On Tue, May 19, 2015 at 11:40:12AM +0200, Alessandro Vesely wrote:
Apologies for jumping in late; just to note that 1024-bit keys seem to have
been accepted until quite recently:
https://www.sophos.com/en-us/support/knowledgebase/122327.aspx
This refers to certificates signed with RSA-1024 keys, which are being
phased out. See e.g.
https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/
It's good to note that when using SSL/TLS your reasons to be paranoid
are orders of magnitude larger than when using DKIM. The fact that some
people believe that cracking RSA-1024 in the not too distant future may
be feasible is considered enough reason to ditch certificates using
them.
BCP 86, which DKIM refers to, makes statements such as "1024-bit RSA moduli
will not be factored until about 2037." Should it be updated?
It doesn't exactly make that as a statement; rather it quotes R D
Silverman who made some educated guesses around the turn of the
century. It doesn't make any explicit statements about what key sizes
are safe for which algorithms, nor does the BCP aim to do so.
I don't think it needs updating; at least not because of the bit you
quote.
(Actually, the BCP isn't all that relevant for DKIM, but probably the
best BCP on key sizes out there.)
Martijn.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html