DKIM Crypto Update

The information below is for an older proposed charter
Document Proposed charter DKIM Crypto Update WG (dcrup) Snapshot
Title DKIM Crypto Update
Last updated 2017-04-26
State External Review (Message to Community, Selected by Secretariat)
WG State Concluded
IESG Responsible AD Alexey Melnikov
Charter Edit AD Alexey Melnikov
Send notices to (None)


The DKIM Crypto Update (DCRUP) Working Group is chartered to update
DomainKeys Identified Mail (DKIM, RFC 6376) to handle more modern cryptographic
algorithms and key sizes. DKIM (RFC 6376) signatures include a tag that
identifies the hash algorithm and signing algorithm used in the signature. The
only current algorithm is RSA, with advice that signing keys should be between
1024 and 2048 bits. While 1024 bit signatures are common, longer signatures are
not because bugs in DNS provisioning software prevent publishing longer keys as
DNS TXT records.

DCRUP will consider three types of changes to DKIM: additional signing
algorithms such as those based on elliptic curves, changes to key
strength advice and requirements, and new public key forms, such as
putting the public key in the signature and a hash of the key in the
DNS to bypass bugs in DNS provisioning software that prevent publishing
longer keys as DNS TXT records.  It will limit itself to existing
implemented algorithms and key forms. Other changes to DKIM, such as new
message canonicalization schemes, are out of scope.  The WG will as far as
possible avoid changes incompatible with deployed DKIM signers and