Re: [mailop] RSA-SHA1 DKIM signatures still in use?

2024-02-12 Thread Seth Blank via mailop 
SHA-1 was SHOULD NOT for a decade, but still in too wide of use, so we
chartered DCRUP at the IETF to deprecate it (and keys < 1024 bits) and also
to separately add ed25519.

Here's the RFC deprecating SHA-1: https://datatracker.ietf.org/doc/rfc8301/

Chances are both your examples are using the same platform to send mail,
that still hasn't gotten the message. If you can shed some light on the
actual sending services (privately is probably best, vs to the whole list),
M3AAWG is next week and a discussion can probably be had...

Seth

On Mon, Feb 12, 2024 at 3:12 PM Scott Mutter via mailop 
wrote:

> How is everyone handling senders that sign their emails with RSA-SHA1 DKIM
> keys?
>
> I'm a bit surprised to see eBay and Match.com sending out messages using
> SHA-1.
>
> I'm seeing a lot of signatures coming in that use SHA-1 but most of the
> domains are questionable at best.  But eBay and Match.com caught my eye as
> being larger companies that I would expect to know better.
>
> To be clear, eBay is sending out some messages with SHA-256 hash, but they
> are also sending out some with a SHA-1 hash.  It appears to be the dkim1k
> selector that is SHA-1.
>
> The Match.com (d=connect.match.com) is using the 102022s2048 selector
> with SHA-1.
>
> Just wondering what everyone else is doing with these?  I thought SHA-1
> was deprecated a long time ago.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 

*Seth Blank * | Chief Technology Officer
*e:* s...@valimail.com
*p:*

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] RSA-SHA1 DKIM signatures still in use?

2024-02-12 Thread Scott Mutter via mailop 
How is everyone handling senders that sign their emails with RSA-SHA1 DKIM
keys?

I'm a bit surprised to see eBay and Match.com sending out messages using
SHA-1.

I'm seeing a lot of signatures coming in that use SHA-1 but most of the
domains are questionable at best.  But eBay and Match.com caught my eye as
being larger companies that I would expect to know better.

To be clear, eBay is sending out some messages with SHA-256 hash, but they
are also sending out some with a SHA-1 hash.  It appears to be the dkim1k
selector that is SHA-1.

The Match.com (d=connect.match.com) is using the 102022s2048 selector with
SHA-1.

Just wondering what everyone else is doing with these?  I thought SHA-1 was
deprecated a long time ago.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop