-1 Please stop! No more DKIM code changes ok? The IETF just made it a STD.
Maybe we should remove the STD status first, move it back to proposed standard or experimental if this and other changes are coming. If signers want 1024 bits, then can do so ready. -- HLS On 5/11/2015 1:06 PM, Scott Kitterman wrote: > RFC 6376 (which I think is the latest) includes: > >> 3.3.3. Key Sizes >> >> Selecting appropriate key sizes is a trade-off between cost, >> performance, and risk. Since short RSA keys more easily succumb to >> off-line attacks, Signers MUST use RSA keys of at least 1024 bits for >> long-lived keys. Verifiers MUST be able to validate signatures with >> keys ranging from 512 bits to 2048 bits, and they MAY be able to >> validate signatures with larger keys. Verifier policies may use the >> length of the signing key as one metric for determining whether a >> signature is acceptable. > > Since receivers have no good way of knowing what keys are long-lived, there's > no way on the receiver side to reliably determine if a key shorter than 1024 > bits is being appropriately used or not. I think it's time to kill keys > shorter than 1024 bits dead. It's not like the risks associated with them are > new [1]. > > I propose a short draft that updates 6376 to say MUST use at least 1024 bits > and setting that as the minimum size verifiers must be able to validate. I'm > volunteering to write it if people agree it's appropriate. > > Scott K > > > [1] http://www.wired.com/2012/10/dkim-vulnerability-widespread/ > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
