Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Scott Kitterman
On January 22, 2017 3:30:14 PM EST, Kurt Andersen wrote: >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein >wrote: > >> >> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC >explicitly >> requires verifiers to validate signatures with bit

Re: [dmarc-ietf] DKIM update, was Section [5.2.1] of the ARC draft

2017-01-22 Thread John Levine
>How would you suggest we drive a revision to RFC 6376 to address this issue? As you saw, anything in the IETF that smells of crypto tends to go into the weeds with the crypto fad du jour. If you want to do this, I'd suggest an update with a very small focus: 1) Add a new signature algorithm,

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Scott Kitterman
On January 22, 2017 4:48:28 PM EST, Kurt Andersen wrote: >On Sun, Jan 22, 2017 at 1:18 PM, Scott Kitterman >wrote: > >> >> On January 22, 2017 3:30:14 PM EST, Kurt Andersen >> wrote: >> >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread John Levine
In article you write: >> No responsible operator has used the RFC minimum DKIM key sizes for a long >> time. They were trivial to bypass half a decade ago. No one has ever >> complained about 1024 bits default minimum being too

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Peter Goldstein
Kurt, I agree that the best approach would be to update the DKIM spec to reflect modern cryptographic realities. I actually broached this topic on the IETF DKIM mailing list a couple of months ago. The thread quickly evolved into a discussion about using even shorter key sizes (768 bit) to

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Kurt Andersen
On Sun, Jan 22, 2017 at 1:18 PM, Scott Kitterman wrote: > > > On January 22, 2017 3:30:14 PM EST, Kurt Andersen > wrote: > >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein > >wrote: > > > >> > >> . . . ARC . . . inherits . . . from

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Scott Kitterman
On January 22, 2017 3:30:14 PM EST, Kurt Andersen wrote: >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein >wrote: > >> >> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC >explicitly >> requires verifiers to validate signatures with bit

Re: [dmarc-ietf] Section [5.2.1] of the ARC draft

2017-01-22 Thread Kurt Andersen
On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein wrote: > > . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC explicitly > requires verifiers to validate signatures with bit sizes ranging from 512 > bits to 2048 bits. > > There is a separate effort going on in