spf-discuss
[Top] [All Lists]

domainkeys

2004-05-27 04:22:12
Here's a few random comments I have from the Mark Delany (Yahoo!) specs
http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt

 " One way to generate a 384 bit private-key suitable for DomainKeys,
   is to use openssl like this: "

A 384 bit key is never suitable for anything (see here for
details: http://www.rsasecurity.com/rsalabs/node.asp?id=2096 )

If anyone actually followed the examples, spammers would be able to
recreate the private key within hours and head off sending fake
signatures to their hearts content.

768 RSA bits is generally considered the weakest acceptable security
for anything.

A base64 encoded public key of useful strength is around 920 bytes
long after stripping out unnecessary headers etc; an unrealistic
burden to place on DNS.


[...] the "simple" canonicalization algorithm [...] do not
re-arrange or modify headers or contents 

Their only example for implementation ruins every value-add email
business in existence.


And of course - Yahoo currently block all sender-address-verification
methods, which makes it impossible to verify forged yahoo email
addresses, which makes those the favorite choice for spammers, which
gives Yahoo an insanely unrealistic perspective on the whole problem.


S/MIME already exists for senders who want this kind of protection, it
works on individuals rather than entire domains, and it's "end to end"
with useful key management inbuilt (and as a predominantly webmail
service, Yahoo also enjoys an unrealistic idea of what an "end" really
is as well). 


P.S. Forgive my ignorance if I'm off-track or off-topic - I'm unaware
     of what purpose an "internet draft" serves, and what forum exists
     to support debate of same.  The wording of the draft portrays it
     to be an experiment and fact-finding mission, so maybe it's not
     even supposed to be called a "draft" at all?  Here's a few words
     taken in-order but out of context from the "primary goals"
     paragraphs: experiences understand implications evolve needs
     future determine best experiment possible models define.


<Prev in Thread] Current Thread [Next in Thread>