[P-U] Re: Postfix lists are migrating to a new list server

[Viktor Dukhovni via Postfix-users]

On Wed, Mar 08, 2023 at 07:42:56AM +0100, Patrick Ben Koetter via Postfix-users 
wrote:

> - The key material is 4096 Bit and it was brought to my attention there's a
>   bug / missing functionality (?) in opendmarc which results in the program
>   being unable to handle keys at sizes larger than 2024 Bit.

I assume that's 2048-bit, not 2024.  Further:

    - NEVER use 4096-bit RSA.  If your security requirements merit a
      4096-bit RSA key, don't use RSA.  All the long-term keys securing
      the operating system updates you rely on, the DNSSEC key of the root
      zone, ... are all 2048-bits.  The threat models for 4096-bit RSA
      look rather questionable to me.  All I see when I see 4096-bit RSA
      is a fashion statement.

    - You could even consider a 1024-bit RSA keys for less bloat, and
      just roll a new key and selector every ~90-180 days.  DKIM
      verifiers use unauthenticated DNS to retrieve the key.  It makes
      little sense to be worried about ~0.5 million core-year attacks on
      1024-bit RSA just to forge some DKIM messages.

Example (cert.org, with little cause for concern, don't even roll the
key all that often):

    $ dig +short -t txt selector1._domainkey.cert.org. |
        sed -ne 's/.*p=\([^;]*\).*/\1/p' | tr -d '"; ' |
        openssl base64 -A -d |
        openssl pkey -pubin -inform DER -noout -text
    RSA Public-Key: (1024 bit)
    Modulus:
        00:b6:de:68:e1:67:b4:f3:88:d5:c8:6f:79:04:99:
        6f:4a:d2:9d:1e:70:3c:cd:e3:4b:67:1e:a0:f1:f2:
        94:7b:91:92:a1:09:22:a4:4d:f0:47:d1:74:3b:65:
        b1:ac:9e:2c:a2:0d:8f:ef:df:03:f9:a1:58:63:79:
        a5:14:5c:47:3d:a2:34:f4:a0:bc:45:e1:73:67:28:
        58:70:fb:2d:92:2d:aa:3e:1b:d9:ba:30:b8:d9:29:
        1d:dc:e5:a8:d3:59:7a:a6:41:23:c2:d6:74:4d:36:
        f9:8c:2c:38:c0:52:8a:79:1b:b8:d1:ce:cc:58:47:
        33:8e:d2:dc:21:b7:2b:17:27
    Exponent: 65537 (0x10001)

However, deliberately minimal key sizes to make a point, are also a
statement, be it on the non-conformist side.  So you're safe with
2048-bit keys, which will remain interoperable longer, given
increasingly strict "crypto policies" in some recent OS "distros"...

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org