Dave Crocker wrote in
<[email protected]>:
|On 10/29/2023 1:51 PM, Jan Dušátko wrote:
|> In my opinion, the verifiability of the place and time of origin needs
|> to be addressed, which is one of the reasons to use DKIM:
|
|While I think I understand the basis for thinking that DKIM is relevant
|to that determination, it isn't. It's semantics have nothing at all to
|do with authenticating origination, nor certifying content. Note, for
|example, that there can be (and often is) multiple DKIM signatures,
|affixed at different time.
This is why it is so important that ARC makes headers directly
addressable in infrastructures that ignore the stack nature of
email.
|DKIM says the signer attests to having 'some' responsibility in
|'handling' the message. That is fundamentally different than what your
|text means.
Still the sheer size of "good enough" (tm) RSA is consumes space
and bandwidth, and, yes (do not laugh), electrical energy.
And pushes towards TCP for DNS
I still think ED25519 is not gracefully supported by all DKIM
implementations because you cannot use a stream based approach,
but must load the entire data "in memory", it is a one-off
algorithm. (As is x448.) And some implementations simply decided
it is too hard to implement.
But the IETF *did* standardize this what you claim "overkill", no?
OpenSSH (i am not a cryptographer; they are not either, i think,
but they monitor very closely, what i think) did "also not do 448"
but have chosen to experiment with post-quantum sntrup761, saying
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
To me the thing is, .. you know .., that even MD5 or the slightly
hardened SHA-1 is still "good enough" for signatures, but most
people ran away nonetheless, and today you see SHA-256 or SHA-512,
or BLAKE (etc).
And *if* the entire message has to be "loaded into memory" to be
able to support new and modern algorithms, a lot becomes possible.
Also i personally think of DKIM like i do for a passport. You do
anything possible to make it unforgeable. I want
a cryptographically verifiable path through the stack up to the
origin. DKIM just never tried to offer the necessary hands to
operators of mailing-lists etc to close the cryptographic gap.
ARC will now do this, fully automatic.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
