[ietf-dkim] New Issue: 512 too short?
Paul Hoffman
phoffman at proper.com
Thu Mar 16 10:54:42 PST 2006
At 7:07 AM -0800 3/16/06, Michael Thomas wrote:
>Isn't there something of a calculation which equates effort to
>break over time?
BCP 86 / RFC 3766
>DKIM lifetimes are normally quite short, so
>smaller keys are not implausible, especially given the level
>of protection DKIM actually provide (weakest link: DNS).
Yes.
At 3:16 PM +0000 3/16/06, Stephen Farrell wrote:
>Just to be clear though - there
>are two lifetimes in DKIM - signature lifetime, related to
>message transit times, and key lifetime, related to some unknown
>management cycle, and its the latter (and presumably longer) one
>that's in question here.
Correct. On the other hand, there is lots of text in the spec
indicating that changing keys is likely to happen often for many
different reasons.
>If we were to continue to allow (let alone MUST) 512, then I
>think there'd need to be a serious warning to change those
>keys pretty often.
Only if those keys were considered to be valuable by an attacker so
that it is worth spending thousands of MIPS-years to factor the
public key.
More information about the ietf-dkim
mailing list