[cryptography] DKIM: Who cares?

Jim Fenton fenton at bluepopcorn.net
Fri Oct 26 16:58:27 EDT 2012

On 10/24/12 9:18 PM, Jon Callas wrote:
> Note the weasel-words "long-lived." I think that the people caught out
in this were risking things -- but let's > also note that the length of
exposure is the TTL of the DNS entries.

I wouldn't characterize those as weasel-words, but rather that they were
intentionally vague given the computational advances that can be
expected during the lifetime of an IETF specification.

John Graham observed this problem in mid-2010:

and I did a survey of key lengths used by known signing domains at the time:

It would be interesting to see if the distribution has changed since
then, but unfortunately I don't have access to that info any more.

-Jim (another of the authors)

More information about the cryptography mailing list