>How would you suggest we drive a revision to RFC 6376 to address this issue?
As you saw, anything in the IETF that smells of crypto tends to go into the weeds with the crypto fad du jour. If you want to do this, I'd suggest an update with a very small focus: 1) Add a new signature algorithm, probably ECDSA, since it has good support in OpenSSL. 2) Deprecate 512 and 1024 bit DSA keys, and recommend 2K bit DSA or 320 bit ECDSA keys. The reason for ECDSA is that the keys are much smaller. A 160 bit ECDSA key is about as strong as a 1024 bit DSA key, so the equivalent of a 4K DSA key is only 640 bits and will fit easily into a single TXT record string. Make it clear that the scope of this update is only the crypto, so we can more easily chase away people who want DKIM to do something it doesn't. R's, John PS: Although it would be entirely appropriate to ask them "where were you when we were writing the last two specs?" people tend not to respond well. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
