[cryptography] DKIM: Who cares?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Oct 26 05:11:04 EDT 2012


John Levine <johnl at iecc.com> writes:

>Hmmn.  Is there some point to speculating about the behavior of mail systems
>about which you know nothing?

Absolutely.  We have a system design to perform a certain function (and,
unfortunately, mis-marketed as being a solution to a rather different problem,
but that's the marketers' fault and not the DKIM designers) that was deployed
using a fatally flawed security config.  I'd like to know why:

- It probably wasn't an accidental mis-config, because it's unlikely that a
  pile of major organisations would all make the same config mistake.  Look at
  SSL, the exact same organisations have no problem using strong SSL keys, but
  the same thing with DKIM uses weak keys.

  (Unfortunately Wired never said what percentage of DKIM users that they
  sampled exhibited this problem, so we don't know if their sample
  represented, say, 80% of DKIM users or 20% of DKIM users).

- It's highly unlikely that all the organisations got together and said "let's
  all agree to use really weak keys".

That means there was probably some business, legal, or social reason why this
occurred.  Social seems unlikely, I can't imagine a legal reason, so I'm
assuming there was some business-case issue that DKIM overlooked.  The point
is that a security mechanism was deployed on a large scale in a very insecure
manner and we have no idea why, which means that we can't address the problem
to ensure that it won't occur again.

I'd like to find out what caused this, not to lay blame, but to understand
what the issue was and to make sure that it won't come back to bite us again
in future deployments.

Peter.



More information about the cryptography mailing list