[cryptography] DKIM: Who cares?

Zack Weinberg zack.weinberg at sv.cmu.edu
Wed Oct 24 21:10:59 EDT 2012


Or perhaps the mere presence of a DKIM record is sufficient deterrent
against spam with forged From addresses at a particular domain, and
that's the only thing these organizations thought DKIM was good for.

zw

On Wed, Oct 24, 2012 at 7:57 PM, Matthew Green <matthewdgreen at gmail.com> wrote:
> That's my impression.
>
> Others have pointed out that 512 bits is a limit imposed by DNS/UDP text record sizes (much more and you need TCP). I don't know if that's accurate and I'm not sure it contradicts my first answer.
>
> Matt
>
> On Oct 24, 2012, at 7:21 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>
>> Steven Bellovin recently forwarded the following link to another list:
>>
>>  http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/
>>
>> In summary, it turns out that what seems like half the world's DKIM users are
>> using toy keys as short as 384 bits.  This isn't just Joe's Pizza and
>> Panelbeating, it's a worldwide who's-who of big-site DKIM users all using weak
>> keys.  Does anyone know why they all do this?  Since it's so widespread, my
>> guess is that the organisations involved don't really care about it and are
>> just going through the motions, "we're doing this for form's sake and because
>> not doing so would look bad, not because we believe it adds anything
>> worthwhile".
>>
>> Peter.
>>
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list