Dne 27. 10. 2023 v 23:02 John Levine napsal(a):
It appears that Scott Kitterman <skl...@kitterman.com> said:
On October 27, 2023 2:56:30 PM UTC, "Murray S. Kucherawy" <superu...@gmail.com>
wrote:
On Sun, Oct 1, 2023 at 1:50 AM Jan Dušátko <jan=40dusatko....@dmarc.ietf.org>
wrote:
I would like to ask to consider the possibility of defining a DKIM
signature using Ed448. [...]
My view is that more encryption algorithms are bad for interoperability. For
DKIM signing/verifying to work, senders
and verifiers need a common algorithm. More choices make this more complex to
achieve.
We standardized ed25119 as a hedge against unknown vulnerability in RSA. ...
Since we already have ed25519, why would we want ed448? If ed25519 is a ten
ton steel
door on our cardboard box, ed448 is a fifteen ton steel door.
R's,
John
In my opinion, the verifiability of the place and time of origin needs
to be addressed, which is one of the reasons to use DKIM:
- Ed25519 has a security equivalent of 125b, a little less than the
currently required security equivalent 128b (more-less the same)
- Ed448, like Ed25519, is standardized both within TLS 1.3 and for
digital signature thanks to NIST and ETSI
- RSA should be vulnerable to Shor algorithm (one QFT) in the future
- ECDSA/EDDSA should be vulnerable to modified Shor algorithm (two QFTs)
in the future
- PQC migration will also need to be addressed in the near future
It is not a question of how many algorithms there will be, but what
algorithms will be involved. In my view, RSA has a huge disadvantage
with key length (DNS response size) and a lower increase in security due
to the increase in key size. In contrast, both Curve25519 and Ed448 fit
into one answer and have a significantly higher security equivalent.
Question if makes sense to secure that cardboard box of SMTP protocol
with a one-ton vault door, my answer is simply yes. Because cryptography
has the ability to prove a place of origin while protecting against
modification. But is it possible and feasible?
Regards
Jan
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
