On January 22, 2017 3:30:14 PM EST, Kurt Andersen wrote:
>On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein
>wrote:
>
>>
>> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC
>explicitly
>> requires verifiers to validate signatures with bit sizes ranging from
>512
>> bits to 2048 bi
>How would you suggest we drive a revision to RFC 6376 to address this issue?
As you saw, anything in the IETF that smells of crypto tends to go
into the weeds with the crypto fad du jour.
If you want to do this, I'd suggest an update with a very small focus:
1) Add a new signature algorithm, pr
On January 22, 2017 4:48:28 PM EST, Kurt Andersen wrote:
>On Sun, Jan 22, 2017 at 1:18 PM, Scott Kitterman
>wrote:
>
>>
>> On January 22, 2017 3:30:14 PM EST, Kurt Andersen
>> wrote:
>> >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein
>
>> >wrote:
>> >
>> >>
>> >> . . . ARC . . . inherits . .
In article
you write:
>> No responsible operator has used the RFC minimum DKIM key sizes for a long
>> time. They were trivial to bypass half a decade ago. No one has ever
>> complained about 1024 bits default minimum being too big. ...
>I agree with your points, but don't you think it would be
Kurt,
I agree that the best approach would be to update the DKIM spec to reflect
modern cryptographic realities.
I actually broached this topic on the IETF DKIM mailing list a couple of
months ago. The thread quickly evolved into a discussion about using even
shorter key sizes (768 bit) to avoid
On Sun, Jan 22, 2017 at 1:18 PM, Scott Kitterman
wrote:
>
> On January 22, 2017 3:30:14 PM EST, Kurt Andersen
> wrote:
> >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein
> >wrote:
> >
> >>
> >> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC
> >explicitly
> >> requires verifier
On Sun, Jan 22, 2017 at 1:18 PM, Scott Kitterman
wrote:
>
>
> On January 22, 2017 3:30:14 PM EST, Kurt Andersen
> wrote:
> >On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein
> >wrote:
> >
> >>
> >> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC
> >explicitly
> >> requires verifi
On January 22, 2017 3:30:14 PM EST, Kurt Andersen wrote:
>On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein
>wrote:
>
>>
>> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC
>explicitly
>> requires verifiers to validate signatures with bit sizes ranging from
>512
>> bits to 2048 bi
On Sat, Jan 21, 2017 at 4:39 PM, Peter Goldstein wrote:
>
> . . . ARC . . . inherits . . . from the DKIM RFC. The DKIM RFC explicitly
> requires verifiers to validate signatures with bit sizes ranging from 512
> bits to 2048 bits.
>
> There is a separate effort going on in the context of the UTA