At 7:07 AM -0800 3/16/06, Michael Thomas wrote:
Isn't there something of a calculation which equates effort to
break over time?
BCP 86 / RFC 3766
DKIM lifetimes are normally quite short, so
smaller keys are not implausible, especially given the level
of protection DKIM actually provide (weakest link: DNS).
Yes.
At 3:16 PM +0000 3/16/06, Stephen Farrell wrote:
Just to be clear though - there
are two lifetimes in DKIM - signature lifetime, related to
message transit times, and key lifetime, related to some unknown
management cycle, and its the latter (and presumably longer) one
that's in question here.
Correct. On the other hand, there is lots of text in the spec
indicating that changing keys is likely to happen often for many
different reasons.
If we were to continue to allow (let alone MUST) 512, then I
think there'd need to be a serious warning to change those
keys pretty often.
Only if those keys were considered to be valuable by an attacker so
that it is worth spending thousands of MIPS-years to factor the
public key.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html