types
of cryptography (for example there's no privacy implication).
1024 remains the upstream and RFC recommendation. I don't intend to deviate
from it. I did go back and update README.Debian to provide more information
on using 2048 bit keys so the user can decide what's appropriate for them.
2048 bit keys are not the norm today. Upping the minimum default is just
going to cause a pile of interoperability problems. Having a Debian specific
minimum is begging trouble. Since this is just a default, you're welcome to
change it locally, but expect a lot of signatures not to validate.
If you think 2048 should be the minimum, go get the IETF to publish a BCP that
says that. This really needs to be a global change.
I'm going to mark this done because updating the documentation to discuss
publishing 2048 bit keys is as much as can be done in Debian for now.
Scott K
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
