[cryptography] DKIM: Who cares?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Oct 24 19:21:56 EDT 2012


Steven Bellovin recently forwarded the following link to another list:

  http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/

In summary, it turns out that what seems like half the world's DKIM users are
using toy keys as short as 384 bits.  This isn't just Joe's Pizza and
Panelbeating, it's a worldwide who's-who of big-site DKIM users all using weak
keys.  Does anyone know why they all do this?  Since it's so widespread, my
guess is that the organisations involved don't really care about it and are
just going through the motions, "we're doing this for form's sake and because
not doing so would look bad, not because we believe it adds anything
worthwhile".

Peter.




More information about the cryptography mailing list