On 23 Feb 2006, at 1:54 PM, Hallam-Baker, Phillip wrote:
We know that 4096 bit keys will not fit into a standard DNS record.
But Phill, we don't *need* 4096 bit keys before 2009.
A DKIM key isn't a CA root key. It signs a message to take
responsibility for it. The semantic lifetime of a given signature has
an upper bound of somewhere between a week and a month. According to
NIST's estimates, a 3k key has 128 bits of strength. For DKIM
purposes, a 2k key changed once a year is great. DKIM is ones of the
places where even paranoids like me don't twitch at 1k keys. If
someone goes and builds one of Adi Shamir's optical crackers, they
can do a single key a year for $10M.
If there's so much money in abusing unauthenticated email that this
is a threat, then we have problems cryptography can't solve. Yeah,
yeah, by 2020 or 2030, we'd better be on ECC. And by then, there
won't be IP issues. Unless of course someone makes practical quantum
computers, but that's a different issue.
Jon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html