On Thu, Oct 25, 2012 at 12:21:56PM +1300, Peter Gutmann wrote: > Steven Bellovin recently forwarded the following link to another list: > > http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/ > > In summary, it turns out that what seems like half the world's DKIM users are > using toy keys as short as 384 bits. This isn't just Joe's Pizza and > Panelbeating, it's a worldwide who's-who of big-site DKIM users all using weak > keys. Does anyone know why they all do this? Since it's so widespread, my > guess is that the organisations involved don't really care about it and are > just going through the motions, "we're doing this for form's sake and because > not doing so would look bad, not because we believe it adds anything > worthwhile".
I think in practice DKIM is an imperfect and not very effective anti-spam and anti-phishing measure (one of many), and there's indeed not much need to make keys large until the old keys get cracked and start to be used by spammers/phishers (which did not happen so far, as far as I'm aware). Yet I guess there's some reduction in spam/phish mail received e.g. by Googlers as a result of Google mail servers refusing to accept mail with @google.com Froms unless the signature is valid. A reason to use moderately small DKIM keys (crackable with moderate effort, so 512-bit sounds just right at this time) is to allow for plausible deniability in case private e-mail messages leak to the public (or to an adversary). I think this should be explicitly mentioned as a reason to use short-lived smaller keys (over long-lived larger keys) in a future revision of the DKIM RFC (a successor to RFC 6376). People sometimes deliberately don't sign their messages e.g. with PGP, even those who do use PGP on a regular basis, and it's not good for mail servers to force signatures upon them (even if those signatures prove a lot less). Alexander _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
