Re: possible bug in Mail::DKIM when keysize is under 1024 bits

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Mon, 26 Jan 2015 19:23:39 -0700

On January 26, 2015 9:55:06 AM MST, "Murray S. Kucherawy" <msk_at_blackops.org> wrote:
>On Mon, 26 Jan 2015, Benny Pedersen wrote:
>> same here, its just that opendkim reject what is accepted in
>mail::dkim,
>> rfc wiese that should not be diffrent policy on that, you dont have
>to
>> agree that its domain owners onw policy not an enforced c code
>minimal
>
>I don't think this is something opendkim needs to resolve. It conforms
>to
>what the RFC says by default.
>
>> with opendkim 2.10 there is a warning on --bits 512, ok, but it
>should still
>> accept --bits 512 in verify
>
>I'd consider splitting MinimumKeyBits into a basic setting and a verify
>
>override that defaults to 512, given what's in RFC6376 Section 3.3.3,
>but
>only if consensus agrees this is wise. I think it's not wise given
>that,
>as it says there, that keys smaller than 1024 bits are vulnerable;
>adding
>such tolerance means receivers are exposing themselves to an increased
>risk of fraudulent signatures.
>
>Is it a nightmare for you to update your keys to something larger?
>
>> what about domain owners of old software that did not create there
>dkim
>> keys with 2.10, considered shit happends for them :(
>
>I'm under the impression 512-bit keys are not that common, ever since
>it
>was announced that such keys are trivially compromised. I know
>Facebook
>recycled their keys as soon as that was announced, for example.
>
>-MSK

Pretty much anyone that pays attention to security did.

My answer to Benny's question is that people should publish new keys if they want people to pay attention to their signatures.

Please don't pursue this. At best it creates an attractive nuisance.

Scott K
Received on Tue Jan 27 2015 - 02:23:55 PST