Re: possible bug in Mail::DKIM when keysize is under 1024 bits

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 26 Jan 2015 08:55:06 -0800 (PST)

On Mon, 26 Jan 2015, Benny Pedersen wrote:
> same here, its just that opendkim reject what is accepted in mail::dkim,
> rfc wiese that should not be diffrent policy on that, you dont have to
> agree that its domain owners onw policy not an enforced c code minimal

I don't think this is something opendkim needs to resolve. It conforms to
what the RFC says by default.

> with opendkim 2.10 there is a warning on --bits 512, ok, but it should still
> accept --bits 512 in verify

I'd consider splitting MinimumKeyBits into a basic setting and a verify
override that defaults to 512, given what's in RFC6376 Section 3.3.3, but
only if consensus agrees this is wise. I think it's not wise given that,
as it says there, that keys smaller than 1024 bits are vulnerable; adding
such tolerance means receivers are exposing themselves to an increased
risk of fraudulent signatures.

Is it a nightmare for you to update your keys to something larger?

> what about domain owners of old software that did not create there dkim
> keys with 2.10, considered shit happends for them :(

I'm under the impression 512-bit keys are not that common, ever since it
was announced that such keys are trivially compromised. I know Facebook
recycled their keys as soon as that was announced, for example.

-MSK
Received on Mon Jan 26 2015 - 16:55:28 PST

This archive was generated by hypermail 2.3.0 : Mon Jan 26 2015 - 17:00:02 PST