You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ponymail.apache.org by GitBox <gi...@apache.org> on 2021/06/01 12:57:57 UTC

[GitHub] [incubator-ponymail-foal] sbp opened a new pull request #30: Update DKIM-ID

sbp opened a new pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30


   The **DKIM-ID** implementation in Foal is outdated, and corresponds to a very early design in Ponymail's [PR 517](https://github.com/apache/incubator-ponymail/pull/517). This new PR not only brings the design up to date with PR 517, but makes the following extra improvements:
   
   * Uses **[Style O](https://github.com/apache/incubator-ponymail/pull/517#issuecomment-693319064)**, the [compromise solution](https://github.com/apache/incubator-ponymail/pull/517#issuecomment-691482048) for ensuring that messages imported into lists with different list IDs result in different DKIM-IDs generated
   * Increases the length of the DKIM-ID from 26 characters to 32 characters, giving 160 bits of security instead of 120 bits of security. This brings collision attacks out of the currently known capabilities of even nation states
   * Changes the hash algorithm from SHAKE-128 to truncated SHA-256 HMAC. It was necessary to use an algorithm that can provide more than 128 bits of non-collision security in order to get 160 bits of non-collision security, and it was necessary to use a keyed algorithm in order to mix in the list ID. Candidates implemented in Python were SHAKE-256, BLAKE-3, and truncated SHA-256 HMAC. There is no way to key SHAKE-256, and BLAKE-3 is only implemented in Rust in PyPI and may not even be added to Python 3.10. Therefore truncated SHA-256 is the only remaining option, if not a perfect one
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-ponymail-foal] Humbedooh merged pull request #30: Update DKIM-ID

Posted by GitBox <gi...@apache.org>.

Humbedooh merged pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-ponymail-foal] Humbedooh commented on pull request #30: Update DKIM-ID

Posted by GitBox <gi...@apache.org>.

Humbedooh commented on pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30#issuecomment-852735357


   I'll look into updating our unit tests for this, looks good at a first glance.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-ponymail-foal] sbp commented on pull request #30: Update DKIM-ID

Posted by GitBox <gi...@apache.org>.

sbp commented on pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30#issuecomment-852912910


   Rebased onto master.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-ponymail-foal] sbp commented on pull request #30: Update DKIM-ID

Posted by GitBox <gi...@apache.org>.

sbp commented on pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30#issuecomment-852902656


   I added a commit to this branch to fix another bug, but split it out into PR #32 instead, hence the force push from 2768570 to cfb89dc.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-ponymail-foal] Humbedooh merged pull request #30: Update DKIM-ID

Posted by GitBox <gi...@apache.org>.

Humbedooh merged pull request #30:
URL: https://github.com/apache/incubator-ponymail-foal/pull/30


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org