[ietf-dkim] New Issue: 512 too short?
dotis at mail-abuse.org
Fri Mar 17 16:20:56 PST 2006
On Mar 17, 2006, at 8:48 AM, Russ Housley wrote:
> Security AD Advice
> 512-bit RSA keys are too short. They may be acceptable when the
> crypto period is very short (say a week). I cannot envision most
> administrators accepting the management burden associated with such
> short crypto periods.
> Proposed text:
> Since short RSA keys are susceptible [to] off-line attacks, signers
> MUST use RSA keys of at least 1024 bits for long-lived keys.
> Receivers MUST be able to validate signatures with keys ranging
> from 512 bits to 2048 bits, and they MAY be able to validate
> signatures with larger keys. Security policies may use the length
> of the signing key as one metric for determining whether a
> signature is acceptable.
With respect to 2048 bit keys, there is already a placeholder in the
base draft for developing a much needed binary DKIM key. There was a
concern raised about utilizing the RFC2538 CERT #37 RR for this
purpose. I have assurances Paul Vixie will assist an effort by the
DKIM WG to utilize the CERT RR for the binary version of the DKIM key.
More information about the ietf-dkim