ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Key rotation

2010-09-04 20:33:19

On Sep 4, 2010, at 2:55 PM, Mark Delany wrote:

On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote:

Do we have any thoughts on 1. how often keys might sensibly be
rotated and 2. how long public keys should remain visible after the
private key has been rotated out?

I believe the general thrust is that DKIM keys are ephemeral so no one
should rely on there long-term presence. Your verifying MTA should
annotate inbound mail appropriately so that subsequent reliance on the
public key is not needed. Authentication-Results header being a good
place to store what is needed here.

(I know you know this, Steve. I'm just setting the stage).

Yup. Phrased more simply, the public key should be available when
the email hits the recipients final MX, but shouldn't be needed after
that.


In that light, I would expect that a public key only needs to stay
around as long as an email can remain in-transit plus some
fudge. Maybe seven days or thereabouts?

Funny you should say that. I'm using 8 days, based on "If mail hasn't
been delivered in 7 days, it probably won't be" plus a one day fudge
factor.

Turning the question back to you. Is there any motive for removing
public keys rapidly apart from when they've been compromised? I can't
think of any obvious reason why you'd want to do this, so I'm curious
to hear of any use-cases you have in mind that warrant rapid removal.

The whole point of rotating keys is so that loss of an old private key
isn't a risk. Given that, I think that even if you're fairly sure that a key
pair hasn't been compromised then you should remove the public
key as soon as is reasonable after you stop signing with the private
key - as the private key continues to be a high value target until
the public key is removed.

Eight days is as short as I'm comfortable with, so that's as soon
as is reasonable for me.

If you know that a private key has been compromised then you
probably kill the public key ASAP - the risk of misuse outweighing
the loss of signature of any emails on the wire. Though if I knew
the key had been compromised because I'd just fired a sysadmin,
rather than because I'd seen spam using it, I'd probably rotate the
private key, then leave the public key up for a few hours, as the
vast majority of email will have been delivered, and the public
key checked, in that time.

Lists of email addresses walk out of ESPs all the time, and I'm
expecting DKIM private keys to have a similar level of leakage.
If I were setting policy at an ESP I'd want to rotate keys pretty
regularly, and kill public keys as soon as possible in order
to reduce their value to insiders.

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>