ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM Key Size Constraints

2015-05-13 13:17:47
On 5/12/2015 10:25 PM, Roland Turner wrote:
On 05/13/2015 12:27 PM, Murray S. Kucherawy wrote:

https://sourceforge.net/p/opendkim/bugs/221/) appears to agree with 
what I'm saying above.  When talking about unacceptably small keys, 
the "unacceptable" decision is not made by the protocol, but by the 
receiver.

+1


(I haven't been tracking this thread in detail, so please forgive my
missing some nuance.)


I think the issue separates between 'interoperability' vs. 'usage
policy'.  The former is the protocol.  The latter is either
Internet-wide BCP or local policy, depending upon strong community
consensus.

I did a quick search for (rfc ietf minimum key size cryptograph) and
found a series of RFCs that do indeed talk about minimum key size.  All
of them are Informational, rather than standards track or BCP.

As a non-crypto-geek, the solid constant I've observed is that crypto
algorithm and key size choices are highly malleable:  they change over
time.  So a protocol needs some agility with respect to these and MUST
NOT be locked in too tightly.

DKIM is algorithm-agile.  It needs to also be key-length-agile.

If there is strong community consensus on the choices of algorithm and
key-length, it needs to be asserted as an operational convention, not in
the base protocol

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html