You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Benny Pedersen <me...@junc.eu> on 2015/01/10 22:01:34 UTC
possible bug in Mail::DKIM when keysize is under 1024 bits
opendkim have minimal keysize of 1024, else its considered invalid, so i
am asking should Mail::DKIM follow this as valid or invalid even if the
key check is PASS ?
this leads to spamassassin VALID, but opendkim testing INVALID
hmm
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Robert Schetterer <rs...@sys4.de>.
Am 11.01.2015 um 18:16 schrieb Kevin A. McGrail:
> On 1/10/2015 4:01 PM, Benny Pedersen wrote:
>> opendkim have minimal keysize of 1024, else its considered invalid, so
>> i am asking should Mail::DKIM follow this as valid or invalid even if
>> the key check is PASS ?
>>
>> this leads to spamassassin VALID, but opendkim testing INVALID
>>
>> hmm
>
> A quick Google search brings up this
> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
>
> It's a recommendation not a requirement so the pass even when lower than
> 1024 is accurate.
>
> Regards,
> KAM
however lets wait for error reports with keysize bigger then 1024, 2048
by so called smtp inspection features on some gateway and fireway
products *g
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 1/12/2015 10:25 PM, Franck Martin wrote:
> Seems the score for key <1024 needs to oppose the DKIM score so the
> end result is zero.
That's an interesting idea but I think the project is likely to make the
rule available with a minimal score for the admin to decide.
We are working more and more with DKIM every day so hopefully we won't
see many 512byte signs anyway.
regards,
KAM
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Franck Martin <fm...@linkedin.com>.
On Jan 12, 2015, at 4:58 PM, Mark Martinec <Ma...@ijs.si> wrote:
>> On January 12, 2015 8:06:00 AM EST, Mark Martinec
>>> It would be wrong to assign score to short keys.
>
> Kevin A. McGrail wrote:
>> Actually the rfc specifies that keys 512 to 2048 bits must be verified
>> so I think there is a grey area and there is this long-lived key
>> caveat as well.
>
>> I think if we can make a rule that fires on <1024 bits it's would be
>> good.
>
> Fine with me.
>
>> The score may not be much but it could be helpful.
>
> A message with a valid signature but a short DKIM key cannot be
> scored more severely than an unsigned message, or a message with
> an invalid signature - none these are currently assigned
> any score.
>
Seems the score for key <1024 needs to oppose the DKIM score so the end result is zero.
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Mark Martinec <Ma...@ijs.si>.
> On January 12, 2015 8:06:00 AM EST, Mark Martinec
>> It would be wrong to assign score to short keys.
Kevin A. McGrail wrote:
> Actually the rfc specifies that keys 512 to 2048 bits must be verified
> so I think there is a grey area and there is this long-lived key
> caveat as well.
> I think if we can make a rule that fires on <1024 bits it's would be
> good.
Fine with me.
> The score may not be much but it could be helpful.
A message with a valid signature but a short DKIM key cannot be
scored more severely than an unsigned message, or a message with
an invalid signature - none these are currently assigned
any score.
Mark
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
Actually the rfc specifies that keys 512 to 2048 bits must be verified so I think there is a grey area and there is this long-lived key caveat as well.
I think if we can make a rule that fires on <1024 bits it's would be good. The score may not be much but it could be helpful.
Regards,
KAM
On January 12, 2015 8:06:00 AM EST, Mark Martinec
>It would be wrong to assign score to short keys.
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Mark Martinec <Ma...@ijs.si>.
>> On Jan 11, 2015, at 3:40 PM, Kevin A. McGrail <KM...@PCCC.com>
>> wrote:
>> I disagree as well. You can't cherry pick your quotes and you are
>> missing
> the long-lived caveat as well as the next sentence: Verifiers MUST be
> able
> to validate signatures with keys ranging from 512 bits to 2048 bits
>> If it is 512 to 2048, I think the rfc is clear for recipients.
>
> Gmail and a few others have decided to behave like if there was no
> DKIM signature if the key <1024. Because today nearly anyone can crack
> a 512bits DKIM key and just for a few dollars.
The only value of a DKIM signature is for a signer to prove
that some message originated from his domain. If some ignorant but
important signer choses a short signing key, it is risking that
recipients will ignore the signature and treat mail as unsigned,
and it is risking that someone could fake their mail. It's their
choice, and the risk is theirs too. By now, practically no important
sending domain is using keys shorter than 1024 bits.
Such mail signed with a short key may still carry a valid DKIM
signature. It would be inappropriate *not* to trigger a DKIM_VALID
rule, its score is almost zero. An entirely different question is
whether a recipient wants to trust such short key for whitelisting
or not.
The default DKIM-based whitelist as it comes with SpamAssassin
distribution (or with rule updates) does not contain any domain
that signs their mail with a short key (last time I checked).
So the original concern with this thread is weak.
If a local site decides to whitelist additional domain based
on their short DKIM signing key, its entirely their decision.
If whitelisting is really needed, it's probably still better
to whitelist based on a weak DKIM signature, then whitelist
based on some other weaker information (like a From address,
SPF with a too-wide set of allowed addresses, or guessing on
an IP address in a Received header field).
In my opinion it would be wrong to prevent a local site
administrator from doing that. The RFC only says the key must
be at least 1024 bits long. but does not tell a recipient
how to treat a message which breaks that requirement.
Franck Martin wrote:
> spamassassin could add positive points if the key <1024
A message with a short but valid DKIM key is no worse than an
unsigned message. It would be wrong to assign score to short keys.
What may be useful is to update the DKIM plugin so that it disregards
signatures with a short key for whitelisting purposes. It may also
be useful to add additional rules (score zero) to indicate ranges
of a key size, which could then be used in meta rules when desired.
Mark
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 1/11/2015 10:04 PM, Franck Martin wrote:
>> On Jan 11, 2015, at 3:40 PM, Kevin A. McGrail <KM...@PCCC.com> wrote:
>>
>> I disagree as well. You can't cherry pick your quotes and you are missing the long-lived caveat as well as the next sentence: Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits
>>
>> If it is 512 to 2048, I think the rfc is clear for recipients.
> Gmail and a few others have decided to behave like if there was no DKIM signature if the key <1024. Because today nearly anyone can crack a 512bits DKIM key and just for a few dollars.
>
> spamassassin could add positive points if the key <1024
I would likely accept and commit a patch that does if you want to work
on the issue.
regards,
KAM
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Franck Martin <fm...@linkedin.com>.
> On Jan 11, 2015, at 3:40 PM, Kevin A. McGrail <KM...@PCCC.com> wrote:
>
> I disagree as well. You can't cherry pick your quotes and you are missing the long-lived caveat as well as the next sentence: Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits
>
> If it is 512 to 2048, I think the rfc is clear for recipients.
Gmail and a few others have decided to behave like if there was no DKIM signature if the key <1024. Because today nearly anyone can crack a 512bits DKIM key and just for a few dollars.
spamassassin could add positive points if the key <1024
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
I disagree as well. You can't cherry pick your quotes and you are missing the long-lived caveat as well as the next sentence: Verifiers MUST be able to validate signatures with keys ranging from 512 bits to 2048 bits
If it is 512 to 2048, I think the rfc is clear for recipients.
Regards,
KAM
On January 11, 2015 3:40:42 PM EST, "A. Schulze" <sc...@andreasschulze.de> wrote:
>
>Kevin A. McGrail:
>
>> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
>>
>> It's a recommendation not a requirement so the pass even when lower
>> than 1024 is accurate.
>
>I disagree.
>
>Lauras article is more then two years old. But since more then 4 years
>
>( Sep 2011 )
>RFC 6376 say very clear: "Signers MUST use RSA keys of at least 1024
>bits ..."
>( https://tools.ietf.org/html/rfc6376#section-3.3.3 )
>
>Andreas
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "A. Schulze" <sc...@andreasschulze.de>.
Kevin A. McGrail:
> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
>
> It's a recommendation not a requirement so the pass even when lower
> than 1024 is accurate.
I disagree.
Lauras article is more then two years old. But since more then 4 years
( Sep 2011 )
RFC 6376 say very clear: "Signers MUST use RSA keys of at least 1024 bits ..."
( https://tools.ietf.org/html/rfc6376#section-3.3.3 )
Andreas
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 1/11/2015 12:45 PM, Benny Pedersen wrote:
> Kevin A. McGrail skrev den 2015-01-11 18:16:
>
>> A quick Google search brings up this
>> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
>>
>> It's a recommendation not a requirement so the pass even when lower
>> than 1024 is accurate.
>
> bug created, https://sourceforge.net/p/opendkim/bugs/215/
>
> but i still think Mail::DKIM is at fault
>
> can spamassassin change to warn on small keysize ?
It only warns the recipient who can do nothing about the issue really.
Regards,
KAM
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by Benny Pedersen <me...@junc.eu>.
Kevin A. McGrail skrev den 2015-01-11 18:16:
> A quick Google search brings up this
> https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
>
> It's a recommendation not a requirement so the pass even when lower
> than 1024 is accurate.
bug created, https://sourceforge.net/p/opendkim/bugs/215/
but i still think Mail::DKIM is at fault
can spamassassin change to warn on small keysize ?
Re: possible bug in Mail::DKIM when keysize is under 1024 bits
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 1/10/2015 4:01 PM, Benny Pedersen wrote:
> opendkim have minimal keysize of 1024, else its considered invalid, so
> i am asking should Mail::DKIM follow this as valid or invalid even if
> the key check is PASS ?
>
> this leads to spamassassin VALID, but opendkim testing INVALID
>
> hmm
A quick Google search brings up this
https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
It's a recommendation not a requirement so the pass even when lower than
1024 is accurate.
Regards,
KAM