On Friday, October 12, 2018 06:02:40 PM pg...@dev-mail.net wrote: > > RFC 8301 removes rsa-sha1 from DKIM, so "FinCo" isn't wrong to consider > > the signature invalid. It's a bit aggressive for my taste, be it's the > > receivers call. The most I might do is ignore the signature. It's > > definitely not a reason to block the message. > > Thanks for the relevant rfc. > > I tend to agree. > > I may have been unlcear -- it's my server receiving emails from the errant > FinCo, dkim-signed with sha1 sigs. So up to me to determine if they are > 'putting clients at risk' by being lazy about their security, and blocking > their messages. > > Simply, IMO, FinCo's admins are being lazy/sloppy. They _should_ know & do > better. (This really is a BIG organization; personally, I'd be embarrassed > ...) > > My suspicion is that this is NOT rising to "nuke the basatards" smtp > response, and that I should figure out how to get the attention of the > right persons (NOT 'customer service') at FinCo. TBH, how to make that > contact is beyond me; public shaming on Twitter might be an option ;-) > > That's for DKIM.
To amplify a bit: RFC 8301 changed two security properties relative to DKIM: 1. Removed rsa-sha1 from the algorithm set (later replaced by Ed25519-sha256 in another RFC). 2. Bumped the minimum acceptable RSA key sized to 1024 bits (with 2048 recommended). The latter change is operationally much more important today (it's at least 5 years late). Not accepting DKIM signatures based on RSA keys < 1024 bits is something everyone should be doing and there are risks in not doing so. The removal of rsa-sha1 was done ahead of it being broken for this use case (on the theory it's better disuse in advance of the need to panic over it). Scott K
