Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[Slavko via mailop]

Dňa 27. apríla 2023 18:23:10 UTC používateľ John Levine via mailop 
 napísal:
>It appears that postfix--- via mailop  said:
>>Did the German government not require a switch to ed25519? 
>
>Not that I'm aware of. If they did, their mail would stop working
>since essentially nobody validates ed25519 signatures yet.
>
>>And would ed25519 not be better than any RSA?
>
>Sure, but at this point the benefits are not worth the effort of
>upgrading software and rekeying.  You'd also need a very long
>transition period with both kinds of signature which would need
>separate keys (there's only one key in each DNS record) so you'd
>have twice as many keys and twice as many signatures to manage.

And instead of this, we will seggest longer and longer DKIM
keys, until (at some point) the RSA keys will be longer than
average email and verifying that signature will consume many
times more power than whole email transport...

Just because nobody uses Ed25519, as nobody requires it,
and nobody requires it as nobody uses it...

Or the real reason lies in something totally different?

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[Matthäus Wander via mailop]

Florian Vierke via mailop wrote on 2023-04-27 10:01:

I had the same question and the quoted sentence still doesn't explain the why 
for me. The key rotation explains, that it is possible to publish the keys 
without a harm for you, but I don't see a benefit for anybody in publishing the 
old private keys. If you do, I'd be interested in your opinion 😊


This article argues for publishing old DKIM private keys:


Regards,
Matt
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[John Levine via mailop]

It appears that postfix--- via mailop  said:
>Did the German government not require a switch to ed25519? 

Not that I'm aware of. If they did, their mail would stop working
since essentially nobody validates ed25519 signatures yet.

>And would ed25519 not be better than any RSA?

Sure, but at this point the benefits are not worth the effort of
upgrading software and rekeying.  You'd also need a very long
transition period with both kinds of signature which would need
separate keys (there's only one key in each DNS record) so you'd
have twice as many keys and twice as many signatures to manage.

So don't hold your breath.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[postfix--- via mailop]

Did the German government not require a switch to ed25519? just a brain 
bug that started itching when reading this otherwise mildly interesting 
thread.


And would ed25519 not be better than any RSA?  I mean efficiency in 
calculations, transmission, storage, and by no means security / 
non-repudiation.


Thanks in advance to the amazing pool of intelligence on this list for 
the answers to my curiosity


Yuv


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[Alessandro Vesely via mailop]

On Thu 27/Apr/2023 01:21:14 +0200 Matt Palmer via mailop wrote:

the Wikipedia page
for DKIM even lists "non-repudiability" under the heading "Advantages"
(https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Advantages).



Fixed.


Best
Ale
--





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[Gellner, Oliver via mailop]

On 27.04.2023 at 10:01 Florian Vierke wrote:

> I had the same question and the quoted sentence still doesn't explain the why 
> for me. The key rotation explains, that it is possible to publish the keys 
> without a harm for you, but I don't see a benefit for anybody in publishing 
> the old private keys. If you do, I'd be interested in your opinion

I guess John was referring to the part "so anyone can fake an old signature 
from me". At first I read this as a simple consequence of publishing the keys, 
and not as the actual reason to do it, which is why I posted my question. But 
after thinking about it, it makes sense: By regularly rotating the DKIM signing 
keys and publishing the old private keys, the sent messages are DKIM 
authenticated during delivery, but deniable afterwards.

-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Donnerstag, 27. April 2023 00:23
To: mailop@mailop.org
Cc: oliver.gell...@dm.de
Subject: Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

This email has reached Mapp via an external source


It appears that Gellner, Oliver via mailop  said:
>
>> On 26.04.2023 at 04:30 John Levine via mailop wrote:
>>
>> I rotate my keys every month, and publish the old public keys on a
>> web site 10 days after the end of the month so anyone can fake an old
>> signature from me. There's a pointer to the web server in the DNS key
>> records.
>
>Hello John,
>
>is there a particular reason why you are publishing the old keys?

Um, I said why in the first sentence of the paragraph you quoted.

R's,
John


--
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

[Florian Vierke via mailop]

Hi John,

I had the same question and the quoted sentence still doesn't explain the why 
for me. The key rotation explains, that it is possible to publish the keys 
without a harm for you, but I don't see a benefit for anybody in publishing the 
old private keys. If you do, I'd be interested in your opinion 😊

Thanks, Florian


-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Donnerstag, 27. April 2023 00:23
To: mailop@mailop.org
Cc: oliver.gell...@dm.de
Subject: Re: [mailop] DKIM with 3072-bit or 4096-bit RSA signatures

This email has reached Mapp via an external source


It appears that Gellner, Oliver via mailop  said:
>
>> On 26.04.2023 at 04:30 John Levine via mailop wrote:
>>
>> I rotate my keys every month, and publish the old public keys on a
>> web site 10 days after the end of the month so anyone can fake an old
>> signature from me. There's a pointer to the web server in the DNS key
>> records.
>
>Hello John,
>
>is there a particular reason why you are publishing the old keys?

Um, I said why in the first sentence of the paragraph you quoted.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Mapp Digital Germany GmbH with registered offices at Sandstr. 3, 80335 München.
Registered with the District Court München HRB 226181
Managing Directors: Frasier, Christopher & Warren, Steve
This e-mail is from Mapp Digital Group and its international legal entities and 
may contain information that is confidential.
If you are not the intended recipient, do not read, copy or distribute the 
e-mail or any attachments. Instead, please notify the sender and delete the 
e-mail and any attachments.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop